Azure BlobStorage components: Add `disableEntityManagement` metadata option (#3213)

Signed-off-by: Bernd Verst <github@bernd.dev>

bindings/azure/blobstorage/metadata.yaml

@@ -87,4 +87,9 @@ metadata:
     example: '3'
     description: |
       Specifies the maximum number of HTTP requests that will be made to retry blob operations.
-      A value of zero means that no additional attempts will be made after a failure.
+      A value of zero means that no additional attempts will be made after a failure.
+  - name: disableEntityManagement
+    description: "Disable entity management. Skips the attempt to create the specified storage container. This is useful when operating with minimal Azure AD permissions."
+    example: "true"
+    default: '"false"'
+    type: bool

internal/component/azure/blobstorage/client.go

@@ -62,16 +62,19 @@ func CreateContainerStorageClient(parentCtx context.Context, log logger.Logger,
 		return nil, nil, err
 	}
 
-	// Create the container if it doesn't already exist
-	var accessLevel *azblob.PublicAccessType
-	if m.PublicAccessLevel != "" && m.PublicAccessLevel != "none" {
-		accessLevel = &m.PublicAccessLevel
-	}
-	ctx, cancel := context.WithTimeout(parentCtx, 30*time.Second)
-	defer cancel()
-	err = m.EnsureContainer(ctx, client, accessLevel)
-	if err != nil {
-		return nil, nil, fmt.Errorf("failed to create Azure Storage container %s: %w", m.ContainerName, err)
+	// if entity management is disabled, do not attempt to create the container
+	if !m.DisableEntityManagement {
+		// Create the container if it doesn't already exist
+		var accessLevel *azblob.PublicAccessType
+		if m.PublicAccessLevel != "" && m.PublicAccessLevel != "none" {
+			accessLevel = &m.PublicAccessLevel
+		}
+		ctx, cancel := context.WithTimeout(parentCtx, 30*time.Second)
+		defer cancel()
+		err = m.EnsureContainer(ctx, client, accessLevel)
+		if err != nil {
+			return nil, nil, fmt.Errorf("failed to create Azure Storage container %s: %w", m.ContainerName, err)
+		}
 	}
 
 	return client, m, nil

internal/component/azure/blobstorage/metadata.go

@@ -25,9 +25,10 @@ import (
 )
 
 type BlobStorageMetadata struct {
-	ContainerClientOpts `json:",inline" mapstructure:",squash"`
-	DecodeBase64        bool `json:"decodeBase64,string" mapstructure:"decodeBase64" mdonly:"bindings"`
-	PublicAccessLevel   azblob.PublicAccessType
+	ContainerClientOpts     `json:",inline" mapstructure:",squash"`
+	DecodeBase64            bool `json:"decodeBase64,string" mapstructure:"decodeBase64" mdonly:"bindings"`
+	PublicAccessLevel       azblob.PublicAccessType
+	DisableEntityManagement bool `json:"disableEntityManagement,string" mapstructure:"disableEntityManagement"`
 }
 
 type ContainerClientOpts struct {

state/azure/blobstorage/v1/metadata.yaml

@@ -74,3 +74,8 @@ metadata:
     description: |
       Specifies the maximum number of HTTP requests that will be made to retry blob operations.
       A value of zero means that no additional attempts will be made after a failure.
+  - name: disableEntityManagement
+    description: "Disable entity management. Skips the attempt to create the specified storage container. This is useful when operating with minimal Azure AD permissions."
+    example: "true"
+    default: '"false"'
+    type: bool

state/azure/blobstorage/v2/metadata.yaml

@@ -74,3 +74,8 @@ metadata:
     description: |
       Specifies the maximum number of HTTP requests that will be made to retry blob operations.
       A value of zero means that no additional attempts will be made after a failure.
+  - name: disableEntityManagement
+    description: "Disable entity management. Skips the attempt to create the specified storage container. This is useful when operating with minimal Azure AD permissions."
+    example: "true"
+    default: '"false"'
+    type: bool