Skip to content

add same-account storage integrations for azure and gcp#22

Merged
benny-n merged 3 commits intomainfrom
benny-n/storage-integration
Feb 21, 2026
Merged

add same-account storage integrations for azure and gcp#22
benny-n merged 3 commits intomainfrom
benny-n/storage-integration

Conversation

@benny-n
Copy link
Collaborator

@benny-n benny-n commented Feb 20, 2026

generalizes AWS's approach for same-account storage integration auth for GCP and Azure.


Note

Medium Risk
Introduces new cloud IAM principals/keys and changes IAM binding semantics and TLS policy configuration, which can affect access and cluster provisioning if misconfigured.

Overview
Adds same-account storage integration support for Azure and GCP so the in-cluster data importer can read customer storage without manual credentials: Azure now provisions an Azure AD application/service principal with a subscription-scope Storage Blob Data Reader assignment and publishes the client secret + tenant/client IDs via k8s secrets/configmap outputs; GCP now provisions a dedicated service account + key with storage.objectViewer and stores the decoded key JSON as a Kubernetes secret.

Tightens/adjusts infra and CI details: AWS storage integration IAM is reduced from AmazonS3FullAccess to a minimal inline S3 read policy, GCP Workload Identity bindings for writer service accounts switch from an authoritative binding to per-member resources, GCP public ingress now enforces a modern TLS policy via SSLPolicy/FrontendConfig, and all cloud E2E workflows now set the default Pulumi org before running the wizard. Also bumps the wizard’s pinned PINECONE_VERSION and adds the pulumi-azuread dependency (lockfile updated).

Written by Cursor Bugbot for commit 4f31f46. This will update automatically on new commits. Configure here.

Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.

@benny-n benny-n merged commit f667d34 into main Feb 21, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants