Storage Adapter API Sample

A dotnet minimal api sample used to retrieve a tenant/customer storage identifier mappings.

When used with its client (see Storage Adapter Client, the Storage Adapter provides an abstraction layer to access multiple Azure Storage accounts and third party storage providers. In the sample, we demostrate access to an AWS S3 Bucket.

The sample demostrates the following :

Connection to an Azure storage account within your Azure tenant using a storage access key and OAuth separately.
Cross tenant access to an Azure storage account residing in a different Azure tenant using OAuth.
Connection to AWS S3 Bucket using an bucket access key.
Generation of signed Urls (a SAS Uri in Azure, a Presigned Url in AWS) to upload and download an image from their respective storage types.

Prerequistes

An Azure subscription in a Azure org/tenant.
A second Azure subscription with a storage account provisioned in a second Azure org/tenant.
An AWS account with a S3 bucket and the appropriate IAM user/account access with an accessKey and accessKeySecret.
A multi-tenant Service Principal from the first Azure tenant with consent to the second Azure tenant already provided.
- Assign the SP the "Storage Blob Contributor" role to the target storage account in the first tenant.
- Assign the SP the "Storage Blob Contributor" role to the target storage account in the second tenant.

Getting Started

Deploying Locally

Create an Entra ID app registration with a secret. This service principal will be used to execute the seedTenantToStorageTable.sh script in order to seed the mapping table. Record the client id, client secret and the associated Enterprise App object id.
Add the following environment variables to your .env file for a given azd environment within the .azure folder.
- $DEPLOY_SP_OBJID="[object id recorded above]"
- $DEPLOY_SP_CLIENT_ID="[clientId recorded above]"
- $DEPLOY_SP_CLIENT_SECRET="[client secret recorded above]"
- $MULTITENANT_SP_CLIENT_ID="[multi-tenant SP clientId]"
- $MULTITENANT_SP_CLIENT_SECRET="[multi-tenant SP client secret]"
- $STORAGE_ACCOUNT_ACCESS_KEY="[storage access key to the Azure storage account in the first tenant]"
- $AWSS3_ACCESS_KEY="[access key secret to the AWS S3 Bucket]"
Run azd up from the api project folder within bash terminal.

Deploying uisng GitHub Actions

Run azd pipeline to setup your GitHub Action pipeline.
Use the service principal that was auto-generated and add a new client secret. Record the client id, client secret and the associated Enterprise App object id.
Add the following as Secrets within the repo's Settings > Secrets and variables:
- $DEPLOY_SP_OBJID="[object id recorded above]"
- $DEPLOY_SP_CLIENT_SECRET="[client secret recorded above]"
- $MULTITENANT_SP_CLIENT_SECRET="[multi-tenant SP client secret]"
- $STORAGE_ACCOUNT_ACCESS_KEY="[storage access key to the Azure storage account in the first tenant]"
- $AWSS3_ACCESS_KEY="[access key secret to the AWS S3 Bucket]"
Add the following as Variables within the repo's Settings > Secrets and variables (in addition to the variable azd already added):
- $DEPLOY_SP_CLIENT_ID="[clientId recorded above]"
- $MULTITENANT_SP_CLIENT_ID="[multi-tenant SP clientId]"
Execute the Github Action manually or via a regular PR.

Testing the Storage Adapter

The Storage Adapter Client comes with a XUnit project and tests.