Skip to content

Upgrade Azure Storage SDK, allow use of default credential #577

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Upgrade Azure Storage SDK, allow use of default credential #577

wants to merge 1 commit into from

Conversation

hauntsaninja
Copy link

This is mostly just a rebased version of #459

I also add support for the default Azure credential flow

Co-authored-by: ItalyPaleAle

@thecoldwine
Copy link

@benbjohnson that is a good patch.

Essentially, it allows Litestream to function with the workload identity, so operations won't need to rotate the key and could utilise the OIDC from Microsoft Entra in K8s or VM deployments.

@corylanou corylanou mentioned this pull request Jul 31, 2025
Closed
40 tasks
corylanou added a commit that referenced this pull request Aug 13, 2025
@corylanou @claude
feat: enhance AWS SDK v2 with improvements from Azure SDK upgrade
c00143b 
Inspired by PR #577 (Azure SDK upgrade), this commit adds several
improvements to the AWS SDK v2 implementation:

- Add User-Agent header 'litestream' for telemetry tracking
- Set 24-hour timeout for long-running operations (matches Azure approach)
- Increase retry attempts from 3 to 10 with adaptive retry mode
- Document AWS default credential chain support
- Ensure consistent HTTP client timeout configuration

These changes improve resilience, observability, and documentation
while maintaining compatibility with various AWS authentication methods.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
@corylanou corylanou mentioned this pull request Aug 13, 2025
Merged
corylanou added a commit that referenced this pull request Aug 14, 2025
@corylanou @claude
feat: upgrade Azure SDK from track 1 to track 2
e2d2cbe 
Migrates Azure Blob Storage client from deprecated track 1 SDK to modern
track 2, implementing authentication improvements and patterns consistent
with the AWS SDK v2 upgrade.

## Key Changes

### SDK Migration
- Replace deprecated azure-storage-blob-go v0.15.0 with azure-sdk-for-go/sdk/storage/azblob v1.4.1
- Remove dependency on deprecated Azure pipeline packages
- Add azidentity for default credential chain support

### Authentication Enhancements
- Maintain existing shared key authentication (AccountName + AccountKey)
- Add Azure default credential chain support (similar to AWS SDK):
  - Environment variables (AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID)
  - Managed Identity (for Azure VMs, App Service, Functions, AKS)
  - Azure CLI credentials
  - Visual Studio Code credentials
- Preserve LITESTREAM_AZURE_ACCOUNT_KEY environment variable support

### Implementation Updates
- Convert from ContainerURL to modern Client pattern
- Update all blob operations to use new SDK methods:
  - UploadStream for writing
  - DownloadStream for reading
  - DeleteBlob for deletion
  - NewListBlobsFlatPager for listing
- Maintain 24-hour timeout for long-running operations
- Add retry configuration with 10 attempts and adaptive backoff
- Include "litestream" application ID for telemetry

### Iterator Consistency with S3
- Remove goroutine/channel-based iterator approach
- Implement direct pagination in Next() method (matching S3 pattern)
- Simplify state management with pager interface
- Maintain metrics integration and error handling

### Error Handling
- Update to use azcore.ResponseError for error checking
- Use bloberror package constants for specific error types
- Maintain backward compatibility for os.ErrNotExist

## Benefits
- Modern SDK with active support and regular updates
- Enhanced authentication options for better security
- Improved performance and reliability
- Better integration with Azure services
- Consistent patterns across storage backends (S3 and Azure)
- Future-proof for Azure authentication enhancements

## Testing
- All Go compilation checks pass
- All linters pass (go vet, staticcheck)
- Code formatting verified
- Maintains backward compatibility with existing configurations

Related to #459, #577
Fixes compatibility issues with deprecated Azure SDK

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
@corylanou corylanou mentioned this pull request Aug 14, 2025
Merged
6 tasks
@corylanou
Copy link
Collaborator

Thank you for rebasing #459! We appreciate the effort to keep this upgrade moving forward.

We've created a new implementation in #709 with:

  • Latest Azure SDK packages (v1.6.2)
  • Default credential chain support
  • Pattern consistency with our AWS SDK v2 implementation

Closing in favor of #709. Thanks for helping push this forward!

@corylanou corylanou closed this Aug 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hauntsaninja @thecoldwine @corylanou