diff --git a/bindings/azure/blobstorage/metadata.yaml b/bindings/azure/blobstorage/metadata.yaml index 047d4fa0bb..0c436bb02e 100644 --- a/bindings/azure/blobstorage/metadata.yaml +++ b/bindings/azure/blobstorage/metadata.yaml @@ -87,4 +87,9 @@ metadata: example: '3' description: | Specifies the maximum number of HTTP requests that will be made to retry blob operations. - A value of zero means that no additional attempts will be made after a failure. \ No newline at end of file + A value of zero means that no additional attempts will be made after a failure. + - name: disableEntityManagement + description: "Disable entity management. Skips the attempt to create the specified storage container. This is useful when operating with minimal Azure AD permissions." + example: "true" + default: '"false"' + type: bool \ No newline at end of file diff --git a/internal/component/azure/blobstorage/client.go b/internal/component/azure/blobstorage/client.go index 858cd2b7ff..72374e3a33 100644 --- a/internal/component/azure/blobstorage/client.go +++ b/internal/component/azure/blobstorage/client.go @@ -62,16 +62,19 @@ func CreateContainerStorageClient(parentCtx context.Context, log logger.Logger, return nil, nil, err } - // Create the container if it doesn't already exist - var accessLevel *azblob.PublicAccessType - if m.PublicAccessLevel != "" && m.PublicAccessLevel != "none" { - accessLevel = &m.PublicAccessLevel - } - ctx, cancel := context.WithTimeout(parentCtx, 30*time.Second) - defer cancel() - err = m.EnsureContainer(ctx, client, accessLevel) - if err != nil { - return nil, nil, fmt.Errorf("failed to create Azure Storage container %s: %w", m.ContainerName, err) + // if entity management is disabled, do not attempt to create the container + if !m.DisableEntityManagement { + // Create the container if it doesn't already exist + var accessLevel *azblob.PublicAccessType + if m.PublicAccessLevel != "" && m.PublicAccessLevel != "none" { + accessLevel = &m.PublicAccessLevel + } + ctx, cancel := context.WithTimeout(parentCtx, 30*time.Second) + defer cancel() + err = m.EnsureContainer(ctx, client, accessLevel) + if err != nil { + return nil, nil, fmt.Errorf("failed to create Azure Storage container %s: %w", m.ContainerName, err) + } } return client, m, nil diff --git a/internal/component/azure/blobstorage/metadata.go b/internal/component/azure/blobstorage/metadata.go index 743ecbeebd..2355f2d1c3 100644 --- a/internal/component/azure/blobstorage/metadata.go +++ b/internal/component/azure/blobstorage/metadata.go @@ -24,9 +24,10 @@ import ( ) type BlobStorageMetadata struct { - ContainerClientOpts `json:",inline" mapstructure:",squash"` - DecodeBase64 bool `json:"decodeBase64,string" mapstructure:"decodeBase64" mdonly:"bindings"` - PublicAccessLevel azblob.PublicAccessType + ContainerClientOpts `json:",inline" mapstructure:",squash"` + DecodeBase64 bool `json:"decodeBase64,string" mapstructure:"decodeBase64" mdonly:"bindings"` + PublicAccessLevel azblob.PublicAccessType + DisableEntityManagement bool `json:"disableEntityManagement,string" mapstructure:"disableEntityManagement"` } type ContainerClientOpts struct { diff --git a/state/azure/blobstorage/metadata.yaml b/state/azure/blobstorage/metadata.yaml index f90198900d..d487066b97 100644 --- a/state/azure/blobstorage/metadata.yaml +++ b/state/azure/blobstorage/metadata.yaml @@ -74,3 +74,8 @@ metadata: description: | Specifies the maximum number of HTTP requests that will be made to retry blob operations. A value of zero means that no additional attempts will be made after a failure. + - name: disableEntityManagement + description: "Disable entity management. Skips the attempt to create the specified storage container. This is useful when operating with minimal Azure AD permissions." + example: "true" + default: '"false"' + type: bool \ No newline at end of file