I have gone through this article:- https://hix.dev/tutorials/ruby-on-rails/active-storage#azure-rails-configuration
Configuration on rails side
azure:
service: AzureStorage
storage_account_name: <%= ENV['AZURE_STORAGE_ACCOUNT_NAME'] %>
storage_access_key: <%= ENV['AZURE_STORAGE_ACCESS_KEY'] %>
container: <%= ENV['AZURE_STORAGE_CONTAINER'] %>
Also, I was following this article on connecting azure storage using Managed Identity. https://github.com/azure/azure-storage-ruby/tree/master/blob#access-token
So, I tried the below configuration
azure:
service: AzureStorage
storage_account_name: <%= VaultService.get_secret("AZURE-STORAGE::AZURE-STORAGE-ACCOUNT-NAME") %>
signer: <%= Storage::Azure::Client.get_token_signer %>
container: <%= VaultService.get_secret('AZURE-ATTACHMENTS-BUCKET-NAME') %>
To get signer value, I followed the above attached github link.
def self.get_token_signer
# https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/tutorial-windows-vm-access-storage-sas#get-an-access-token-using-the-vms-identity-and-use-it-to-call-azure-resource-manager
# https://github.com/azure/azure-storage-ruby/tree/master/blob#access-token
access_token = AzureAd::ManagedIdentityTokenProvider.new('https://storage.azure.com/', client_id: ENV['AKS_MANAGED_IDENTITY_ID']).get_authentication_header.split(' ').last
# Creating an instance of `Azure::Storage::Common::Core::TokenCredential`
token_credential = ::Azure::Storage::Common::Core::TokenCredential.new access_token
token_signer = ::Azure::Storage::Common::Core::Auth::TokenSigner.new token_credential
token_signer
end
AzureAd::ManagedIdentityTokenProvider, for that I have taken reference from this piece of code https://github.com/Azure/azure-sdk-for-ruby/blob/master/runtime/ms_rest_azure/lib/ms_rest_azure/credentials/msi_token_provider.rb
I am getting the following error
##[error]#38 6.433 Errno::ECONNREFUSED: Connection refused - connect(2) for "169.254.169.254" port 80
##[error]#38 6.433 /usr/lib/ruby/3.2.0/net/http.rb:1271:in `initialize'
##[error]#38 6.433 /usr/lib/ruby/3.2.0/net/http.rb:1271:in `open'
##[error]#38 6.433 /usr/lib/ruby/3.2.0/net/http.rb:1271:in `block in connect'
##[error]#38 6.433 /usr/local/bundle/gems/timeout-0.3.2/lib/timeout.rb:189:in `block in timeout'
##[error]#38 6.433 /usr/local/bundle/gems/timeout-0.3.2/lib/timeout.rb:196:in `timeout'
##[error]#38 6.433 /usr/lib/ruby/3.2.0/net/http.rb:1269:in `connect'
##[error]#38 6.433 /usr/local/bundle/gems/opentelemetry-instrumentation-net_http-0.19.4/lib/opentelemetry/instrumentation/net/http/patches/instrumentation.rb:59:in `block in connect'
##[error]#38 6.433 /usr/local/bundle/gems/opentelemetry-api-1.0.1/lib/opentelemetry/trace/tracer.rb:29:in `block in in_span'
##[error]#38 6.433 /usr/local/bundle/gems/opentelemetry-api-1.0.1/lib/opentelemetry/trace.rb:82:in `block in with_span'
##[error]#38 6.433 /usr/local/bundle/gems/opentelemetry-api-1.0.1/lib/opentelemetry/context.rb:87:in `with_value'
##[error]#38 6.433 /usr/local/bundle/gems/opentelemetry-api-1.0.1/lib/opentelemetry/trace/tracer.rb:29:in `in_span'
##[error]#38 6.433 /usr/local/bundle/gems/opentelemetry-instrumentation-net_http-0.19.4/lib/opentelemetry/instrumentation/net/http/patches/instrumentation.rb:58:in `connect'
##[error]#38 6.433 /usr/lib/ruby/3.2.0/net/http.rb:1248:in `do_start'
##[error]#38 6.433 /usr/lib/ruby/3.2.0/net/http.rb:1237:in `start'
Can anyone please help with this? Is it possible to connect active storage with the above method?
Unfortunately, Azure SDK for ruby is deprecated. For reference check this document.
Only Azure Storage SDK is currently working which will be available till September 2024, due to which it is not possible to get access token and authenticate with the Azure Active Directory. I don't think it is possible authorize using managed identity. For reference check this document.
AFAIK, Currently, only access key can be used to access storage account.
I am able to access using primary key and perform operations using access key.
My code
test.rb:OUTPUT: