| At line 1 changed one line |
| Azure configuration |
| \\ |
| __'' General restrictions''__: Azure storage is not a file system, but an object storage. The folder is more like a prefix of the object name. That is why renaming folders is not supported. Folder moves are only possible through copy and deletion.\\ |
| \\ |
| !1. Azure File Share\\ |
| \\ |
| CrushFTP supports Microsoft Azure Shares as a VFS item, it requires a __Storage Account:__ [https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview]. About Azure file share: [https://learn.microsoft.com/en-us/azure/storage/files/storage-how-to-create-file-share?tabs=azure-portal]\\ |
| \\ |
| The URL should look like (Replace the URL with your corresponding data!):\\ |
| \\ |
| {{{ |
| azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@file.core.windows.net/SHARE_NAME/}}} |
| \\ |
| {{{ |
| azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@file.privatelink.core.windows.net/SHARE_NAME/}}} |
| \\ |
| You can find those on the Azure portal, under __Storage Account__. From the left-side menu select __Access keys__ to reveal them.\\ |
| \\ |
| [attachments|AzurePortalAccessKey.png]\\ |
| \\ |
| Then paste them on the appropriate fields in CrushFTP.\\ |
| \\ |
| [attachments|AzureConfiguration3.png]\\ |
| \\ |
| When using “Browse…” in the Jobs interface, or plugin interfaces, the UI is slightly different:\\ |
| \\ |
| There is an input field for the file service share: Share Name \\ |
| [attachments|azureRemoteItem3.png]\\ |
| \\ |
| !2. Azure Blob Container\\ |
| \\ |
| CrushFTP supports __Azure Blobs__([https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction]) as VFS item, it requires a __Storage Account:__ [https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview]. \\ |
| Azure Blob Storage is __not like a normal filesystem__ with folders and deeper levels you can go into. It's more like S3 where a file’s name contains slashes, which simulate a folder structure but with many limitations when it comes to renaming and truly simulating a normal file system. Folder rename is not supported.\\ |
| \\ |
| The URL should look like this (Replace the URL with your corresponding data!):\\ |
| At line 3 changed one line |
| CrushFTP support Microsoft Azure Shares as VFS item, it requires a Storage Account and File Services Shares (It does not cover other services like Tables, Blob files ... yet ). |
| {{{ |
| azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@blob.core.windows.net/BLOB_CONTAINER_NAME/}}} |
| \\ |
| {{{ |
| azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@blob.core.chinacloudapi.cn/BLOB_CONTAINER_NAME/ |
| }}} |
| \\ |
| {{{ |
| azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@blob.privatelink.core.windows.net/BLOB_CONTAINER_NAME/ |
| }}} |
| \\ |
| [attachments|azure_blob3.png]\\ |
| \\ |
| __Data Lake storage Gen2__: More info on the official website: [https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-introduction].\\ |
| Turn on the flag if the storage type is the data lake. It connects through __Azure Blob Storage REST API__ [https://learn.microsoft.com/en-us/rest/api/storageservices/blob-service-rest-api].\\ |
| (This is not Azure Data Lake Storage Gen2 REST API: [https://learn.microsoft.com/en-us/rest/api/storageservices/data-lake-storage-gen2])\\ |
| \\ |
| When using “Browse…” in the Jobs interface, or plugin interfaces, the UI is slightly different:\\ |
| \\ |
| To specify the blob container use the input field: Share Name \\ |
| [attachments|azure_blobRemoteItem.png]\\ |
| \\ |
| At line 5 changed 2 lines |
| The url should look like: |
| azure://"Storage Account name / User name field":[ password ] @file.core.windows.net/[share folder name ]/ |
| You need to select the blob type (append blob or block blobs - page blobs are not supported) specified when creating the blob on Azure. |
|
| !3. SAS token\\ |
| \\ |
| Azure also can delegate access with a shared access signature (SAS) [https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview].\\ |
| In this case, the URL should look like: |
| {{{ |
| azure://STORAGE_ACCOUNT_NAME:@blob.core.windows.net/BLOB_CONTAINER_NAME/}}}\\ |
| Or |
| {{{ |
| azure://STORAGE_ACCOUNT_NAME:@file.core.windows.net/SHARE_NAME/}}}\\ |
| \\ |
| [attachments|SAS.png]\\ |
| \\ |
| The __password field should be empty__ and put the SAS token to the "__Shared access signature token__" input field.\\ |
| \\ |
| [attachments|azure_VFS_SAS.png]\\ |
| \\ |
| !4. Authorize access to blobs using Microsoft Entra ID\\ |
| \\ |
| Azure Storage supports using Microsoft Entra ID to authorize requests to blob data. (see more info : [https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory])\\ |
| \\ |
| You will start at the Microsoft Azure portal:\\ |
| [https://azure.microsoft.com/en-us/features/azure-portal/]\\ |
| \\ |
| __Application registration: __Go to the App registrations and click on New registration:\\ |
| \\ |
| [attachments|SMTP Microsoft Graph XOAUTH 2 Integration/new_registration.png]\\ |
| \\ |
| Name it. Select the Microsoft account types. The redirect URL must end with "__register_microsoft_graph_api/__". Then click on register.\\ |
| \\ |
| {{{ |
| http://localhost:9090/register_microsoft_graph_api/ |
| }}} |
| \\ |
| [attachments|SMTP Microsoft Graph XOAUTH 2 Integration/register_app.png]\\ |
| \\ |
| Under the redirect URL configuration enable the __Access Token__ to be issued by the authorization endpoint:\\ |
| \\ |
| [attachments|SMTP Microsoft Graph XOAUTH 2 Integration/enable_access_token.png]\\ |
| \\ |
| Configure the API permissions:\\ |
| \\ |
| [attachments|azure_api_permission_blob.png]\\ |
| \\ |
| [attachments|azure_user_impersonation.png]\\ |
| \\ |
| On your __Storage Account__ at __Access Control (IAM)__ assign the role "__Storage Account Contributor__" and "__Storage Blob Data Contributor__" to the specified user.\\ |
| \\ |
| __Restriction:__ It only works with blob storage.\\ |
| \\ |
| [attachments|azure_access_control_roles.png]\\ |
| \\ |
| Access the user's VFS settings and configure the Refresh Token for the remote Azure connection. At __User Delegation Settings__ click the "__Get Refresh Token__" button.\\ |
| \\ |
| [attachments|azure_refresh_token_form.png]\\ |
| \\ |
| \\ |
| __Client id : __ You can find it at Azure portal -> App Registration -> Overview:\\ |
| \\ |
| [attachments|SharePoint Integration/client_id.png]\\ |
| \\ |
| __Secret key:__ A new client secret also needs to be created. Go to the "__Certificate & secrets__" and generate a new secret key. Click on New client secret.\\ |
| \\ |
| [attachments|SharePoint Integration/new_secret.png]\\ |
| \\ |
| [attachments|SharePoint Integration/secret_value.png]\\ |
| \\ |
| Sign in as the specified Microsoft user grant access, and obtain the refresh token.\\ |
| \\ |
| [attachments|user_delegation_settings.png]\\ |
| \\ |
| __!!!__Provide the storage account name as the "User name" input field.\\ |
| \\ |
| To get a newly created SAS token for your storage, you need to run the following job example: [CrushTaskExample18]\\ |
| \\ |
