java - How to access azure storage blob container having managed identity assigned from selenium automation code in local run an

admin管理员组

文章数量:1405186

We have some selenium java automation test scripts which access azure blob storage. Earlier with our automation scripts we used to access the storage containers via access key and then download the files present in those storage container in our local machine automation repository and run our automation test case. Now the development team has changed the access method from access key to managed identity and we are unable to access those storage blobs.

How can we access the azure storage blob with managed identity method from our selenium java automation code? We run our test cases in 1. local run and 2. github actions pipeline. In github actions pipeline run randomly a machine is allocated for running the scripts so looking for a way for both the runs.

Need help for:

1. how can we access azure storage blob with managed identity method during local automation run.
2. During github action pipeline run how can our selenium java automation test running on a randomly assigned machine access azure blob storage to download files

We have some selenium java automation test scripts which access azure blob storage. Earlier with our automation scripts we used to access the storage containers via access key and then download the files present in those storage container in our local machine automation repository and run our automation test case. Now the development team has changed the access method from access key to managed identity and we are unable to access those storage blobs.

How can we access the azure storage blob with managed identity method from our selenium java automation code? We run our test cases in 1. local run and 2. github actions pipeline. In github actions pipeline run randomly a machine is allocated for running the scripts so looking for a way for both the runs.

Need help for:

1. how can we access azure storage blob with managed identity method during local automation run.
2. During github action pipeline run how can our selenium java automation test running on a randomly assigned machine access azure blob storage to download files

• java
• selenium-webdriver
• automation
• azure-blob-storage
• azure-managed-identity

Share Improve this question Follow edited Mar 9 at 13:38 James Z 12.3k1010 gold badges2727 silver badges4747 bronze badges asked Mar 9 at 3:26 purva coderpurva coder 1111 bronze badge 2

• I do not think you can use managed identity to auth azure resources on local. But you can use managed identity in azure vm (or some computing resources, such as automaion runbook, functionApp or etc.) to get access to azure storage account. And the same reason, if you want github action pipline using managed identity, you should have azure vm machine in agent pool. – wenbo - Finding Job Commented Mar 10 at 6:15
• Check if below provided solution works for you? Let me know if I can be helpful here anyway with further input? – Venkatesan Commented Mar 11 at 8:26

Add a comment  | 

2 Answers 2

Sorted by: Reset to default 0

How to access azure storage blob container having managed identity assigned from selenium automation code in local run and github actions pipeline.

I agree with Wenbo's comment. Managed Identity is only available in Azure-hosted environments such as VMs, App Services, and Automation Runbooks. It cannot be used directly from a local machine or GitHub-hosted runners.

You can try using Wenbo's suggestion mentioned in the comment, or ask your development team to implement Microsoft Entra ID authentication

For local execution, you can use Azure CLI authentication or Service Principal authentication.

To create a Service Principal, you can refer to this Microsoft document.

Make sure to assign the Storage Blob Data Reader role to the user or Service Principal for the Storage account to allow file downloads from Blob Storage.

Code for Service principal Authentication:

import com.azure.identity.ClientSecretCredential;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.azure.storage.blob.BlobClient;
import com.azure.storage.blob.BlobServiceClient;
import com.azure.storage.blob.BlobServiceClientBuilder;
import com.azure.storage.blob.options.BlobDownloadToFileOptions;

public class App {

    public static void main(String[] args) {
        // Azure AD credentials
        String tenantId = "your-tenant-id";
        String clientId = "your-client-id";
        String clientSecret = "your-client-secret";

        String storageAccountName = "yourstorageaccount";
        String containerName = "your-container";
        String blobName = "your-blob.txt";
        String downloadFilePath = "downloaded_file.txt";

        String blobServiceUrl = String.format("https://%s.blob.core.windows", storageAccountName);

        ClientSecretCredential credential = new ClientSecretCredentialBuilder()
                .tenantId(tenantId)
                .clientId(clientId)
                .clientSecret(clientSecret)
                .build();

        BlobServiceClient blobServiceClient = new BlobServiceClientBuilder()
                .endpoint(blobServiceUrl)
                .credential(credential)
                .buildClient();
                
        BlobClient blobClient = blobServiceClient.getBlobContainerClient(containerName).getBlobClient(blobName);

        blobClient.downloadToFileWithResponse(new BlobDownloadToFileOptions(downloadFilePath), null, null);
            System.out.println("Blob downloaded successfully to: " + downloadFilePath);
    }
}

Alternatively, try logging in to your Azure account using az login in your terminal and then use the code below.

Code:

import com.azure.identity.DefaultAzureCredential;
import com.azure.identity.DefaultAzureCredentialBuilder;
import com.azure.storage.blob.BlobClient;
import com.azure.storage.blob.BlobServiceClient;
import com.azure.storage.blob.BlobServiceClientBuilder;
import com.azure.storage.blob.options.BlobDownloadToFileOptions;


public class App {

    public static void main(String[] args) {
        String storageAccountName = "yourstorageaccount";
        String containerName = "your-container";
        String blobName = "your-blob.txt";
        String downloadFilePath = "downloaded_file.txt";

        String blobServiceUrl = String.format("https://%s.blob.core.windows", storageAccountName);

        // Authenticate using DefaultAzureCredential
        DefaultAzureCredential credential = new DefaultAzureCredentialBuilder().build();

        BlobServiceClient blobServiceClient = new BlobServiceClientBuilder()
                .endpoint(blobServiceUrl)
                .credential(credential)
                .buildClient();
                
        BlobClient blobClient = blobServiceClient.getBlobContainerClient(containerName).getBlobClient(blobName);

        blobClient.downloadToFileWithResponse(new BlobDownloadToFileOptions(downloadFilePath), null, null);
            System.out.println("Blob downloaded successfully to: " + downloadFilePath);
    }
}

This ensures that your Selenium Java automation can securely access Azure Blob Storage in local environments.

I am not a java expert. however, this is something you can do in Visual Studio with where you can use defaultazurecredentials. However, that requires you setup visual studio app service authentication. This is how it works in principal https://learn.microsoft/en-us/dotnet/api/overview/azure/service-to-service-authentication?view=azure-dotnet.

The reason they work is because you are using the properties of DefaultAzureCredentials. For example, if your case you would use.

Sample code

if(devEnvironment)  {
  //use the default credential
}

As long as your identity as RBAC as indicated by others, you will be able to access all azure resources.

本文标签：