docs: azure_blob: document OAuth authentication support

[zshuang0316]

Add new auth_type values (managed_identity, service_principal, workload_identity) and their required configuration parameters (tenant_id, client_id, client_secret, workload_identity_token_file). Add OAuth authentication section with examples for each method.

Summary by CodeRabbit

• Documentation
  • Expanded Azure Blob authentication to include managed identity, service principal, and workload identity alongside existing key and SAS methods.
  • Documented Azure AD credential parameters (client ID, client secret, tenant ID, workload identity token file path) and when each is required.
  • Added an OAuth authentication section with example configuration snippets and guidance for all supported auth flows.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8ff406af-aa22-4790-a832-c7a10ddfbde4

📥 Commits

Reviewing files that changed from the base of the PR and between a3b339b and 36b91f3.

📒 Files selected for processing (1)

• pipeline/outputs/azure_blob.md

✅ Files skipped from review due to trivial changes (1)

• pipeline/outputs/azure_blob.md

---

📝 Walkthrough

Walkthrough

Documentation for the Azure Blob output plugin adds OAuth-based auth modes (managed_identity, service_principal, workload_identity), new Azure AD config options (client_id, client_secret, tenant_id, workload_identity_token_file), and example Fluent Bit configs for those flows; key/sas docs unchanged.

Changes

Azure Blob Authentication Documentation

Layer / File(s)	Summary
OAuth auth types and config fields pipeline/outputs/azure_blob.md	Expanded auth_type to include managed_identity, service_principal, workload_identity; added Azure AD config keys (client_id, client_secret, tenant_id, workload_identity_token_file); added OAuth Authentication section with example fluent-bit.yaml and fluent-bit.conf. Existing key/sas docs retained.

Sequence Diagram(s)

sequenceDiagram
    participant FluentBit as Fluent Bit (client)
    participant AzureAD as Azure AD (token endpoint)
    participant Blob as Azure Blob Storage
    FluentBit->>AzureAD: Request token (service_principal / managed_identity / workload_identity)
    AzureAD-->>FluentBit: Return OAuth access_token
    FluentBit->>Blob: PUT/POST blob with Authorization: Bearer <token>
    Blob-->>FluentBit: 201/200 OK

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• docs: outputs: azure_blob: fix defaults, add missing params, fix key casing, fix typo #2414 — Modifies the same azure_blob docs and config keys; overlaps on Azure Blob configuration changes.

Suggested labels

5.0

Suggested reviewers

• patrick-stephens
• eschabell

Poem

🐰 I hopped through docs with cheer,

Tokens, clients now appear.
Managed, Principal, Workload too,
Fluent Bit speaks AD anew.
🥕📄

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely summarizes the main change: documenting OAuth authentication support for Azure Blob output plugin.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[eschabell]

@zshuang0316 see comments inline on the files changed that need attention before review will pass.

[eschabell]

@zshuang0316 please return the more clear sentence "Specify the type to authenticate against the service. " here. Shorter is not desirable.

[eschabell]

@zshuang0316 use backticks around Azure AD please.

[eschabell]

@zshuang0316 use backticks around Azure AD.

[eschabell]

@zshuang0316 use backticks around Azure AD.

[eschabell]

@zshuang0316 use backticks around OAuth to get past vale issues here.

[eschabell]

@zshuang0316 use backticks around SAS, Azure Blob, and Zaure AD to get past vale issues here.

[eschabell]

@zshuang0316 use backticks around Azure AD and AKS to get past vale issues here.

[eschabell]

@zshuang0316 looks like you missed this vale issue?

[zshuang0316]

@zshuang0316 see comments inline on the files changed that need attention before review will pass.

Thanks, updated.

[eschabell]

@zshuang0316 just one vale issue was missed in your last round of fixes, tackle this one and we're good to go. Thanks for the docs PR work!

[eschabell]

@zshuang0316 looks like you missed this vale issue?