docs(azure_blob): add managed identity and workload identity auth

[temporaer]

Document new auth_type values (managed_identity, workload_identity) and related configuration parameters (client_id, tenant_id, workload_identity_token_file) for the Azure Blob output plugin, with configuration examples for system-assigned MI, user-assigned MI, and workload identity.

Companion to fluent/fluent-bit#10777.

Summary by CodeRabbit

• Documentation
  • Enhanced Azure Blob output documentation with additional authentication methods: managed identity and workload identity.
  • Added configuration properties and comprehensive usage examples for identity-based authentication in AKS environments.
  • Included Azure Emulator (Azurite) configuration guidance.

[coderabbitai]

📝 Walkthrough

Walkthrough

Documentation for Azure Blob output expanded to include authentication options (managed identity, workload identity) with configuration examples, new properties (client_id, tenant_id, workload_identity_token_file), and guidance for AKS and Azurite scenarios.

Changes

Cohort / File(s)	Summary
Azure Blob Authentication Documentation pipeline/outputs/azure_blob.md	Expanded authentication configuration documentation with support for managed identity and workload identity. Added configuration properties and comprehensive examples for system-assigned/user-assigned managed identity and workload identity flows. Included conceptual descriptions and Azure Emulator (Azurite) usage guidance.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 Blob storage now shines with identity so grand,
Managed and workload—two paths through the land,
With Azure's embrace and Azurite's jest,
Authentication flows put to the test! 🌟

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'docs(azure_blob): add managed identity and workload identity auth' directly and concisely summarizes the main change - expanding Azure Blob documentation with new authentication options.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

pipeline/outputs/azure_blob.md (1)

235-296: Workload Identity section is well-documented.

The Workload Identity configuration is properly explained with:

• Clear context about AKS and federated service accounts
• Complete examples showing all required parameters (client_id, tenant_id)
• Helpful note about overriding the token file path for non-standard configurations

The examples correctly demonstrate the workload identity authentication pattern for AKS environments.

Optional enhancement: Consider briefly mentioning that workload identity requires proper AKS cluster setup and service account federation (perhaps with a link to Azure documentation), though this may be beyond the scope of Fluent Bit-specific documentation.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pipeline/outputs/azure_blob.md` around lines 235 - 296, Add a brief
one-sentence note under the Workload Identity section (near the fluent-bit.yaml
/ fluent-bit.conf examples) stating that AKS must have service account
federation configured for workload identity to work and include a short link to
the Azure AD workload identity docs (for example, Azure docs on Workload
Identity Federation) so readers can follow cluster setup steps; reference the
examples and the workload_identity_token_file, client_id and tenant_id options
so the note appears adjacent to those configuration snippets.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@pipeline/outputs/azure_blob.md`:
- Around line 235-296: Add a brief one-sentence note under the Workload Identity
section (near the fluent-bit.yaml / fluent-bit.conf examples) stating that AKS
must have service account federation configured for workload identity to work
and include a short link to the Azure AD workload identity docs (for example,
Azure docs on Workload Identity Federation) so readers can follow cluster setup
steps; reference the examples and the workload_identity_token_file, client_id
and tenant_id options so the note appears adjacent to those configuration
snippets.

[eschabell]

@temporaer thanks for the PR, but looks like some linting issues need fixing.