From 966769e0db9da75b6ec014eca1b198d92f25400d Mon Sep 17 00:00:00 2001
From: Martin Dzibela <martin.dzibela@kosik.cz>
Date: Tue, 16 Jan 2024 11:50:27 +0100
Subject: [PATCH 1/4] allow to authenticate to Azure Storage using SAS tokens

Signed-off-by: Martin Dzibela <martin.dzibela@kosik.cz>
---
 pkg/scalers/azure/azure_storage.go      | 20 +++++++++++++++++++-
 pkg/scalers/azure/azure_storage_test.go |  2 ++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/pkg/scalers/azure/azure_storage.go b/pkg/scalers/azure/azure_storage.go
index 12ac8e9f18d..88f7da89174 100644
--- a/pkg/scalers/azure/azure_storage.go
+++ b/pkg/scalers/azure/azure_storage.go
@@ -104,6 +104,10 @@ func ParseAzureStorageQueueConnection(ctx context.Context, httpClient util.HTTPD
 			return nil, nil, err
 		}
 
+		if accountName == "" && accountKey == "" {
+			return azqueue.NewAnonymousCredential(), endpoint, nil
+		}
+
 		credential, err := azqueue.NewSharedKeyCredential(accountName, accountKey)
 		if err != nil {
 			return nil, nil, err
@@ -132,6 +136,10 @@ func ParseAzureStorageBlobConnection(ctx context.Context, httpClient util.HTTPDo
 			return nil, nil, err
 		}
 
+		if accountName == "" && accountKey == "" {
+			return azblob.NewAnonymousCredential(), endpoint, nil
+		}
+
 		credential, err := azblob.NewSharedKeyCredential(accountName, accountKey)
 		if err != nil {
 			return nil, nil, err
@@ -154,7 +162,7 @@ func parseAzureStorageConnectionString(connectionString string, endpointType Sto
 		return ""
 	}
 
-	var endpointProtocol, name, key, endpointSuffix, endpoint string
+	var endpointProtocol, name, key, sas, endpointSuffix, endpoint string
 	for _, v := range parts {
 		switch {
 		case strings.HasPrefix(v, "DefaultEndpointsProtocol"):
@@ -163,6 +171,8 @@ func parseAzureStorageConnectionString(connectionString string, endpointType Sto
 			name = getValue(v)
 		case strings.HasPrefix(v, "AccountKey"):
 			key = getValue(v)
+		case strings.HasPrefix(v, "SharedAccessSignature"):
+			sas = getValue(v)
 		case strings.HasPrefix(v, "EndpointSuffix"):
 			endpointSuffix = getValue(v)
 		case endpointType == BlobEndpoint && strings.HasPrefix(v, endpointType.Prefix()):
@@ -176,6 +186,14 @@ func parseAzureStorageConnectionString(connectionString string, endpointType Sto
 		}
 	}
 
+	if sas != "" && endpoint != "" {
+		u, err := url.Parse(fmt.Sprintf("%s?%s", endpoint, sas))
+		if err != nil {
+			return nil, "", "", err
+		}
+		return u, "", "", nil
+	}
+
 	if name == "" || key == "" {
 		return nil, "", "", ErrAzureConnectionStringKeyName
 	}
diff --git a/pkg/scalers/azure/azure_storage_test.go b/pkg/scalers/azure/azure_storage_test.go
index 82cdc8f8dcf..4309cd8d6dc 100644
--- a/pkg/scalers/azure/azure_storage_test.go
+++ b/pkg/scalers/azure/azure_storage_test.go
@@ -22,6 +22,8 @@ var parseConnectionStringTestDataset = []parseConnectionStringTestData{
 	{"DefaultEndpointsProtocol=https;AccountName=testing;AccountKey=key==;EndpointSuffix=core.windows.net;BlobEndpoint=https://blob.net", "testing", "key==", "https://blob.net", BlobEndpoint, false},
 	{"DefaultEndpointsProtocol=https;AccountName=testing;AccountKey=key==;EndpointSuffix=core.windows.net;TableEndpoint=https://table.net", "testing", "key==", "https://table.net", TableEndpoint, false},
 	{"DefaultEndpointsProtocol=https;AccountName=testing;AccountKey=key==;EndpointSuffix=core.windows.net;FileEndpoint=https://file.net", "testing", "key==", "https://file.net", FileEndpoint, false},
+	{"QueueEndpoint=https://queue.net;SharedAccessSignature=sv=2012-02-12&st=2009-02-09&se=2009-02-10&sr=c&sp=r&si=YWJjZGVmZw%3d%3d&sig=dD80ihBh5jfNpymO5Hg1IdiJIEvHcJpCMiCMnN%2fRnbI%3d", "", "", "https://queue.net?sv=2012-02-12&st=2009-02-09&se=2009-02-10&sr=c&sp=r&si=YWJjZGVmZw%3d%3d&sig=dD80ihBh5jfNpymO5Hg1IdiJIEvHcJpCMiCMnN%2fRnbI%3d", QueueEndpoint, false},
+	{"BlobEndpoint=https://blob.net;SharedAccessSignature=sv=2012-02-12&st=2009-02-09&se=2009-02-10&sr=c&sp=r&si=YWJjZGVmZw%3d%3d&sig=dD80ihBh5jfNpymO5Hg1IdiJIEvHcJpCMiCMnN%2fRnbI%3d", "", "", "https://blob.net?sv=2012-02-12&st=2009-02-09&se=2009-02-10&sr=c&sp=r&si=YWJjZGVmZw%3d%3d&sig=dD80ihBh5jfNpymO5Hg1IdiJIEvHcJpCMiCMnN%2fRnbI%3d", BlobEndpoint, false},
 }
 
 func TestParseStorageConnectionString(t *testing.T) {

From 7acb19bb362cfbef14667551c00678255c14028f Mon Sep 17 00:00:00 2001
From: Martin Dzibela <martin.dzibela@kosik.cz>
Date: Wed, 17 Jan 2024 09:59:14 +0100
Subject: [PATCH 2/4] fix err message

Signed-off-by: Martin Dzibela <martin.dzibela@kosik.cz>
---
 pkg/scalers/azure/azure_storage.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/scalers/azure/azure_storage.go b/pkg/scalers/azure/azure_storage.go
index 88f7da89174..d8f09d2f2ee 100644
--- a/pkg/scalers/azure/azure_storage.go
+++ b/pkg/scalers/azure/azure_storage.go
@@ -147,7 +147,7 @@ func ParseAzureStorageBlobConnection(ctx context.Context, httpClient util.HTTPDo
 
 		return credential, endpoint, nil
 	default:
-		return nil, nil, fmt.Errorf("azure queues doesn't support %s pod identity type", podIdentity.Provider)
+		return nil, nil, fmt.Errorf("azure storage doesn't support %s pod identity type", podIdentity.Provider)
 	}
 }
 

From 55df398a41efa765544ce9fad35c89e1ea91755c Mon Sep 17 00:00:00 2001
From: Martin Dzibela <martin.dzibela@kosik.cz>
Date: Wed, 17 Jan 2024 13:30:55 +0100
Subject: [PATCH 3/4] dupl linter exclude for azure_storage

Signed-off-by: Martin Dzibela <martin.dzibela@kosik.cz>
---
 .golangci.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.golangci.yml b/.golangci.yml
index ba682478178..0f3fe14be6c 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -154,7 +154,12 @@ issues:
     - path: pkg/scaling/resolver/scale_resolvers.go
       linters:
         - gocyclo
-
+  # Exclude for azure_storage, reason:
+  # pkg/scalers/azure/azure_storage.go:91: 91-120 lines are duplicate of `pkg/scalers/azure/azure_storage.go:123-152` (dupl)
+  # pkg/scalers/azure/azure_storage.go:123: 123-152 lines are duplicate of `pkg/scalers/azure/azure_storage.go:91-120` (dupl)
+    - path: pkg/scalers/azure/azure_storage.go
+      linters:
+        - dupl
 
 linters-settings:
   funlen:

From d456d383d6c5340efb92264383bca594038ecc9b Mon Sep 17 00:00:00 2001
From: Martin Dzibela <martin.dzibela@kosik.cz>
Date: Wed, 17 Jan 2024 13:45:59 +0100
Subject: [PATCH 4/4] update CHANGELOG.md

Signed-off-by: Martin Dzibela <martin.dzibela@kosik.cz>
---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 74b1916bcbb..4fafb28a436 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -110,6 +110,8 @@ Here is an overview of all new **experimental** features:
 - **General**: Request all ScaledObject/ScaledJob triggers in parallel ([#5276](https://github.com/kedacore/keda/issues/5276))
 - **General**: Support TriggerAuthentication properties from ConfigMap ([#4830](https://github.com/kedacore/keda/issues/4830))
 - **General**: Use client-side round-robin load balancing for grpc calls ([#5224](https://github.com/kedacore/keda/issues/5224))
+- **Azure Blob Storage scaler**: Allow to authenticate to Azure Storage using SAS tokens ([#5393](https://github.com/kedacore/keda/issues/5393))
+- **Azure Storage Queue scaler**: Allow to authenticate to Azure Storage using SAS tokens ([#5393](https://github.com/kedacore/keda/issues/5393))
 - **GCP pubsub scaler**: Support distribution-valued metrics and metrics from topics ([#5070](https://github.com/kedacore/keda/issues/5070))
 - **GCP stackdriver scaler**: Support valueIfNull parameter ([#5345](https://github.com/kedacore/keda/pull/5345))
 - **Hashicorp Vault**: Add support to get secret that needs write operation (e.g. pki) ([#5067](https://github.com/kedacore/keda/issues/5067))