From d3e9b747dedb9b5b8695738cda3eac2666eb89ab Mon Sep 17 00:00:00 2001 From: Eugene Dementyev Date: Thu, 6 Oct 2022 21:45:27 +1300 Subject: [PATCH 1/5] Add storage_account parameter to Azure Blob Storage backend to use cli auth Related to https://github.com/pulumi/pulumi/pull/10900 Related to https://github.com/google/go-cloud/pull/3159 --- .../default/content/docs/intro/concepts/state.md | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/themes/default/content/docs/intro/concepts/state.md b/themes/default/content/docs/intro/concepts/state.md index 46f2fd3c623..e017dd34fa0 100644 --- a/themes/default/content/docs/intro/concepts/state.md +++ b/themes/default/content/docs/intro/concepts/state.md @@ -80,7 +80,7 @@ For details on the various backend URL formats and options, please see the follo - [Pulumi Self-Hosted Service](#logging-into-a-self-hosted-pulumi-service-backend) - [Local Filesystem](#logging-into-the-local-filesystem-backend) - [AWS S3 (or compatible server)](#logging-into-the-aws-s3-backend) -- [Azure Blob Storage](#logging-into-the-azure-blob-storage-backend) +- [Azure Blob Storage](#logging-into-the-azure-blob-storage-backend-using-the-env-vars) - [Google Cloud Storage](#logging-into-the-google-cloud-storage-backend) If you forget to log in, you will be automatically prompted to do so before you do anything that requires stacks or state. @@ -187,7 +187,7 @@ This backend also supports [alternative object storage servers with AWS S3 compa $ pulumi login s3://?endpoint=my.minio.local:8080&disableSSL=true&s3ForcePathStyle=true ``` -##### Logging Into the Azure Blob Storage Backend +##### Logging Into the Azure Blob Storage Backend using the env vars To use the [Azure Blob Storage](https://azure.microsoft.com/en-us/services/storage/blobs/) backend, pass the `azblob://` as your ``: @@ -197,6 +197,18 @@ $ pulumi login azblob:// To tell Pulumi what Azure storage account to use, set the `AZURE_STORAGE_ACCOUNT` environment variable. Also, set either `AZURE_STORAGE_KEY` or `AZURE_STORAGE_SAS_TOKEN` to authorize access. For additional configuration options, see [Azure Setup]({{< relref "/registry/packages/azure/installation-configuration" >}}). If you're new to Azure Blob Storage, see [the Azure documentation](https://docs.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-cli). +##### Logging Into the Azure Blob Storage Backend using az cli authentication (as of Pulumi 3.41.1) + +Similarly, one can implicitly use az cli authentication by defining the storage account in the URL like so: + +```sh +$ pulumi login azblob://?storage_account=account_name +``` + +{{% notes type="info"%}} +Make sure you have "Storage Blob Data Contributor" role assigned to you in IAM. Just having "Owner" is not enough, as that is a "management"-type of role. +{{% /notes %}} + ##### Logging Into the Google Cloud Storage Backend To use the [Google Cloud Storage](https://cloud.google.com/storage/) backend pass the `gs://` as your ``: From ed40e2786f528238bc3bdffcf79ab5910e06ed89 Mon Sep 17 00:00:00 2001 From: Eugene Dementyev Date: Tue, 11 Oct 2022 10:46:47 +1300 Subject: [PATCH 2/5] Update themes/default/content/docs/intro/concepts/state.md Co-authored-by: Aaron Friel --- themes/default/content/docs/intro/concepts/state.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/themes/default/content/docs/intro/concepts/state.md b/themes/default/content/docs/intro/concepts/state.md index e017dd34fa0..683d60d3119 100644 --- a/themes/default/content/docs/intro/concepts/state.md +++ b/themes/default/content/docs/intro/concepts/state.md @@ -80,7 +80,7 @@ For details on the various backend URL formats and options, please see the follo - [Pulumi Self-Hosted Service](#logging-into-a-self-hosted-pulumi-service-backend) - [Local Filesystem](#logging-into-the-local-filesystem-backend) - [AWS S3 (or compatible server)](#logging-into-the-aws-s3-backend) -- [Azure Blob Storage](#logging-into-the-azure-blob-storage-backend-using-the-env-vars) +- [Azure Blob Storage](#logging-into-the-azure-blob-storage-backend) - [Google Cloud Storage](#logging-into-the-google-cloud-storage-backend) If you forget to log in, you will be automatically prompted to do so before you do anything that requires stacks or state. From 322ccbcfe4585675d11b515ec596a4c2721c637c Mon Sep 17 00:00:00 2001 From: Eugene Dementyev Date: Tue, 11 Oct 2022 10:47:30 +1300 Subject: [PATCH 3/5] Update themes/default/content/docs/intro/concepts/state.md Co-authored-by: Aaron Friel --- themes/default/content/docs/intro/concepts/state.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/themes/default/content/docs/intro/concepts/state.md b/themes/default/content/docs/intro/concepts/state.md index 683d60d3119..e5bab14520b 100644 --- a/themes/default/content/docs/intro/concepts/state.md +++ b/themes/default/content/docs/intro/concepts/state.md @@ -206,7 +206,7 @@ $ pulumi login azblob://?storage_account=account_name ``` {{% notes type="info"%}} -Make sure you have "Storage Blob Data Contributor" role assigned to you in IAM. Just having "Owner" is not enough, as that is a "management"-type of role. +The Azure account must have the [Storage Blob Data Contributor role](https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#storage-blob-data-contributor) or an equivalent role with permissions to read, write, and delete blobs. {{% /notes %}} ##### Logging Into the Google Cloud Storage Backend From 6cd46ce6df85fd3c433992c2f03b770f5d3c575f Mon Sep 17 00:00:00 2001 From: Eugene Dementyev Date: Tue, 11 Oct 2022 10:47:44 +1300 Subject: [PATCH 4/5] Update themes/default/content/docs/intro/concepts/state.md Co-authored-by: Aaron Friel --- themes/default/content/docs/intro/concepts/state.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/themes/default/content/docs/intro/concepts/state.md b/themes/default/content/docs/intro/concepts/state.md index e5bab14520b..b8fd8ba62b0 100644 --- a/themes/default/content/docs/intro/concepts/state.md +++ b/themes/default/content/docs/intro/concepts/state.md @@ -197,14 +197,15 @@ $ pulumi login azblob:// To tell Pulumi what Azure storage account to use, set the `AZURE_STORAGE_ACCOUNT` environment variable. Also, set either `AZURE_STORAGE_KEY` or `AZURE_STORAGE_SAS_TOKEN` to authorize access. For additional configuration options, see [Azure Setup]({{< relref "/registry/packages/azure/installation-configuration" >}}). If you're new to Azure Blob Storage, see [the Azure documentation](https://docs.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-cli). -##### Logging Into the Azure Blob Storage Backend using az cli authentication (as of Pulumi 3.41.1) - -Similarly, one can implicitly use az cli authentication by defining the storage account in the URL like so: +{{% notes type="info"%}} +As of Pulumi CLI v3.41.1, instead of the environment variables above, Azure CLI authentication may be used by specifying the storage account in the URL like so after using `az login`: ```sh $ pulumi login azblob://?storage_account=account_name ``` +{{% /notes %}} + {{% notes type="info"%}} The Azure account must have the [Storage Blob Data Contributor role](https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#storage-blob-data-contributor) or an equivalent role with permissions to read, write, and delete blobs. {{% /notes %}} From 1cbb7a6270dd563aca941f821c5aa372d5883fb7 Mon Sep 17 00:00:00 2001 From: Aaron Friel Date: Mon, 10 Oct 2022 14:52:56 -0700 Subject: [PATCH 5/5] Update themes/default/content/docs/intro/concepts/state.md --- themes/default/content/docs/intro/concepts/state.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/themes/default/content/docs/intro/concepts/state.md b/themes/default/content/docs/intro/concepts/state.md index b8fd8ba62b0..b7aab99b014 100644 --- a/themes/default/content/docs/intro/concepts/state.md +++ b/themes/default/content/docs/intro/concepts/state.md @@ -187,7 +187,7 @@ This backend also supports [alternative object storage servers with AWS S3 compa $ pulumi login s3://?endpoint=my.minio.local:8080&disableSSL=true&s3ForcePathStyle=true ``` -##### Logging Into the Azure Blob Storage Backend using the env vars +##### Logging Into the Azure Blob Storage Backend To use the [Azure Blob Storage](https://azure.microsoft.com/en-us/services/storage/blobs/) backend, pass the `azblob://` as your ``: