Microsoft Azure Blob service principle support

[sunng87]

What problem does the new feature solve?

From our community user

Hello greptime team, I have a follow-up relating to my use of Azure Blob storage as backing store for the greptime metrics. Recall, I previously asked you for Azure blob storage support in the operator. I am trying to get this working now. I found out that the authentication is currently account name and key (even at toml configuration level I think this is true). I want to call your attention to Microsoft service principal authentication - https://learn.microsoft.com/en-us/azure/databricks/connect/storage/aad-storage-service-principal . This is considered more secure because you can set access controls on the service principal, while account key based authentication allows global access. I see vendor recommendations to use service principal approach in production use.

What does the feature do?

Add support for using Azure service principle for object storage access.

This requires upstream opendal support if I understand correctly: apache/opendal#5126

Implementation challenges

No response