openshift-docs/modules/zero-trust-manager-verify-blob-access.adoc

// Module included in the following assemblies:
//
// * security/zero_trust_workload_identity_manageer/zero-trust-manager-oidc-federation.adoc


:_mod-docs-content-type: PROCEDURE
[id="zero-trust-manager-verify-blob-access_{context}"]
= Verifying that the application workload can access the content in the Azure Blob Storage

You can check if the application workload can access the {azure-short} Blob Storage.

.Prerequisites

* An Azure Blob Storage has been created.

.Procedure

. Retrieve a JWT token from the SPIFFE Workload API by running the following command:
+
[source,terminal]
----
$ oc rsh -n $APP_NAMESPACE deployment/$APP_NAME
----

. Create and export an environment variable named `TOKEN` by running the following command:
+
[source,terminal]
----
$ export TOKEN=$(/opt/app-root/src/get-spiffe-token.py --audience=$AZURE_AUDIENCE)
----

. Log in to {azure-short} CLI included within the pod by running the following command:
+
[source,terminal]
----
$ az login --service-principal \
  -t ${AZURE_TENANT_ID} \
  -u ${AZURE_CLIENT_ID} \
  --federated-token ${TOKEN}
----

. Create a new file with the application workload pod and upload the file to the Blob Storage by running the following command:
+
[source,terminal]
----
$ echo “Hello from OpenShift” > openshift-spire-federated-identities.txt
----

. Upload a file to the {azure-short} Blog Storage by running the following command:
+
[source,terminal]
----
$ az storage blob upload \
  --account-name ${BLOB_STORE_ACCOUNT} \
  --container-name ${BLOB_STORE_CONTAINER} \
  --name openshift-spire-federated-identities.txt \
  --file openshift-spire-federated-identities.txt \
  --auth-mode login
----

.Verification
* Confirm the file uploaded successfully by listing the files contained by running the following command:
+
[source,terminal]
----
$ az storage blob list \
  --account-name ${BLOB_STORE_ACCOUNT} \
  --container-name ${BLOB_STORE_CONTAINER} \
  --auth-mode login \
  -o table
----