Migrate AccountDeleter job to MSI storage account access (#10165)

drewgillies · web-flow · commit 1df257c2983f · 2024-09-02T07:10:24.000+10:00
Use MSI for storage account auth in AccountDeleter
diff --git a/src/AccountDeleter/Configuration/AccountDeleteConfiguration.cs b/src/AccountDeleter/Configuration/AccountDeleteConfiguration.cs
@@ -1,4 +1,4 @@
-﻿// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Collections.Generic;
@@ -27,6 +27,7 @@ public class AccountDeleteConfiguration
         /// </summary>
         public Dictionary<string, string> TemplateReplacements { get; set; }
 
+
         /// <summary>
         /// Storage container connection string where gallery content can be found
         /// </summary>
@@ -50,4 +51,4 @@ public SourceConfiguration GetSourceConfiguration(string source)
             throw new UnknownSourceException();
         }
     }
-}
+}
diff --git a/src/AccountDeleter/Job.cs b/src/AccountDeleter/Job.cs
@@ -1,4 +1,4 @@
-﻿// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -27,6 +27,7 @@
 using NuGetGallery.Features;
 using NuGetGallery.Infrastructure.Authentication;
 using NuGetGallery.Security;
+using ConfigConstants = NuGet.Services.Configuration.Constants;
 
 namespace NuGetGallery.AccountDeleter
 {
@@ -104,6 +105,13 @@ protected override void ConfigureJobServices(IServiceCollection services, IConfi
             services.AddScoped<ITelemetryClient, TelemetryClientWrapper>(
                 sp => TelemetryClientWrapper.UseTelemetryConfiguration(ApplicationInsightsConfiguration.TelemetryConfiguration));
 
+            services.AddScoped<ICloudBlobClient>(serviceProvider =>
+            {
+                var options = serviceProvider.GetRequiredService<IOptionsSnapshot<AccountDeleteConfiguration>>();
+                return CloudBlobClientWrapper.UsingMsi(options.Value.GalleryStorageConnectionString,
+                    configurationRoot[ConfigConstants.StorageManagedIdentityClientIdPropertyName]);
+            });
+
             ConfigureGalleryServices(services);
         }
 
@@ -160,14 +168,6 @@ protected void ConfigureGalleryServices(IServiceCollection services)
                     return new SupportRequestDbContext(connection);
                 });
 
-                services.AddScoped<ICloudBlobClient>(sp =>
-                {
-                    var options = sp.GetRequiredService<IOptionsSnapshot<AccountDeleteConfiguration>>();
-                    var optionsSnapshot = options.Value;
-
-                    return new CloudBlobClientWrapper(optionsSnapshot.GalleryStorageConnectionString, readAccessGeoRedundant: true);
-                });
-
                 services.AddScoped<ITelemetryService, TelemetryService>();
                 services.AddScoped<ISecurityPolicyService, SecurityPolicyService>();
                 services.AddScoped<IAppConfiguration, GalleryConfiguration>();
