Code Monkey home page Code Monkey logo

fn-sas-url-mngd-identity's Introduction

Valet key pattern - Managed Identity between Azure Functions and Azure Storage

Valet Key pattern

Use a token that provides clients with restricted direct access to a specific resource, in order to offload data transfer from the application.

alt txt

Implementation using Azure function

The Azure function sample returns a SAS Url for a given blob(file) in Azure Storage by using Managed Identity. The code uses UserDelegationKey to generate the SAS token (required when using Managed Identity).

alt txt

The permission and connectivity to the target storage account is controlled by the Identity and RBAC assignments in the associated Active Directory. The function makes the following calls behind the scenes to get the token & then uses the token to generate the SAS token for the blob in the Storage Account.

alt txt

The managed identity used in this scenario is System Assigned Managed Identity which is enabled on the Azure Function.

alt txt

Clicking the Azure role assignments button will show its assignment and permissions to the storage account that are to be granted.

alt txt

Run this on Azure

  • Create a function App on Azure
  • Enable system assigned managed identity
  • Create a Storage Account & create a container in it
  • Assign roles to the managed identity on the storage account as per the documentation below
  • Deploy the code to the function app on Azure

Get the function URL & then, add a new URL parameter blobUri that is the full http URL to your target blob. It will look something like this:

https://<basename from deployment>.blob.core.windows.net/sample/<filename you uploaded>

# sample curl request
curl "https://fn-valet-key.azurewebsites.net/api/getsasurl?code=xxxxxxx&blobUri=https://saabhiimages.blob.core.windows.net/images/betta-fish.png"

# sample response
https://fn_____.blob.core.windows.net/sample/my.file?skoid=......pxLSpVwuML%2B3UXrxBmC6XGA%3D

Reference architecture & implementation

alt txt

Refer github repo for complete implementation.

References

fn-sas-url-mngd-identity's People

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.