I'm not really sure how to test this locally, as my understanding of using Managed Identities is that my code would need to be published as an azure resource and running under that identity to access another azure resource which has given certain permissions to that identity.
In my case I want to test that my web app, when running using the managed identity, can create a stored access policy and then generate a sas against that policy. The basics of the code come from this article. However, as that article states:
The underlying REST operation to create a stored access policy is Set Container ACL. You must authorize the operation to create a stored access policy via Shared Key by using the account access keys in a connection string.
So, firstly if I had my web app running in azure using a managed identity with full permissions on the storage account, would it be able to create access policies? Secondly, how can I test this locally without having to push my web app into azure? Is there a way of testing this using Azurite?
Through my testing it looks like a Managed Identity, even when given 'owner' permissions on the storage account cannot create / remove / update access policies. This needs to be done using StorageSharedKeyCredential, so the container client created would then have the ability to do those activities.