From cc0b8182e55a6fa1ede4db1a2ed22bde5f5e4c83 Mon Sep 17 00:00:00 2001
From: Matej Kompanek <mkompanek@genetec.com>
Date: Fri, 12 Sep 2025 15:31:10 +0200
Subject: [PATCH 1/2] azure storage: adding default credential option

---
 CMakeLists.txt                      | 1 +
 src/CMakeLists.txt                  | 8 ++++++++
 src/filesystem/implementations/as.h | 9 +++++++++
 3 files changed, 18 insertions(+)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index ab55276b8..57d96654a 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -286,6 +286,7 @@ if(NOT TRITON_CORE_HEADERS_ONLY)
       -Dazure-storage-blobs-cpp_DIR:PATH=${TRITON_THIRD_PARTY_INSTALL_PREFIX}/azure-sdk/share/azure-storage-blobs-cpp
       -Dazure-storage-common-cpp_DIR:PATH=${TRITON_THIRD_PARTY_INSTALL_PREFIX}/azure-sdk/share/azure-storage-common-cpp
       -Dazure-core-cpp_DIR:PATH=${TRITON_THIRD_PARTY_INSTALL_PREFIX}/azure-sdk/share/azure-core-cpp
+      -Dazure-identity-cpp_DIR:PATH=${TRITON_THIRD_PARTY_INSTALL_PREFIX}/azure-sdk/share/azure-identity-cpp
     )
   endif() # TRITON_ENABLE_AZURE_STORAGE
   if(${TRITON_ENABLE_METRICS})
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 6a0967036..5eea9c072 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -104,6 +104,8 @@ endif()
 if(${TRITON_ENABLE_AZURE_STORAGE})
   find_package(azure-storage-blobs-cpp CONFIG REQUIRED)
   message(STATUS "Using Azure storage blobs ${azure-storage-blobs-cpp_VERSION}")
+  find_package(azure-identity-cpp CONFIG REQUIRED)
+  message(STATUS "Using Azure identity ${azure-identity-cpp_VERSION}")
 endif()
 
 configure_file(libtritonserver.ldscript libtritonserver.ldscript COPYONLY)
@@ -327,6 +329,7 @@ if(${TRITON_ENABLE_AZURE_STORAGE})
   target_include_directories(
     triton-core
     PRIVATE $<TARGET_PROPERTY:Azure::azure-storage-blobs,INTERFACE_INCLUDE_DIRECTORIES>
+    PRIVATE $<TARGET_PROPERTY:Azure::azure-identity,INTERFACE_INCLUDE_DIRECTORIES>
   )
 endif() # TRITON_ENABLE_AZURE_STORAGE
 
@@ -501,6 +504,11 @@ if(${TRITON_ENABLE_AZURE_STORAGE})
     PRIVATE
       Azure::azure-storage-blobs
   )
+  target_link_libraries(
+    triton-core
+    PRIVATE
+      Azure::azure-identity
+  )
 endif() # TRITON_ENABLE_AZURE_STORAGE
 
 if(${TRITON_ENABLE_GPU})
diff --git a/src/filesystem/implementations/as.h b/src/filesystem/implementations/as.h
index fc449475a..fbe8fe0a2 100644
--- a/src/filesystem/implementations/as.h
+++ b/src/filesystem/implementations/as.h
@@ -27,6 +27,7 @@
 
 #include <azure/storage/blobs.hpp>
 #include <azure/storage/common/storage_credential.hpp>
+#include <azure/identity.hpp>
 
 #include "common.h"
 // [WIP] below needed?
@@ -37,6 +38,7 @@ namespace triton { namespace core {
 
 namespace as = Azure::Storage;
 namespace asb = Azure::Storage::Blobs;
+namespace ai = Azure::Identity;
 const std::string AS_URL_PATTERN = "as://([^/]+)/([^/?]+)(?:/([^?]*))?(\\?.*)?";
 
 struct ASCredential {
@@ -152,11 +154,18 @@ ASFileSystem::ASFileSystem(const std::string& path, const ASCredential& as_cred)
     std::string service_url(
         "https://" + account_name + ".blob.core.windows.net");
 
+    auto use_default_env = GetEnvironmentVariableOrDefault(
+      "AZURE_USE_DEFAULT_CREDENTIAL", "0");
+
     if (!as_cred.account_key_.empty()) {
       // Shared Key
       auto cred = std::make_shared<as::StorageSharedKeyCredential>(
           account_name, as_cred.account_key_);
       client_ = std::make_shared<asb::BlobServiceClient>(service_url, cred);
+    } else if (use_default_env == "1" || use_default_env == "true") {
+      // Default Azure Credential (Managed Identity, Environment, VS, CLI, etc)
+      auto cred = std::make_shared<ai::DefaultAzureCredential>();
+      client_ = std::make_shared<asb::BlobServiceClient>(service_url, cred);
     } else {
       client_ = std::make_shared<asb::BlobServiceClient>(service_url);
     }

From f5e744aeb1bc9f65eb0d362c413d2010f7234c0d Mon Sep 17 00:00:00 2001
From: Matej Kompanek <mkompanek@genetec.com>
Date: Tue, 16 Sep 2025 08:33:00 +0200
Subject: [PATCH 2/2] pre-commit: formatting

---
 src/filesystem/implementations/as.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/filesystem/implementations/as.h b/src/filesystem/implementations/as.h
index fbe8fe0a2..fe19ed0ec 100644
--- a/src/filesystem/implementations/as.h
+++ b/src/filesystem/implementations/as.h
@@ -25,9 +25,9 @@
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #pragma once
 
+#include <azure/identity.hpp>
 #include <azure/storage/blobs.hpp>
 #include <azure/storage/common/storage_credential.hpp>
-#include <azure/identity.hpp>
 
 #include "common.h"
 // [WIP] below needed?
@@ -154,8 +154,8 @@ ASFileSystem::ASFileSystem(const std::string& path, const ASCredential& as_cred)
     std::string service_url(
         "https://" + account_name + ".blob.core.windows.net");
 
-    auto use_default_env = GetEnvironmentVariableOrDefault(
-      "AZURE_USE_DEFAULT_CREDENTIAL", "0");
+    auto use_default_env =
+        GetEnvironmentVariableOrDefault("AZURE_USE_DEFAULT_CREDENTIAL", "0");
 
     if (!as_cred.account_key_.empty()) {
       // Shared Key