Azure Blob Storage

Detailed information on the Azure Blob Store state store component

Component format

To setup the Azure Blob Storage state store create a component of type state.azure.blobstorage. See this guide on how to create and apply a state store configuration.

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4. name: <NAME>
  5. namespace: <NAMESPACE>
  6. spec:
  7. type: state.azure.blobstorage
  8. version: v1
  9. metadata:
  10. - name: accountName
  11. value: "[your_account_name]"
  12. - name: accountKey
  13. value: "[your_account_key]"
  14. - name: containerName
  15. value: "[your_container_name]"

Warning

The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described here.

Spec metadata fields

FieldRequiredDetailsExample
accountNameYThe storage account name“mystorageaccount”.
accountKeyY (unless using Azure AD)Primary or secondary storage key“key”
containerNameYThe name of the container to be used for Dapr state. The container will be created for you if it doesn’t exist“container”
azureEnvironmentNOptional name for the Azure environment if using a different Azure cloud“AZUREPUBLICCLOUD” (default value), “AZURECHINACLOUD”, “AZUREUSGOVERNMENTCLOUD”, “AZUREGERMANCLOUD”
ContentTypeNThe blob’s content type“text/plain”
ContentMD5NThe blob’s MD5 hash“vZGKbMRDAnMs4BIwlXaRvQ==”
ContentEncodingNThe blob’s content encoding“UTF-8”
ContentLanguageNThe blob’s content language“en-us”
ContentDispositionNThe blob’s content disposition. Conveys additional information about how to process the response payload“attachment”
CacheControlNThe blob’s cache control“no-cache”

Setup Azure Blob Storage

Follow the instructions from the Azure documentation on how to create an Azure Storage Account.

If you wish to create a container for Dapr to use, you can do so beforehand. However, the Blob Storage state provider will create one for you automatically if it doesn’t exist.

In order to setup Azure Blob Storage as a state store, you will need the following properties:

  • accountName: The storage account name. For example: mystorageaccount.
  • accountKey: Primary or secondary storage account key.
  • containerName: The name of the container to be used for Dapr state. The container will be created for you if it doesn’t exist.

Authenticating with Azure AD

This component supports authentication with Azure AD as an alternative to use account keys. Whenever possible, it is recommended that you use Azure AD for authentication in production systems, to take advantage of better security, fine-tuned access control, and the ability to use managed identities for apps running on Azure.

The following scripts are optimized for a bash or zsh shell and require the following apps installed:

You must also be authenticated with Azure in your Azure CLI.

  1. To get started with using Azure AD for authenticating the Blob Storage state store component, make sure you’ve created an Azure AD application and a Service Principal as explained in the Authenticating to Azure document.
    Once done, set a variable with the ID of the Service Principal that you created:
  1. SERVICE_PRINCIPAL_ID="[your_service_principal_object_id]"
  1. Set the following variables with the name of your Azure Storage Account and the name of the Resource Group where it’s located:
  1. STORAGE_ACCOUNT_NAME="[your_storage_account_name]"
  2. RG_NAME="[your_resource_group_name]"
  1. Using RBAC, assign a role to our Service Principal so it can access data inside the Storage Account.
    In this case, you are assigning the “Storage blob Data Contributor” role, which has broad access; other more restrictive roles can be used as well, depending on your application.
  1. RG_ID=$(az group show --resource-group ${RG_NAME} | jq -r ".id")
  2. az role assignment create \
  3. --assignee "${SERVICE_PRINCIPAL_ID}" \
  4. --role "Storage blob Data Contributor" \
  5. --scope "${RG_ID}/providers/Microsoft.Storage/storageAccounts/${STORAGE_ACCOUNT_NAME}"

When authenticating your component using Azure AD, the accountKey field is not required. Instead, please specify the required credentials in the component’s metadata (if any) according to the Authenticating to Azure document.

For example:

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4. name: <NAME>
  5. namespace: <NAMESPACE>
  6. spec:
  7. type: state.azure.blobstorage
  8. version: v1
  9. metadata:
  10. - name: accountName
  11. value: "[your_account_name]"
  12. - name: containerName
  13. value: "[your_container_name]"
  14. - name: azureTenantId
  15. value: "[your_tenant_id]"
  16. - name: azureClientId
  17. value: "[your_client_id]"
  18. - name: azureClientSecret
  19. value : "[your_client_secret]"

Apply the configuration

In Kubernetes

To apply Azure Blob Storage state store to Kubernetes, use the kubectl CLI:

  1. kubectl apply -f azureblob.yaml

Running locally

To run locally, create a components dir containing the YAML file and provide the path to the dapr run command with the flag --components-path.

This state store creates a blob file in the container and puts raw state inside it.

For example, the following operation coming from service called myservice:

  1. curl -X POST http://localhost:3500/v1.0/state \
  2. -H "Content-Type: application/json"
  3. -d '[
  4. {
  5. "key": "nihilus",
  6. "value": "darth"
  7. }
  8. ]'

This creates the blob file in the container with key as filename and value as the contents of file.

Concurrency

Azure Blob Storage state concurrency is achieved by using ETags according to the Azure Blob Storage documentation.

Last modified September 20, 2021 : Merge pull request #1800 from greenie-msft/gRPC_proxying_video (36dff3c)