You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: hadoop-tools/hadoop-azure/src/site/markdown/abfs.md
+22-3Lines changed: 22 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -311,10 +311,11 @@ driven by them.
311
311
312
312
1. With the storage account's authentication secret in the configuration:
313
313
"Shared Key".
314
-
1. Using OAuth 2.0 tokens of one form or another.
315
-
1. Deployed in-Azure with the Azure VMs providing OAuth 2.0 tokens to the application,
314
+
2. Using OAuth 2.0 tokens of one form or another.
315
+
3. Deployed in-Azure with the Azure VMs providing OAuth 2.0 tokens to the application,
316
316
"Managed Instance".
317
-
1. Using Shared Access Signature (SAS) tokens provided by a custom implementation of the SASTokenProvider interface.
317
+
4. Using Shared Access Signature (SAS) tokens provided by a custom implementation of the SASTokenProvider interface.
318
+
2. By directly configuring a fixed Shared Access Signature (SAS) token in the account configuration settings files.
318
319
319
320
What can be changed is what secrets/credentials are used to authenticate the caller.
320
321
@@ -625,6 +626,24 @@ tokens by implementing the SASTokenProvider interface.
625
626
626
627
The declared class must implement `org.apache.hadoop.fs.azurebfs.extensions.SASTokenProvider`.
627
628
629
+
*Note:* When using a token provider implementation that provides a User Delegation SAS Token or Service SAS Token, some operations may be out of scope and may fail.
630
+
631
+
### Fixed Shared Access Signature (SAS) Token
632
+
633
+
A Shared Access Signature Token can be directly configured in the account settings file. This should ideally be used for an Account SAS Token, that can be fixed as a constant for an account.
634
+
```xml
635
+
<property>
636
+
<name>fs.azure.account.auth.type</name>
637
+
<value>SAS</value>
638
+
</property>
639
+
<property>
640
+
<name>fs.azure.sas.fixed.token</name>
641
+
<value>{SAS Token generated or obtained directly from public interfaces}</value>
642
+
<description>Fixed SAS Token directly configured</description>
643
+
</property>
644
+
```
645
+
*Note:* When `fs.azure.sas.token.provider.type` and `fs.azure.fixed.sas.token` are both configured, precedence will be given to the custom token provider implementation.
0 commit comments