allow to authenticate to Azure Storage using SAS tokens

.golangci.yml

@@ -157,7 +157,12 @@ issues:
     - path: pkg/scaling/resolver/scale_resolvers.go
       linters:
         - gocyclo
-
+  # Exclude for azure_storage, reason:
+  # pkg/scalers/azure/azure_storage.go:91: 91-120 lines are duplicate of `pkg/scalers/azure/azure_storage.go:123-152` (dupl)
+  # pkg/scalers/azure/azure_storage.go:123: 123-152 lines are duplicate of `pkg/scalers/azure/azure_storage.go:91-120` (dupl)
+    - path: pkg/scalers/azure/azure_storage.go
+      linters:
+        - dupl
 
 linters-settings:
   funlen:

CHANGELOG.md

@@ -110,7 +110,9 @@ Here is an overview of all new **experimental** features:
 - **General**: Request all ScaledObject/ScaledJob triggers in parallel ([#5276](https://github.com/kedacore/keda/issues/5276))
 - **General**: Support TriggerAuthentication properties from ConfigMap ([#4830](https://github.com/kedacore/keda/issues/4830))
 - **General**: Use client-side round-robin load balancing for grpc calls ([#5224](https://github.com/kedacore/keda/issues/5224))
+- **Azure Blob Storage scaler**: Allow to authenticate to Azure Storage using SAS tokens ([#5393](https://github.com/kedacore/keda/issues/5393))
 - **Azure Pipelines Scaler**: Add support for workload identity authentication ([#5013](https://github.com/kedacore/keda/issues/5013))
+- **Azure Storage Queue scaler**: Allow to authenticate to Azure Storage using SAS tokens ([#5393](https://github.com/kedacore/keda/issues/5393))
 - **GCP pubsub scaler**: Support distribution-valued metrics and metrics from topics ([#5070](https://github.com/kedacore/keda/issues/5070))
 - **GCP stackdriver scaler**: Support valueIfNull parameter ([#5345](https://github.com/kedacore/keda/pull/5345))
 - **Hashicorp Vault**: Add support to get secret that needs write operation (e.g. pki) ([#5067](https://github.com/kedacore/keda/issues/5067))

pkg/scalers/azure/azure_storage.go

@@ -104,6 +104,10 @@ func ParseAzureStorageQueueConnection(ctx context.Context, httpClient util.HTTPD
 			return nil, nil, err
 		}
 
+		if accountName == "" && accountKey == "" {
+			return azqueue.NewAnonymousCredential(), endpoint, nil
+		}
+
 		credential, err := azqueue.NewSharedKeyCredential(accountName, accountKey)
 		if err != nil {
 			return nil, nil, err
@@ -132,14 +136,18 @@ func ParseAzureStorageBlobConnection(ctx context.Context, httpClient util.HTTPDo
 			return nil, nil, err
 		}
 
+		if accountName == "" && accountKey == "" {
+			return azblob.NewAnonymousCredential(), endpoint, nil
+		}
+
 		credential, err := azblob.NewSharedKeyCredential(accountName, accountKey)
 		if err != nil {
 			return nil, nil, err
 		}
 
 		return credential, endpoint, nil
 	default:
-		return nil, nil, fmt.Errorf("azure queues doesn't support %s pod identity type", podIdentity.Provider)
+		return nil, nil, fmt.Errorf("azure storage doesn't support %s pod identity type", podIdentity.Provider)
 	}
 }
 
@@ -154,7 +162,7 @@ func parseAzureStorageConnectionString(connectionString string, endpointType Sto
 		return ""
 	}
 
-	var endpointProtocol, name, key, endpointSuffix, endpoint string
+	var endpointProtocol, name, key, sas, endpointSuffix, endpoint string
 	for _, v := range parts {
 		switch {
 		case strings.HasPrefix(v, "DefaultEndpointsProtocol"):
@@ -163,6 +171,8 @@ func parseAzureStorageConnectionString(connectionString string, endpointType Sto
 			name = getValue(v)
 		case strings.HasPrefix(v, "AccountKey"):
 			key = getValue(v)
+		case strings.HasPrefix(v, "SharedAccessSignature"):
+			sas = getValue(v)
 		case strings.HasPrefix(v, "EndpointSuffix"):
 			endpointSuffix = getValue(v)
 		case endpointType == BlobEndpoint && strings.HasPrefix(v, endpointType.Prefix()):
@@ -176,6 +186,14 @@ func parseAzureStorageConnectionString(connectionString string, endpointType Sto
 		}
 	}
 
+	if sas != "" && endpoint != "" {
+		u, err := url.Parse(fmt.Sprintf("%s?%s", endpoint, sas))
+		if err != nil {
+			return nil, "", "", err
+		}
+		return u, "", "", nil
+	}
+
 	if name == "" || key == "" {
 		return nil, "", "", ErrAzureConnectionStringKeyName
 	}

pkg/scalers/azure/azure_storage_test.go

@@ -22,6 +22,8 @@ var parseConnectionStringTestDataset = []parseConnectionStringTestData{
 	{"DefaultEndpointsProtocol=https;AccountName=testing;AccountKey=key==;EndpointSuffix=core.windows.net;BlobEndpoint=https://blob.net", "testing", "key==", "https://blob.net", BlobEndpoint, false},
 	{"DefaultEndpointsProtocol=https;AccountName=testing;AccountKey=key==;EndpointSuffix=core.windows.net;TableEndpoint=https://table.net", "testing", "key==", "https://table.net", TableEndpoint, false},
 	{"DefaultEndpointsProtocol=https;AccountName=testing;AccountKey=key==;EndpointSuffix=core.windows.net;FileEndpoint=https://file.net", "testing", "key==", "https://file.net", FileEndpoint, false},
+	{"QueueEndpoint=https://queue.net;SharedAccessSignature=sv=2012-02-12&st=2009-02-09&se=2009-02-10&sr=c&sp=r&si=YWJjZGVmZw%3d%3d&sig=dD80ihBh5jfNpymO5Hg1IdiJIEvHcJpCMiCMnN%2fRnbI%3d", "", "", "https://queue.net?sv=2012-02-12&st=2009-02-09&se=2009-02-10&sr=c&sp=r&si=YWJjZGVmZw%3d%3d&sig=dD80ihBh5jfNpymO5Hg1IdiJIEvHcJpCMiCMnN%2fRnbI%3d", QueueEndpoint, false},
+	{"BlobEndpoint=https://blob.net;SharedAccessSignature=sv=2012-02-12&st=2009-02-09&se=2009-02-10&sr=c&sp=r&si=YWJjZGVmZw%3d%3d&sig=dD80ihBh5jfNpymO5Hg1IdiJIEvHcJpCMiCMnN%2fRnbI%3d", "", "", "https://blob.net?sv=2012-02-12&st=2009-02-09&se=2009-02-10&sr=c&sp=r&si=YWJjZGVmZw%3d%3d&sig=dD80ihBh5jfNpymO5Hg1IdiJIEvHcJpCMiCMnN%2fRnbI%3d", BlobEndpoint, false},
 }
 
 func TestParseStorageConnectionString(t *testing.T) {