This sample shows how to access Storage Blob with managed identity in Azure Spring Cloud.
You need include ManagedIdentityCredentialBuilder and BlobServiceClientBuilder in your code. In this sample project, you could refer to MainController.java.
- JDK 8
- Maven 3.0 and above
- Azure CLI or Azure Cloud Shell
- An existing Storage account. If you need to create a Storage account , you can use the Azure Portal or Azure CLI
- Run
mvn clean packageafter specifying the storage account and container in application.properties. - Install Azure CLI extension for Azure Spring Cloud by running below command.
az extension add -y --source https://azureclitemp.blob.core.windows.net/spring-cloud/spring_cloud-0.1.0-py2.py3-none-any.whl - Create an instance of Azure Spring Cloud.
az spring-cloud create -n <resource name> -g <resource group name> - Create an app with public domain assigned.
az spring-cloud app create -n <app name> -s <resource name> -g <resource group name> --is-public true - Enable system-assigned managed identity for your app and take note of the principal id from the command output.
az spring-cloud app identity assign -n <app name> -s <resource name> -g <resource group name> - Grant permission of Storage Account to the system-assigned managed identity.
az role assignment create --assignee <principal-id-you-got-in-step5> --role "Storage Blob Data Contributor" --scope <resource-id-of-storage-account> - Deploy app with jar.
az spring-cloud app deploy -n <app name> -s <resource name> -g <resource group name> --jar-path ./target/asc-managed-identity-storage-blob-sample-0.1.0.jar - Verify app is running. Instances should have status
RUNNINGand discoveryStatusUP.az spring-cloud app show -n <app name> -s <resource name> -g <resource group name> - Verify sample is working. The url is fetched from previous step.
# Upload data to blob curl -X PUT {url}/blob/{blob-name}?content={value} # Get the content of blob-name curl {url}/blob/{blob-name} # return the blob content you just uploaded before