chore: update readme

epam · Mar 1, 2024 · 2824ba9 · 2824ba9
1 parent aa757c8
commit 2824ba9
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 18 deletions.
diff --git a/README.md b/README.md
@@ -72,7 +72,7 @@ Static settings are used on startup and cannot be changed while application is r
 
 ### Google Cloud Storage
 
-There are two types of credentials providers supported:
+There are two types of credential providers supported:
  - User credentials. You can create a service account and authenticate using its private key obtained from Developer console
  - Temporary credentials. Application default credentials (ADC)
 
@@ -113,6 +113,50 @@ JClouds property `jclouds.oauth.credential-type` should be set `bearerTokenCrede
 }
 ```
 
+### Azure Blob Store
+
+There are two types of credential providers supported:
+- User credentials. You can create a service principle and authenticate using its secret from Azure console
+- Temporary credentials with Azure AD Workload Identity
+
+#### User credentials
+
+You should set `storage.credential` to service principle secret and `storage.identity` - service principle ID.
+
+The properties to be overridden are below:
+
+```
+{
+  "storage": {
+    "endpoint": "https://<Azure Blob storage account>.blob.core.windows.net"
+    "overrides": {
+      "jclouds.azureblob.auth": "azureAd",
+      "jclouds.azureblob.tenantId": "<tenant ID>",
+      "jclouds.azureblob.account: "<Azure Blob storage account>"
+    }
+  }
+}
+```
+
+#### Temporary credentials
+
+You should follow [instructions](https://azure.github.io/azure-workload-identity/docs/) to setup your pod in Azure k8s.
+`storage.credential` and `storage.identity` must be unset.
+
+The properties to be overridden are below:
+
+```
+{
+  "storage": {
+    "endpoint": "https://<Azure Blob storage account>.blob.core.windows.net"
+    "overrides": {
+      "jclouds.azureblob.auth": "azureAd",
+      "jclouds.oauth.credential-type": "bearerTokenCredentials"
+    }
+  }
+}
+```
+
 ### Redis
 The Redis can be used as a cache with volatile-* eviction policies:
 ```

diff --git a/src/main/java/com/epam/aidial/core/GetToken.java b/src/main/java/com/epam/aidial/core/GetToken.java
diff --git a/src/main/java/com/epam/aidial/core/storage/credential/AzureCredentialProvider.java b/src/main/java/com/epam/aidial/core/storage/credential/AzureCredentialProvider.java
@@ -10,7 +10,7 @@
 
 public class AzureCredentialProvider implements CredentialProvider {
 
-    private static final long MARGIN_EXPIRATION_IN_SEC = 10;
+    private static final long EXPIRATION_WINDOW_IN_SEC = 10;
 
     private Credentials credentials;
 
@@ -38,7 +38,7 @@ public Credentials getCredentials() {
     }
 
     private synchronized Credentials getTemporaryCredentials() {
-        OffsetDateTime date = OffsetDateTime.now().minusSeconds(MARGIN_EXPIRATION_IN_SEC);
+        OffsetDateTime date = OffsetDateTime.now().minusSeconds(EXPIRATION_WINDOW_IN_SEC);
         if (accessToken == null || date.isAfter(accessToken.getExpiresAt())) {
             accessToken = defaultCredential.getTokenSync(tokenRequestContext);
         }