Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
AzureConfiguration.png 78.7 kB 3 05-Dec-2023 05:32 krivacsz
png
AzureConfiguration2.png 77.5 kB 3 05-Dec-2023 05:32 krivacsz
png
AzureConfiguration3.png 27.4 kB 3 05-Dec-2023 05:32 Sandor new UI elements
png
AzurePortalAccessKey.png 57.7 kB 2 05-Dec-2023 05:32 Sandor blurred more
png
SAS.png 97.0 kB 1 05-Dec-2023 05:32 Sandor
png
Screen Shot 2017-08-09 at 9.08... 113.4 kB 1 05-Dec-2023 05:32 krivacsz Azure configuration
png
azureRemoteItem.png 57.5 kB 2 05-Dec-2023 05:32 krivacsz
png
azureRemoteItem2.png 53.5 kB 2 05-Dec-2023 05:32 krivacsz
png
azureRemoteItem3.png 20.3 kB 2 05-Dec-2023 05:32 Sandor new UI elements
png
azure_VFS_SAS.png 26.4 kB 1 05-Dec-2023 05:32 Sandor
png
azure_access_control_roles.png 132.8 kB 1 07-Oct-2024 04:38 krivacsz
png
azure_api_permission_blob.png 130.2 kB 1 07-Oct-2024 04:17 krivacsz
png
azure_blob.png 74.0 kB 3 05-Dec-2023 05:32 krivacsz
png
azure_blob3.png 29.6 kB 4 05-Dec-2023 05:32 Sandor new UI elements
png
azure_blobRemoteItem.png 21.5 kB 4 05-Dec-2023 05:32 Sandor new UI elements
png
azure_refresh_token_form.png 48.4 kB 1 07-Oct-2024 04:50 krivacsz
png
azure_user_impersonation.png 152.5 kB 1 07-Oct-2024 04:17 krivacsz
png
user_delegation_settings.png 94.4 kB 2 07-Oct-2024 04:49 krivacsz

This page (revision-132) was last changed on 07-Oct-2024 05:04 by krivacsz

This page was created on 05-Dec-2023 05:32 by Halmágyi Árpád

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 1 removed one line
__Azure File Shares__\\
At line 2 added one line
__'' General restrictions''__: Azure storage is not a file system, but an object storage. The folder is more like a prefix of the object name. That is why renaming folders is not supported. Folder moves are only possible through copy and deletion.\\
At line 4 changed one line
CrushFTP supports Microsoft Azure Shares as VFS item, it requires a Storage Account and File Services Shares \\
!1. Azure File Share\\
At line 6 changed one line
The url should look like (Replace the * * with your corresponding data!):\\
CrushFTP supports Microsoft Azure Shares as a VFS item, it requires a __Storage Account:__ [https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview]. About Azure file share: [https://learn.microsoft.com/en-us/azure/storage/files/storage-how-to-create-file-share?tabs=azure-portal]\\
At line 8 changed one line
azure://*Storage Account name | User name field*:*Access Key | Password Field*@file.core.windows.net/*File Service Share name*/\\
The URL should look like (Replace the URL with your corresponding data!):\\
At line 10 changed one line
[attachments|AzureConfiguration2.png]\\
{{{
azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@file.core.windows.net/SHARE_NAME/}}}
At line 12 changed one line
Browsing (at Jobs, HomeDirectory plugin ) configuration is different:\\
You can find those on the Azure portal, under __Storage Account__. From the left-side menu select __Access keys__ to reveal them.\\
At line 14 changed 2 lines
There is an input field for the "File Service Share".\\
[attachments|azureRemoteItem2.png]\\
[attachments|AzurePortalAccessKey.png]\\
\\
Then paste them on the appropriate fields in CrushFTP.\\
\\
[attachments|AzureConfiguration3.png]\\
\\
When using “Browse…” in the Jobs interface, or plugin interfaces, the UI is slightly different:\\
\\
There is an input field for the file service share: Share Name \\
[attachments|azureRemoteItem3.png]\\
\\
!2. Azure Blob Container\\
\\
CrushFTP supports __Azure Blobs__([https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction]) as VFS item, it requires a __Storage Account:__ [https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview]. \\
Azure Blob Storage is __not like a normal filesystem__ with folders and deeper levels you can go into.  It's more like S3 where a file’s name contains slashes, which simulate a folder structure but with many limitations when it comes to renaming and truly simulating a normal file system. Folder rename is not supported.\\
\\
The URL should look like this (Replace the URL with your corresponding data!):\\
{{{
azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@blob.core.windows.net/BLOB_CONTAINER_NAME/}}}
\\
[attachments|azure_blob3.png]\\
\\
__Data Lake storage Gen2__: More info on the official website: [https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-introduction].\\
Turn on the flag if the storage type is the data lake. It connects through __Azure Blob Storage REST API__ [https://learn.microsoft.com/en-us/rest/api/storageservices/blob-service-rest-api].\\
(This is not Azure Data Lake Storage Gen2 REST API: [https://learn.microsoft.com/en-us/rest/api/storageservices/data-lake-storage-gen2])\\
\\
When using “Browse…” in the Jobs interface, or plugin interfaces, the UI is slightly different:\\
\\
To specify the blob container use the input field: Share Name \\
[attachments|azure_blobRemoteItem.png]\\
\\
You need to select the blob type (append blob or block blobs - page blobs are not supported) specified when creating the blob on Azure.
!3. SAS token\\
\\
Azure also can delegate access with a shared access signature (SAS) [https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview].\\
In this case, the URL should look like:
{{{
azure://STORAGE_ACCOUNT_NAME:@blob.core.windows.net/BLOB_CONTAINER_NAME/}}}\\
Or
{{{
azure://STORAGE_ACCOUNT_NAME:@file.core.windows.net/SHARE_NAME/}}}\\
\\
[attachments|SAS.png]\\
\\
The __password field should be empty__ and put the SAS token to the "__Shared access signature token__" input field.\\
\\
[attachments|azure_VFS_SAS.png]\\
\\
!4. Authorize access to blobs using Microsoft Entra ID\\
\\
Azure Storage supports using Microsoft Entra ID to authorize requests to blob data. (see more info : [https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory])\\
\\
You will start at the Microsoft Azure portal:\\
[https://azure.microsoft.com/en-us/features/azure-portal/]\\
\\
__Application registration: __Go to the App registrations and click on New registration:\\
\\
[attachments|SMTP Microsoft Graph XOAUTH 2 Integration/new_registration.png]\\
\\
Name it. Select the Microsoft account types. The redirect URL must end with "__register_microsoft_graph_api/__". Then click on register.\\
\\
{{{
http://localhost:9090/register_microsoft_graph_api/
}}}
\\
[attachments|SMTP Microsoft Graph XOAUTH 2 Integration/register_app.png]\\
\\
Under the redirect URL configuration enable the __Access Token__ to be issued by the authorization endpoint:\\
\\
[attachments|SMTP Microsoft Graph XOAUTH 2 Integration/enable_access_token.png]\\
\\
Configure the API permissions:\\
\\
[attachments|azure_api_permission_blob.png]\\
\\
[attachments|azure_user_impersonation.png]\\
\\
On your __Storage Account__ at __Access Control (IAM)__ assign the role "__Storage Account Contributor__" and "__Storage Blob Data Contributor__" to the specified user.\\
\\
__Restriction:__ It only works with blob storage.\\
\\
[attachments|azure_access_control_roles.png]\\
\\
Access the user's VFS settings and configure the Refresh Token for the remote Azure connection. At __User Delegation Settings__ click the "__Get Refresh Token__" button.\\
\\
[attachments|azure_refresh_token_form.png]\\
\\
\\
__Client id : __ You can find it at Azure portal -> App Registration -> Overview:\\
\\
[attachments|SharePoint Integration/client_id.png]\\
\\
__Secret key:__ A new client secret also needs to be created. Go to the "__Certificate & secrets__" and generate a new secret key. Click on New client secret.\\
\\
[attachments|SharePoint Integration/new_secret.png]\\
\\
[attachments|SharePoint Integration/secret_value.png]\\
\\
Sign in as the specified Microsoft user grant access, and obtain the refresh token.\\
\\
[attachments|user_delegation_settings.png]\\
\\
__!!!__Provide the storage account name as the "User name" input field.\\
\\
To get a newly created SAS token for your storage, you need to run the following job example: [CrushTaskExample18]\\
\\
Version Date Modified Size Author Changes ... Change note
132 07-Oct-2024 05:04 6.006 kB krivacsz to previous
131 07-Oct-2024 05:04 6.005 kB krivacsz to previous | to last
130 07-Oct-2024 05:04 6.006 kB krivacsz to previous | to last
129 07-Oct-2024 05:01 5.87 kB krivacsz to previous | to last
128 07-Oct-2024 04:59 5.852 kB krivacsz to previous | to last
127 07-Oct-2024 04:57 5.748 kB krivacsz to previous | to last
126 07-Oct-2024 04:56 5.698 kB krivacsz to previous | to last
125 07-Oct-2024 04:54 5.602 kB krivacsz to previous | to last
124 07-Oct-2024 04:50 5.167 kB krivacsz to previous | to last
123 07-Oct-2024 04:47 5.12 kB krivacsz to previous | to last
122 07-Oct-2024 04:47 5.118 kB krivacsz to previous | to last
121 07-Oct-2024 04:45 5.045 kB krivacsz to previous | to last
« This page (revision-132) was last changed on 07-Oct-2024 05:04 by krivacsz
G’day (anonymous guest)
CrushFTP11 | What's New

Referenced by
LeftMenu
VFS Protocols

JSPWiki