storage account Archives

Posted on May 25, 2023May 25, 2023 by geralexgr — Leave a comment

ListBlob data from Storage account with Managed Identity – SDK for NET

There are many way to interact with a storage account in Azure. The first and easiest way would be to use a connection string which acts as credentials. However this approach does not follow best practices as you will need to hard code credentials or pass them as a parameter in your application. Based on the well architected framework the most reliable and secure way to communicate between resources in Azure would be the managed Identity and you can read more about how it works in the below URL.

Managed identities for Azure resources – Microsoft Entra | Microsoft Learn

The code provided in this article can be used to authenticate with Managed Identity in a storage account. Given that you have already provided the necessary RBAC between your services, you can use the below example code to list blobs in a storage account.

private static async Task ListBlobsFlatListing(BlobContainerClient blobContainerClient, 
                                               int? segmentSize)
{
    try
    {
        // Call the listing operation and return pages of the specified size.
        var resultSegment = blobContainerClient.GetBlobsAsync()
            .AsPages(default, segmentSize);

        // Enumerate the blobs returned for each page.
        await foreach (Page<BlobItem> blobPage in resultSegment)
        {
            foreach (BlobItem blobItem in blobPage.Values)
            {
                Console.WriteLine("Blob name: {0}", blobItem.Name);
            }

            Console.WriteLine();
        }
    }
    catch (RequestFailedException e)
    {
        Console.WriteLine(e.Message);
        Console.ReadLine();
        throw;
    }
}

https://learn.microsoft.com/en-us/azure/storage/blobs /storage-blobs-list

In order to authenticate with MI you will need to create a new BlobContainerClient with your storage-account-name and pass in the parameters the ManagedIdentity as the credentials method. Then you will be able to use your ListBlob function that is provided from Microsoft using the client previously created.

         BlobContainerClient client = new BlobContainerClient(new Uri($"https://storage-account-name.blob.core.windows.net/testing"), new ManagedIdentityCredential());

ListBlobsFlatListing(client, 1).GetAwaiter().GetResult();

After these steps you will be able to fetch data using Managed identity instead of classic authentication.

Posted on February 21, 2023February 21, 2023 by geralexgr — Leave a comment

Get blob files from azure storage account using python

You can use python SDK in order to retrieve blob files from a storage account on azure. First you will need to get your connection string for the storage account from the access keys section.

Then you can execute the below python code.

	import os, uuid
	from azure.identity import DefaultAzureCredential
	from azure.storage.blob import BlobServiceClient, BlobClient, ContainerClient

	connection_string = "CONNECTION_STRING"
	service = BlobServiceClient.from_connection_string(connection_string)

	try:
	account_info = service.get_account_information()
	print('Using Storage SKU: {}'.format(account_info['sku_name']))
	container_client = service.get_container_client("files")
	try:
	for blob in container_client.list_blobs():
	print("Found blob: ", blob.name)
	except ResourceNotFoundError:
	print("Container not found.")

	except Exception as ex:
	print('Exception:')
	print(ex)

view raw azure-storage-get-blobs-python hosted with ❤ by GitHub

As seen from the screenshots, I have a container named files

And inside the container I have a test.txt file.

By running the python script (in my case I added on a container) you will get the files inside the blob container.

Quickstart: Azure Blob Storage client library for Python – Azure Storage | Microsoft Learn

Posted on July 14, 2022July 16, 2022 by geralexgr — Leave a comment

Download and upload files on Blob storage using Azure DevOps

For some data processing scenarios I had to create an automation that would download some files from a storage account, perform actions on them (python, custom tools) and lastly upload the processed files again in the storage account.

A high level diagram is visible below:

In order to automate this scenario I used a custom devops agent on azure devops and assigned a managed identity on this agent (virtual machine) on the storage account in order to interact with it without using credentials.

Then I only used powershell and az cli to download and upload the files on the storage account.

The three pipeline tasks that are required to perform the upload, processing, download actions can be found below.

The json object is used to download a specific file based on the requirements for example the first entry on chronological order. This is why the sort-object -descending is used.

trigger:
- none

pool: mypool

steps:

- task: PowerShell@2
  displayName: download file from blob storage
  inputs:
    targetType: 'inline'
    script: |
      az login --identity
      $json = az storage blob list --container-name blobcontainer --account-name storageaccountname --prefix "folder1/subcategory" 
--auth-mode login | ConvertFrom-Json | Sort-Object -Descending { $_.properties.lastModified }
      $filename = "custom_name"
      az storage blob download --file  "C:\devopsdir\$filename" 
--name $json[0].name --container-name blobcontainer  
--account-name storageaccountname --auth-mode login
      Write-Host "##vso[task.setvariable variable=downloadfilename]$filename"
    pwsh: true


- task: PowerShell@2
  displayName: run python commands
  inputs:
    targetType: 'inline'
    script: |
      python $(Build.SourcesDirectory)/python/something.py	

- task: PowerShell@2
  displayName: upload file to storage account
  inputs:
    targetType: 'inline'
    script: |
      $name = "$(downloadfilename)" + "_" + (get-date -format "yyyyMMdd") 
      az storage blob upload --file "C:\devopsdir\$name" --name "folder1/subcategory/$name" --container-name blobcontainer  --account-name storageaccountname --auth-mode login

The result will be then uploaded on the storage account.

Posted on May 4, 2022May 4, 2022 by geralexgr — Leave a comment

Download latest file from blob storage through az cli

Given that you have a blob storage container with multiple files, you could download the most latest one easily with az cli

In my scenario I have a container named backups which includes multiple MS SQL backups. I wanted to download the latest in order to restore through a pipeline on SQL server.

In order to accomplish that you should first login with az cli.

az login

If this is not possible through automation you would have to create a managed identity for your resource. The code is uploaded on the below gist.

	$container_name_input = "backups"
	$sg_con_string = "XXX"
	$json = az storage blob list –container-name $container_name_input –connection-string $sg_con_string \| ConvertFrom-Json \| Sort-Object -Descending { $_.properties.CreationTime } \| Select-Object name
	az storage blob download –file $json[0].name –name $json[0].name –container-name $container_name_input –connection-string $sg_con_string

view raw download-latest-blob-storage-account-az-cli hosted with ❤ by GitHub

You should replace your connection string by getting yours under access keys.

If you remove descending date the default value would be Ascending.

By executing the script you will get a json output like the below: