From 19ff1e17b1199f1d3984eac0ba54cb0ed3c93ebf Mon Sep 17 00:00:00 2001 From: Marc Sensenich Date: Thu, 24 Oct 2024 18:33:04 -0400 Subject: [PATCH] docs(azure_blob sink): Clarify SAS connection_string support (#21611) Update Azure blob storage sink connection_string documentation to show SAS is supported Closes #15394 --- src/sinks/azure_blob/config.rs | 16 +++++++++++++++- .../components/sinks/base/azure_blob.cue | 15 +++++++++++++-- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/src/sinks/azure_blob/config.rs b/src/sinks/azure_blob/config.rs index bdf1182f384ee..9d3df438ff625 100644 --- a/src/sinks/azure_blob/config.rs +++ b/src/sinks/azure_blob/config.rs @@ -42,12 +42,26 @@ impl TowerRequestConfigDefaults for AzureBlobTowerRequestConfigDefaults { pub struct AzureBlobSinkConfig { /// The Azure Blob Storage Account connection string. /// - /// Authentication with access key is the only supported authentication method. + /// Authentication with an access key or shared access signature (SAS) + /// are supported authentication methods. If using a non-account SAS, + /// healthchecks will fail and will need to be disabled by setting + /// `healthcheck.enabled` to `false` for this sink + /// + /// When generating an account SAS, the following are the minimum required option + /// settings for Vector to access blob storage and pass a health check. + /// | Option | Value | + /// | ---------------------- | ------------------ | + /// | Allowed services | Blob | + /// | Allowed resource types | Container & Object | + /// | Allowed permissions | Read & Create | /// /// Either `storage_account`, or this field, must be specified. #[configurable(metadata( docs::examples = "DefaultEndpointsProtocol=https;AccountName=mylogstorage;AccountKey=storageaccountkeybase64encoded;EndpointSuffix=core.windows.net" ))] + #[configurable(metadata( + docs::examples = "BlobEndpoint=https://mylogstorage.blob.core.windows.net/;SharedAccessSignature=generatedsastoken" + ))] pub connection_string: Option, /// The Azure Blob Storage Account name. diff --git a/website/cue/reference/components/sinks/base/azure_blob.cue b/website/cue/reference/components/sinks/base/azure_blob.cue index 147a65125f54f..05e980c328bcf 100644 --- a/website/cue/reference/components/sinks/base/azure_blob.cue +++ b/website/cue/reference/components/sinks/base/azure_blob.cue @@ -149,12 +149,23 @@ base: components: sinks: azure_blob: configuration: { description: """ The Azure Blob Storage Account connection string. - Authentication with access key is the only supported authentication method. + Authentication with an access key or shared access signature (SAS) + are supported authentication methods. If using a non-account SAS, + healthchecks will fail and will need to be disabled by setting + `healthcheck.enabled` to `false` for this sink + + When generating an account SAS, the following are the minimum required option + settings for Vector to access blob storage and pass a health check. + | Option | Value | + | ---------------------- | ------------------ | + | Allowed services | Blob | + | Allowed resource types | Container & Object | + | Allowed permissions | Read & Create | Either `storage_account`, or this field, must be specified. """ required: false - type: string: examples: ["DefaultEndpointsProtocol=https;AccountName=mylogstorage;AccountKey=storageaccountkeybase64encoded;EndpointSuffix=core.windows.net"] + type: string: examples: ["DefaultEndpointsProtocol=https;AccountName=mylogstorage;AccountKey=storageaccountkeybase64encoded;EndpointSuffix=core.windows.net", "BlobEndpoint=https://mylogstorage.blob.core.windows.net/;SharedAccessSignature=generatedsastoken"] } container_name: { description: "The Azure Blob Storage Account container name."