#CASBAN6: How to configure Azurite to use DefaultAzureCredential with Docker on macOS
Before we will have a look at the promised facade for uploading files to Azure’s Blob storage, I want to show you how to configure Azurite to use the Microsoft Identity framework with Docker on macOS for local debugging. Using the Identity framework, our local debug environment and the productive rolled out functions will behave the same.
If you have been following along, you should already have Docker Desktop on your machine. If not, install the application from their website.
Get the docker image
The docker image is available in the Docker Hub. You can download it once you have installed Docker Desktop by entering the following command in a Terminal window:
1
docker pull mcr.microsoft.com/azure-storage/azurite
Get a local certificate
To use the AzureDefaultCredential
within Azurite, we need a locally-trusted development certificate. You can either use OpenSSL or mkcert to generate the needed certificate. We will move on with mkcert.
If you have installed other Azure stuff on your Mac before, you probably have already installed Homebrew. If not, follow this link and install it. Once you are ready, install mkcert with the following command:
1
brew install mkcert
Next, create a folder that can be used as a local data store for the Azurite container we will create later. We will also use this folder to store the SSL certificate on our host machine. To create the certificate and its key, run the following commands:
1
2
mkcert -install
mkcert -key-file /Users/{YourLocalFolder}/azurite/127.0.0.1-key.pem -cert-file /Users/{YourLocalFolder}/azurite/127.0.0.1.pem 127.0.0.1
The first command creates the root certificate that is needed for certificate issuance. The second command creates a derived certificate that we can use for Azurite (replace {YourLocalFolder}
with your local path). You can explore more options by typing in mkcert -help
into your Terminal.
Creating the Docker container
Now we have everything in place to finally spin up our Azurite container. To do so, run the following command in your Terminal:
1
docker run -p 10000:10000 -v /Users/{YourLocalFolder}/azurite:/workspace -l /workspace mcr.microsoft.com/azure-storage/azurite azurite-blob --blobHost 0.0.0.0 --oauth basic --cert /workspace/127.0.0.1.pem --key /workspace/127.0.0.1-key.pem
Let’s break down what this does. The docker run -p 10000:10000
portion is to create the container listening to port 10000.
The -v /Users/{YourLocalFolder}/azurite:/workspace
portion creates a virtual directory that can be mapped with the -l /workspace
portion to the workspace folder inside the container. This is very important to make the certificate we created earlier accessible for the container.
The mcr.microsoft.com/azure-storage/azurite
azurite-blob --blobHost 0.0.0.0
portion activates just the Blob storage in Azurite and makes it accessible from the host system.
The --oauth basic
portion activates the usage of the DefaultAzureCredential
but requires the earlier created certificate to actually work. As we mounted our local folder already to the container, we can easily reference the certificate using the virtual directory we assigned earlier in the command: -cert /workspace/127.0.0.1.pem --key /workspace/127.0.0.1-key.pem
Conclusion
It took me some time to figure out all the options and the right configuration on my Mac. The docs are available on GitHub. This post should help to put everything together as fast as possible on macOS.
As always, I hope this post will be helpful for some of you. In the next post, we finally will have a look into the Azure Function facade for handling files in the Azure Blob storage.
Comments powered by Disqus.