'az iot du update import' requires url with SAS token and can't use the RBAC Identity of the DU to access the passed url

[ottovis]

The newer AzureFileCopy@6 uses RBAC to upload a file to a SA and no longer generates a SAS token as output. It is required to use version 6 if you use a Federated Identity (recommended by MS) in ADO Pipelines to interact with our infrastructure. This means that it is not possible to combine the recommended best practices in combination with the az iot du update import command in a pipeline, and thus it does not seem possible to have a ADO Pipeline that uploads some build artifact to a SA and then imports it into a DU.

It would be great if the az iot du update import could use the identity of the DU resource to access the file passed.

[vilit1]

Thank you for the feature request - I will look into this and let you know if this is feasible and when it can be released.

[vilit1]

Unfortunately, ADU service does not support managed identities yet. There are talks of adding this to the ADU service and I will update the thread with the final decision.

For now, please use SAS tokens by following Create a user delegation SAS - Azure Storage | Microsoft Learn