Description

As a LokiStack administrator I want to configure LokiStack object storage secret to using Azure Workload Identity Federation service to control access to object storage.

Acceptance Criteria

1. The LokiStack administrator can configure the required parameters (client_id, subscription_id, tenant_id, federated_token_file) for WIF in the Azure object storage secret.
2. The LokiStack adminitrator is required to provide a value for federated_token_file to be mounted as credential_source.file in the Loki containers.

Developer Notes

1. Expand the LokiStack Azure Object Storage Secret Docs to explain on how to use Azure WIF.
2. According Loki's AzureBlobStorageClient implementation the values imported through the Azure Object Storage secret need to be inject to Loki via environment variables because it supports Azure WIF only via a boolean flag use_federated_token set to true:
   1. The field client_id from the Azure Object Storage secret needs to be injected into Loki containers as AZURE_CLIENT_ID
   2. The field tenant_id from the Azure Object Storage secret needs to be injected into Loki containers as AZURE_TENANT_ID
   3. The field federated_token_file from the Azure Object Storage secret needs to be injected into Loki containers as AZURE_FEDERATED_TOKEN_FILE
3. The value of federated_token_file is required to be mounted as projected volume from the object storage secret.