Support Azure Active Directory tokens for the Azure Blob Store Sink

[zrc210]

A note for the community

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Use Cases

The breaking changes in Vector 0.50.0 forced the use of connection_string as the only authentication method.

However, the official Microsoft Azure documentation recommends using AAD (or Entra ID in the recent renaming) over Shared Key authorization.

Authorizing requests against Azure Storage with Microsoft Entra ID provides superior security and ease of use over Shared Key authorization. Microsoft recommends using Microsoft Entra authorization with your table applications when possible to assure access with minimum required privileges.

In certain environments, AAD token based authentication may the the only sanctioned way to interact with azure blob storage, and connection_string is not an option.

Ideally, it would be great if vector could restore the ability to use storage_account to facilitate secure, least privileged access to azure blob storage.

Attempted Solutions

In another issue, @pront had this suggestion to restore functionality: #23036 (comment)

Proposal

No response

References

• chore(azure_blob sink)!: Update azure (0.25) and azure storage (0.21) #23351
• Azure SDK version bump introduced regression in token refresh #23036 (comment)

Version

0.50.0

[joshcoughlan]

Should Microsoft choose to accept it, this PR for azure-sdk-for-rust should unblock this pretty easily.

[pront]

Thanks @joshcoughlan! We would love to improve Vector's interoperability with Azure.