This sample shows how to access Storage Blob with managed identity in Azure Spring Apps.
You need include ManagedIdentityCredentialBuilder and BlobServiceClientBuilder in your code. In this sample project, you could refer to MainController.java.
- JDK 8
- Maven 3.0 and above
- Azure CLI or Azure Cloud Shell
- An existing Storage account. If you need to create a Storage account , you can use the Azure Portal or Azure CLI
- Run
mvn clean package
after specifying the storage account and container in application.properties. - Install Azure CLI extension for Azure Spring Apps by running below command.
az extension add -y --source https://azureclitemp.blob.core.windows.net/spring-cloud/spring_cloud-0.1.0-py2.py3-none-any.whl
- Create an instance of Azure Spring Apps.
az spring-cloud create -n <resource name> -g <resource group name>
- Create an app with public domain assigned.
az spring-cloud app create -n <app name> -s <resource name> -g <resource group name> --is-public true
- Enable system-assigned managed identity for your app and take note of the principal id from the command output.
az spring-cloud app identity assign -n <app name> -s <resource name> -g <resource group name>
- Grant permission of Storage Account to the system-assigned managed identity.
az role assignment create --assignee <principal-id-you-got-in-step5> --role "Storage Blob Data Contributor" --scope <resource-id-of-storage-account>
- Deploy app with jar.
az spring-cloud app deploy -n <app name> -s <resource name> -g <resource group name> --jar-path ./target/asc-managed-identity-storage-blob-sample-0.1.0.jar
- Verify app is running. Instances should have status
RUNNING
and discoveryStatusUP
.az spring-cloud app show -n <app name> -s <resource name> -g <resource group name>
- Verify sample is working. The url is fetched from previous step.
# Upload data to blob curl -X PUT {url}/blob/{blob-name}?content={value} # Get the content of blob-name curl {url}/blob/{blob-name} # return the blob content you just uploaded before