Class: Makit::Azure::BlobStorage

Inherits:

Object

• Object
• Makit::Azure::BlobStorage

Defined in:

lib/makit/azure/blob_storage.rb

Class Method Summary

• .delete_blobs(path) ⇒ Object

  Delete all blobs in a storage path.

• .list_blobs(path) ⇒ Array<String>

  List blobs in a storage path.

• .retrieve_from_key_vault(key) ⇒ String^?

  Retrieve a secret from Azure Key Vault Only attempts retrieval if Azure CLI is authenticated (az login has been performed).

• .static_website_endpoint ⇒ String

  Get static website endpoint URL for the storage account.

• .storage_account ⇒ String^?

  Get Azure Storage account from environment variable or Azure Key Vault.

• .storage_account_key ⇒ String^?

  Get Azure Storage account key from environment variable or Azure Key Vault.

• .upload_blobs(source, destination) ⇒ Object

  Upload files to Azure Storage.

• .validate_storage_credentials! ⇒ Object

  Validate Azure Storage credentials are set Checks environment variables first, then Azure Key Vault (if az login has been performed).

Class Method Details

.delete_blobs(path) ⇒ Object

Delete all blobs in a storage path

Parameters:

• path (String) —

  The storage path (e.g., ‘$web/apps/portal/v0.1.0’)

# File 'lib/makit/azure/blob_storage.rb', line 91

def self.delete_blobs(path)
  validate_storage_credentials!
  puts "  Deleting existing files in #{path}/".colorize(:yellow)

  cmd = [
    "az storage blob delete-batch",
    "--source '#{path}'",
    "--account-name #{storage_account}",
    "--account-key '#{storage_account_key}'",
    "--pattern '*'",
    "2>/dev/null",
  ].join(" ")

  system(cmd)
  # Don't fail if path doesn't exist (first deployment)
  true
end

.list_blobs(path) ⇒ Array<String>

List blobs in a storage path

Parameters:

• path (String) —

  The storage path (e.g., ‘$web’ or ‘$web/apps/portal’)

Returns:

• (Array<String>) —

  Array of blob names/paths (immediate children only, flat listing)

# File 'lib/makit/azure/blob_storage.rb', line 163

def self.list_blobs(path)
  validate_storage_credentials!

  # Parse path to extract container name and prefix
  # Path format: "container" or "container/prefix/path"
  path_parts = path.split("/", 2)
  container_name = path_parts[0]
  prefix = path_parts[1] || ""

  # Build Azure CLI command
  cmd_parts = [
    "az storage blob list",
    "--container-name '#{container_name}'",
    "--account-name #{storage_account}",
    "--account-key '#{storage_account_key}'",
    "--output json",
    "--query '[].name'",
    "2>/dev/null",
  ]

  # Add prefix if specified
  unless prefix.empty?
    cmd_parts.insert(4, "--prefix '#{prefix}/'")
  end

  cmd = cmd_parts.join(" ")

  # Execute command and capture output
  output = `#{cmd}`.strip
  exit_code = $?.exitstatus

  # Handle command failure
  # Check exit code - non-zero indicates command failure
  if exit_code != 0
    raise "Failed to list blobs from Azure Storage"
  end

  # Parse JSON output
  begin
    require "json"
    # Empty string is not valid JSON and indicates command failure
    # Valid empty result from Azure CLI would be "[]", not ""
    if output.empty?
      raise "Failed to list blobs from Azure Storage"
    end
    blob_data = JSON.parse(output)
  rescue JSON::ParserError => e
    # Invalid JSON indicates parsing failure
    raise "Failed to parse Azure CLI output: #{e.message}"
  end

  # Return empty array if no blobs found
  return [] if blob_data.nil? || blob_data.empty?

  # Extract blob names from JSON array
  # JSON format from Azure CLI: [{"name":"path/to/blob"}, ...] or ["name1", "name2", ...]
  blob_names = if blob_data.first.is_a?(Hash)
                blob_data.map { |item| item["name"] }
              else
                blob_data
              end

  # Filter to get only immediate children (flat listing)
  prefix_with_slash = prefix.empty? ? "" : "#{prefix}/"
  immediate_children = []

  blob_names.each do |blob_name|
    # Remove prefix if specified to get relative path
    relative_path = if prefix_with_slash.empty?
                      blob_name
                    else
                      # Remove prefix from blob name
                      blob_name.sub(/^#{Regexp.escape(prefix_with_slash)}/, "")
                    end

    # Get only immediate children (first level after prefix)
    # Split by '/' and take first part, but preserve trailing slash if present
    parts = relative_path.split("/", 2)
    first_part = parts[0]
    
    # If the original blob_name had a trailing slash or ends with "/", preserve it
    # Check if this is a directory (ends with /) in the original name
    is_directory = blob_name.end_with?("/") || (parts.length > 1 && relative_path.end_with?("/"))
    first_part += "/" if is_directory && !first_part.end_with?("/")

    # Add to results if not already included (avoid duplicates)
    immediate_children << first_part unless immediate_children.include?(first_part)
  end

  immediate_children
end

.retrieve_from_key_vault(key) ⇒ String^?

Retrieve a secret from Azure Key Vault Only attempts retrieval if Azure CLI is authenticated (az login has been performed)

Parameters:

• key (String) —

  The secret key name (e.g., “AZURE_STORAGE_ACCOUNT”)

Returns:

• (String, nil) —

  The secret value, or nil if not found or Azure CLI not authenticated

# File 'lib/makit/azure/blob_storage.rb', line 31

def self.retrieve_from_key_vault(key)
  # Check if Azure Key Vault is configured
  keyvault_name = ENV["AZURE_KEYVAULT_NAME"]
  return nil unless keyvault_name && !keyvault_name.empty?
  
  # Check if Azure CLI is authenticated
  require_relative "../secrets/azure_key_vault"
  return nil unless Makit::Secrets::AzureKeyVault.azure_cli_authenticated?
  
  # Try to retrieve from Key Vault
  begin
    require_relative "../secrets/azure_secrets"
    azure_secrets = Makit::Secrets::AzureSecrets.new(keyvault_name: keyvault_name)
    value = azure_secrets.get(key)
    return value if value && !value.empty?
  rescue => e
    # Silently fail - Key Vault retrieval is optional
    # This allows the code to work without Key Vault if env vars are set
  end
  
  nil
end

.static_website_endpoint ⇒ String

Get static website endpoint URL for the storage account

Returns:

• (String) —

  The static website endpoint URL (e.g., ‘louparslow.z22.web.core.windows.net’)

# File 'lib/makit/azure/blob_storage.rb', line 137

def self.static_website_endpoint
  validate_storage_credentials!

  unless Cli.available?
    # Fallback if Azure CLI not available
    return "https://#{storage_account}.z22.web.core.windows.net"
  end

  # Try to get the static website endpoint from Azure
  cmd = "az storage account show --name #{storage_account} --query 'primaryEndpoints.web' --output tsv 2>/dev/null"
  endpoint = `#{cmd}`.strip

  if endpoint.nil? || endpoint.empty?
    # Fallback: construct URL from storage account name
    # This assumes the standard format, but may not work for all storage accounts
    endpoint = "https://#{storage_account}.z22.web.core.windows.net"
    puts "  Warning: Could not retrieve static website endpoint, using default format".colorize(:yellow)
  end

  # Remove trailing slash if present
  endpoint.chomp("/")
end

.storage_account ⇒ String^?

Get Azure Storage account from environment variable or Azure Key Vault

Returns:

• (String, nil) —

  The storage account name, or nil if not found

# File 'lib/makit/azure/blob_storage.rb', line 9

def self.storage_account
  # First try environment variable
  return ENV["AZURE_STORAGE_ACCOUNT"] if ENV["AZURE_STORAGE_ACCOUNT"] && !ENV["AZURE_STORAGE_ACCOUNT"].empty?
  
  # Fall back to Azure Key Vault if available (requires az login)
  retrieve_from_key_vault("AZURE_STORAGE_ACCOUNT")
end

.storage_account_key ⇒ String^?

Get Azure Storage account key from environment variable or Azure Key Vault

Returns:

• (String, nil) —

  The storage account key, or nil if not found

# File 'lib/makit/azure/blob_storage.rb', line 19

def self.storage_account_key
  # First try environment variable
  return ENV["AZURE_STORAGE_ACCOUNT_KEY"] if ENV["AZURE_STORAGE_ACCOUNT_KEY"] && !ENV["AZURE_STORAGE_ACCOUNT_KEY"].empty?
  
  # Fall back to Azure Key Vault if available (requires az login)
  retrieve_from_key_vault("AZURE_STORAGE_ACCOUNT_KEY")
end

.upload_blobs(source, destination) ⇒ Object

Upload files to Azure Storage

Parameters:

• source (String) —

  Local directory to upload from

• destination (String) —

  Storage path destination (e.g., ‘$web/apps/portal/v0.1.0’)

# File 'lib/makit/azure/blob_storage.rb', line 112

def self.upload_blobs(source, destination)
  validate_storage_credentials!
  puts "  Uploading files from #{source} to #{destination}/".colorize(:green)

  unless Dir.exist?(source)
    raise "Source directory does not exist: #{source}"
  end

  cmd = [
    "az storage blob upload-batch",
    "--destination '#{destination}'",
    "--source #{source}",
    "--account-name #{storage_account}",
    "--account-key '#{storage_account_key}'",
    "--overwrite",
  ].join(" ")

  unless system(cmd)
    raise "Failed to upload blobs to Azure Storage"
  end
  true
end

.validate_storage_credentials! ⇒ Object

Validate Azure Storage credentials are set Checks environment variables first, then Azure Key Vault (if az login has been performed)

# File 'lib/makit/azure/blob_storage.rb', line 56

def self.validate_storage_credentials!
  account = storage_account
  key = storage_account_key
  
  if account.nil? || account.empty?
    error_msg = "AZURE_STORAGE_ACCOUNT is not set"
    # Provide helpful message about Key Vault fallback
    if ENV["AZURE_KEYVAULT_NAME"] && !ENV["AZURE_KEYVAULT_NAME"].empty?
      require_relative "../secrets/azure_key_vault"
      if Makit::Secrets::AzureKeyVault.azure_cli_authenticated?
        error_msg += " (checked environment variables and Azure Key Vault '#{ENV["AZURE_KEYVAULT_NAME"]}')"
      else
        error_msg += " (Azure Key Vault available but 'az login' not performed)"
      end
    end
    raise error_msg
  end
  
  if key.nil? || key.empty?
    error_msg = "AZURE_STORAGE_ACCOUNT_KEY is not set"
    # Provide helpful message about Key Vault fallback
    if ENV["AZURE_KEYVAULT_NAME"] && !ENV["AZURE_KEYVAULT_NAME"].empty?
      require_relative "../secrets/azure_key_vault"
      if Makit::Secrets::AzureKeyVault.azure_cli_authenticated?
        error_msg += " (checked environment variables and Azure Key Vault '#{ENV["AZURE_KEYVAULT_NAME"]}')"
      else
        error_msg += " (Azure Key Vault available but 'az login' not performed)"
      end
    end
    raise error_msg
  end
end