Skip to content

Commit 5e3dd5f

Browse files
drewgilliesdrewgillies
committed
Use MSI for storage access in GitHubVulnerabilities2Db
1 parent 1f8f302 commit 5e3dd5f

1 file changed

Lines changed: 6 additions & 4 deletions

File tree

  • src/GitHubVulnerabilities2Db

src/GitHubVulnerabilities2Db/Job.cs

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66
using System.Threading;
77
using System.Threading.Tasks;
88
using Autofac;
9+
using Azure.Identity;
910
using Azure.Storage.Blobs;
1011
using GitHubVulnerabilities2Db.Configuration;
1112
using GitHubVulnerabilities2Db.Fakes;
@@ -31,6 +32,7 @@ namespace GitHubVulnerabilities2Db
3132
{
3233
public class Job : JsonConfigurationJob, IDisposable
3334
{
35+
private const string ManagedIdentityClientIdKey = "UserManagedIdentityClientId";
3436
private readonly HttpClient _client = new HttpClient();
3537

3638
public override async Task Run()
@@ -59,7 +61,7 @@ protected override void ConfigureAutofacServices(ContainerBuilder containerBuild
5961

6062
ConfigureQueryServices(containerBuilder);
6163
ConfigureIngestionServices(containerBuilder);
62-
ConfigureCollectorServices(containerBuilder);
64+
ConfigureCollectorServices(containerBuilder, configurationRoot);
6365
}
6466

6567
protected void ConfigureIngestionServices(ContainerBuilder containerBuilder)
@@ -159,14 +161,14 @@ protected void ConfigureQueryServices(ContainerBuilder containerBuilder)
159161
.As<IAdvisoryQueryService>();
160162
}
161163

162-
protected void ConfigureCollectorServices(ContainerBuilder containerBuilder)
164+
protected void ConfigureCollectorServices(ContainerBuilder containerBuilder, IConfigurationRoot configurationRoot)
163165
{
164166
containerBuilder
165167
.Register(ctx =>
166168
{
167169
var config = ctx.Resolve<GitHubVulnerabilities2DbConfiguration>();
168-
var connectionString = AzureStorageFactory.PrepareConnectionString(config.StorageConnectionString);
169-
return new BlobServiceClient(connectionString);
170+
var credential = new ManagedIdentityCredential(configurationRoot[ManagedIdentityClientIdKey]);
171+
return new BlobServiceClient(new Uri(config.StorageConnectionString), credential);
170172
})
171173
.As<BlobServiceClient>();
172174

0 commit comments

Comments
 (0)