Microsoft Azure Container Volume Connection¶
The Microsoft Azure Container Volume connection type enables the Azure Container Volume Integrations.
Authenticating to Azure Container Volume¶
There are four ways to connect to Azure Container Volume using Airflow.
Use token credentials i.e. add specific credentials (client_id, secret) and subscription id to the Airflow connection.
Use a Connection String i.e. add connection string to
connection_string
in the Airflow connection.Use managed identity by setting
managed_identity_client_id
,workload_identity_tenant_id
(under the hook, it uses DefaultAzureCredential with these arguments)Fallback on DefaultAzureCredential. This includes a mechanism to try different options to authenticate: Managed System Identity, environment variables, authentication through Azure CLI, etc.
subscription_id
andresource_group
are required in this authentication mechanism.
Only one authorization method can be used at a time. If you need to manage multiple credentials or keys then you should configure multiple connections.
Default Connection IDs¶
All hooks and operators related to Azure Container Volume use azure_container_volume_default
by default.
Configuring the Connection¶
- Login (optional)
Specify the login used for azure blob storage. For use with Shared Key Credential and SAS Token authentication.
- Password (optional)
Specify the password used for azure blob storage. For use with Active Directory (token credential) and shared key authentication. It can be left out to fall back on DefaultAzureCredential.
- Host (optional)
Specify the account url for anonymous public read, Active Directory, shared access key authentication.
- Extra (optional)
Specify the extra parameters (as json dictionary) that can be used in Azure connection. The following parameters are all optional:
connection_string
: Connection string for use with connection string authentication. It can be left out to fall back on DefaultAzureCredential.subscription_id
: The ID of the subscription used for the initial connection. This is needed for Azure Active Directory (DefaultAzureCredential) authentication.resource_group
: Azure Resource Group Name under which the desired Azure file volume resides. This is needed for Azure Active Directory (DefaultAzureCredential) authentication.managed_identity_client_id
: The client ID of a user-assigned managed identity. If provided withworkload_identity_tenant_id
, they’ll pass to DefaultAzureCredential.workload_identity_tenant_id
: ID of the application’s Microsoft Entra tenant. Also called its “directory” ID. If provided withmanaged_identity_client_id
, they’ll pass to DefaultAzureCredential.
When specifying the connection in environment variable you should specify it using URI syntax.
Note that all components of the URI should be URL-encoded.
For example connect with token credentials:
export AIRFLOW_CONN_WASP_DEFAULT='azure_container_volume://blob%20username:blob%20password@myblob.com'