From 75a8e81f8fdf622d9e891d603affabaeee78f913 Mon Sep 17 00:00:00 2001 From: Anis Elleuch Date: Tue, 24 Nov 2020 01:45:56 +0100 Subject: [PATCH] azure: Specify different Azure storage in the shell env (#10943) AZURE_STORAGE_ACCOUNT and AZURE_STORAGE_KEY are used in azure CLI to specify the azure blob storage access & secret keys. With this commit, it is possible to set them if you want the gateway's own credentials to be different from the Azure blob credentials. Co-authored-by: Harshavardhana --- cmd/gateway/azure/gateway-azure.go | 10 ++++++++++ docs/gateway/azure.md | 4 ++++ 2 files changed, 14 insertions(+) diff --git a/cmd/gateway/azure/gateway-azure.go b/cmd/gateway/azure/gateway-azure.go index eeee5ef4c..035d2b53d 100644 --- a/cmd/gateway/azure/gateway-azure.go +++ b/cmd/gateway/azure/gateway-azure.go @@ -173,6 +173,16 @@ func (g *Azure) Name() string { // NewGatewayLayer initializes azure blob storage client and returns AzureObjects. func (g *Azure) NewGatewayLayer(creds auth.Credentials) (minio.ObjectLayer, error) { + var err error + + // Override credentials from the Azure storage environment variables if specified + if acc, key := env.Get("AZURE_STORAGE_ACCOUNT", creds.AccessKey), env.Get("AZURE_STORAGE_KEY", creds.SecretKey); acc != "" && key != "" { + creds, err = auth.CreateCredentials(acc, key) + if err != nil { + return nil, err + } + } + endpointURL, err := parseStorageEndpoint(g.host, creds.AccessKey) if err != nil { return nil, err diff --git a/docs/gateway/azure.md b/docs/gateway/azure.md index 060969962..cd0b90ef9 100644 --- a/docs/gateway/azure.md +++ b/docs/gateway/azure.md @@ -36,6 +36,10 @@ mc ls myazure [2017-02-26 22:10:11 PST] 0B test-container1/ ``` +### Use custom access/secret keys + +If you do not want to share the credentials of the Azure blob storage with your users/applications, you can set the original credentials in the shell environment using `AZURE_STORAGE_ACCOUNT` and `AZURE_STORAGE_KEY` variables and assign different access/secret keys to `MINIO_ACCESS_KEY` and `MINIO_SECRET_KEY`. + ### Known limitations Gateway inherits the following Azure limitations: