build: add user-based managed identity

[hallvictoria]

Introduces support for user-assigned managed identity.

User-assigned Managed Identity
In this case, a ManagedIdentityCredential must be used to create the BlobServiceClient.
User-assigned managed identity is being used if the customer includes the credential and clientId properties. Using a resource id is not supported. Source: Identity-based connections

System-based Managed Identity
In this case, a DefaultAzureCredential is used to create the BlobServiceClient.
System-based managed identity is being used if the customer includes the serviceUri or blobServiceUri connection prefixes. Source: Blob identity-based connections

Updated flow for creating clients:

1. Parse the connection setting and ensure it is not None
2. Determine if system-based managed identity is used
3. Determine if user-assigned managed identity is used
4. Create the blob service client
   a. If the customer has user-assigned MI, create using MI credential
   b. If the customer has system-based MI, create using default credential
   c. If the customer is not using MI, create using the connection string

Validated user-assigned and system-based managed identity in production.

Fixes: https://github.com/Azure/azure-functions-pyfx-planning/issues/740, https://github.com/Azure/azure-functions-pyfx-planning/issues/738?issue=Azure%7Cazure-functions-pyfx-planning%7C744, https://github.com/Azure/azure-functions-pyfx-planning/issues/738?issue=Azure%7Cazure-functions-pyfx-planning%7C745

[Copilot]

Pull Request Overview

Adds support for user-assigned managed identity alongside system-managed and connection-string–based authentication for BlobServiceClient, refactors client creation into a shared utility, and updates tests and Dependabot configuration.

• Introduces validate_connection_setting, using_system_managed_identity, using_user_managed_identity, and get_blob_service_client in utils.py
• Refactors StorageStreamDownloader, ContainerClient, and BlobClient to use the new client factory
• Adds unit tests for the new utility functions and expands Dependabot to monitor additional Python binding packages

Reviewed Changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
azurefunctions-extensions-bindings-blob/tests/test_utils.py	Add tests for connection setting validation and identity detection utilities
azurefunctions-extensions-bindings-blob/tests/test_blobclient.py	Update BlobClientConverter.decode test to assert on the specific ValueError text
azurefunctions-extensions-bindings-blob/azurefunctions/extensions/bindings/blob/utils.py	Implement validate_connection_setting, identity helpers, and get_blob_service_client
azurefunctions-extensions-bindings-blob/azurefunctions/extensions/bindings/blob/storageStreamDownloader.py	Refactor to use the new shared client factory
azurefunctions-extensions-bindings-blob/azurefunctions/extensions/bindings/blob/containerClient.py	Refactor to use the new shared client factory
azurefunctions-extensions-bindings-blob/azurefunctions/extensions/bindings/blob/blobClient.py	Refactor to use the new shared client factory and update inline documentation
.github/dependabot.yml	Expand Dependabot to weekly updates for cosmosdb, eventhub, and servicebus Python extensions

Comments suppressed due to low confidence (2)

azurefunctions-extensions-bindings-blob/tests/test_utils.py:105

• Add unit tests for get_blob_service_client to validate all three authentication paths: user-managed identity, system-managed identity, and connection-string–only, ensuring the correct credential is set on the returned BlobServiceClient.

            self.assertFalse(result)

.github/dependabot.yml:34

• [nitpick] There is some repetition in the Dependabot entries for each binding package. Consider using YAML anchors or a shared include to DRY up the weekly pip update configuration.

  - package-ecosystem: "pip"