HADOOP-19736: ABFS. Support for new auth type: User-bound SAS #8051

manika137 · 2025-10-24T09:44:13Z

Description of PR

JIRA: https://issues.apache.org/jira/browse/HADOOP-19736
Adding support for new authentication type: user bound SAS

How was this patch tested?

Test suite will be run for the patch

hadoop-yetus · 2025-10-24T11:45:35Z

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	20m 52s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 0s		codespell was not available.
+0 🆗	detsecrets	0m 0s		detect-secrets was not available.
+0 🆗	markdownlint	0m 0s		markdownlint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s		The patch appears to include 5 new or modified test files.
			_ trunk Compile Tests _
+1 💚	mvninstall	34m 38s		trunk passed
+1 💚	compile	0m 44s		trunk passed with JDK Ubuntu-21.0.7+6-Ubuntu-0ubuntu120.04
+1 💚	compile	0m 45s		trunk passed with JDK Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04
+1 💚	checkstyle	0m 34s		trunk passed
+1 💚	mvnsite	0m 50s		trunk passed
+1 💚	javadoc	0m 45s		trunk passed with JDK Ubuntu-21.0.7+6-Ubuntu-0ubuntu120.04
+1 💚	javadoc	0m 37s		trunk passed with JDK Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04
-1 ❌	spotbugs	1m 23s	/branch-spotbugs-hadoop-tools_hadoop-azure-warnings.html	hadoop-tools/hadoop-azure in trunk has 178 extant spotbugs warnings.
+1 💚	shadedclient	26m 16s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
-1 ❌	mvninstall	0m 34s	/patch-mvninstall-hadoop-tools_hadoop-azure.txt	hadoop-azure in the patch failed.
-1 ❌	compile	0m 35s	/patch-compile-hadoop-tools_hadoop-azure-jdkUbuntu-21.0.7+6-Ubuntu-0ubuntu120.04.txt	hadoop-azure in the patch failed with JDK Ubuntu-21.0.7+6-Ubuntu-0ubuntu120.04.
-1 ❌	javac	0m 35s	/patch-compile-hadoop-tools_hadoop-azure-jdkUbuntu-21.0.7+6-Ubuntu-0ubuntu120.04.txt	hadoop-azure in the patch failed with JDK Ubuntu-21.0.7+6-Ubuntu-0ubuntu120.04.
-1 ❌	compile	0m 35s	/patch-compile-hadoop-tools_hadoop-azure-jdkUbuntu-17.0.15+6-Ubuntu-0ubuntu120.04.txt	hadoop-azure in the patch failed with JDK Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04.
-1 ❌	javac	0m 35s	/patch-compile-hadoop-tools_hadoop-azure-jdkUbuntu-17.0.15+6-Ubuntu-0ubuntu120.04.txt	hadoop-azure in the patch failed with JDK Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04.
-1 ❌	blanks	0m 0s	/blanks-eol.txt	The patch has 3 line(s) that end in blanks. Use git apply --whitespace=fix <<patch_file>>. Refer https://git-scm.com/docs/git-apply
-0 ⚠️	checkstyle	0m 22s	/results-checkstyle-hadoop-tools_hadoop-azure.txt	hadoop-tools/hadoop-azure: The patch generated 36 new + 4 unchanged - 0 fixed = 40 total (was 4)
-1 ❌	mvnsite	0m 37s	/patch-mvnsite-hadoop-tools_hadoop-azure.txt	hadoop-azure in the patch failed.
-1 ❌	javadoc	0m 32s	/results-javadoc-javadoc-hadoop-tools_hadoop-azure-jdkUbuntu-21.0.7+6-Ubuntu-0ubuntu120.04.txt	hadoop-tools_hadoop-azure-jdkUbuntu-21.0.7+6-Ubuntu-0ubuntu120.04 with JDK Ubuntu-21.0.7+6-Ubuntu-0ubuntu120.04 generated 2 new + 1472 unchanged - 0 fixed = 1474 total (was 1472)
-1 ❌	javadoc	0m 30s	/results-javadoc-javadoc-hadoop-tools_hadoop-azure-jdkUbuntu-17.0.15+6-Ubuntu-0ubuntu120.04.txt	hadoop-tools_hadoop-azure-jdkUbuntu-17.0.15+6-Ubuntu-0ubuntu120.04 with JDK Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04 generated 2 new + 1413 unchanged - 0 fixed = 1415 total (was 1413)
-1 ❌	spotbugs	0m 34s	/patch-spotbugs-hadoop-tools_hadoop-azure.txt	hadoop-azure in the patch failed.
+1 💚	shadedclient	29m 4s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
-1 ❌	unit	0m 41s	/patch-unit-hadoop-tools_hadoop-azure.txt	hadoop-azure in the patch failed.
+1 💚	asflicense	0m 34s		The patch does not generate ASF License warnings.
		119m 57s

Subsystem	Report/Notes
Docker	ClientAPI=1.51 ServerAPI=1.51 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8051/1/artifact/out/Dockerfile
GITHUB PR	#8051
JIRA Issue	HADOOP-19736
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell detsecrets markdownlint
uname	Linux 88abe69cd96c 5.15.0-156-generic #166-Ubuntu SMP Sat Aug 9 00:02:46 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / `05b52e4`
Default Java	Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04
Multi-JDK versions	/usr/lib/jvm/java-21-openjdk-amd64:Ubuntu-21.0.7+6-Ubuntu-0ubuntu120.04 /usr/lib/jvm/java-17-openjdk-amd64:Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8051/1/testReport/
Max. process+thread count	779 (vs. ulimit of 5500)
modules	C: hadoop-tools/hadoop-azure U: hadoop-tools/hadoop-azure
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8051/1/console
versions	git=2.25.1 maven=3.9.11 spotbugs=4.9.7
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

hadoop-yetus · 2025-10-28T03:40:12Z

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 0s		Docker mode activated.
-1 ❌	docker	4m 52s		Docker failed to build run-specific yetus/hadoop:tp-4947}.

Subsystem	Report/Notes
GITHUB PR	#8051
JIRA Issue	HADOOP-19736
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8051/2/console
versions	git=2.34.1
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

hadoop-yetus · 2025-10-28T04:12:47Z

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 0s		Docker mode activated.
-1 ❌	docker	6m 57s		Docker failed to build run-specific yetus/hadoop:tp-29291}.

Subsystem	Report/Notes
GITHUB PR	#8051
JIRA Issue	HADOOP-19736
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8051/3/console
versions	git=2.34.1
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

hadoop-yetus · 2025-10-28T05:32:27Z

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 0s		Docker mode activated.
-1 ❌	docker	6m 5s		Docker failed to build run-specific yetus/hadoop:tp-27223}.

Subsystem	Report/Notes
GITHUB PR	#8051
JIRA Issue	HADOOP-19736
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8051/4/console
versions	git=2.34.1
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

bhattmanish98 · 2025-10-29T11:08:21Z

...ls/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/constants/AbfsHttpConstants.java

    AUG_03_2023("2023-08-03"),
-    NOV_04_2024("2024-11-04");
+    NOV_04_2024("2024-11-04"),
+    JULY_05_2025("2025-07-05");


We should follow the same format: JUL_05_2025, what do you think?

bhattmanish98 · 2025-10-29T11:11:25Z

...ols/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/services/AbfsClientHandler.java

        abfsClientContext);
  }

+  public AbfsClientHandler(final URL baseUrl,


Java doc missing for the constructor

bhattmanish98 · 2025-10-29T11:11:38Z

hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/services/AbfsClient.java

    this.sasTokenProvider = sasTokenProvider;
  }

+  public AbfsClient(final URL baseUrl,


Java doc missing

bhattmanish98 · 2025-10-29T11:25:32Z

...p-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/services/AbfsDfsClient.java

        encryptionContextProvider, abfsClientContext, AbfsServiceType.DFS);
  }

+  public AbfsDfsClient(final URL baseUrl,


Java doc missing

bhattmanish98 · 2025-10-29T11:26:33Z

...ols/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/services/AbfsRestOperation.java

+      case UserboundSASWithOAuth:
+        httpOperation.setRequestProperty(HttpHeaderConfigurations.AUTHORIZATION,
+            client.getAccessToken());
+        httpOperation.setMaskForSAS(); //mask sig/oid from url for logs


Typo: *sign

bhattmanish98 · 2025-10-29T11:32:40Z

...tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/AzureBlobFileSystemStore.java

+          tokenProvider, sasTokenProvider, encryptionContextProvider,
+          populateAbfsClientContext());
+    }
+    else if (tokenProvider != null) {


same as above

bhattmanish98 · 2025-10-29T11:33:07Z

...tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/AzureBlobFileSystemStore.java


    LOG.trace("Initializing AbfsClient for {}", baseUrl);
-    if (tokenProvider != null) {
+    if(tokenProvider != null && sasTokenProvider != null){


Space between if and (

bhattmanish98 · 2025-10-29T11:34:21Z

hadoop-tools/hadoop-azure/src/site/markdown/index.md

 3. Deployed in-Azure with the Azure VMs providing OAuth 2.0 tokens to the application, "Managed Instance".
 4. Using Shared Access Signature (SAS) tokens provided by a custom implementation of the SASTokenProvider interface.
 5. By directly configuring a fixed Shared Access Signature (SAS) token in the account configuration settings files.
+6. Using user-bound SAS auth type, which is requires OAuth 2.0 setup (point 2 above) and SAS setup (point 4 above)


Grammatical mistake: which requires or which is required?

bhattmanish98 · 2025-10-29T11:35:39Z

...adoop-azure/src/test/java/org/apache/hadoop/fs/azurebfs/constants/TestConfigurationKeys.java


  public static final String FS_AZURE_TEST_APP_SERVICE_PRINCIPAL_OBJECT_ID = "fs.azure.test.app.service.principal.object.id";

+  public static final String FS_AZURE_END_USER_TENANT_ID = "fs.azure.test.end.user.tenant.id";


Rename the variable to FS_AZURE_TEST_END_USER_TENANT_ID

bhattmanish98 · 2025-10-29T11:35:48Z

...adoop-azure/src/test/java/org/apache/hadoop/fs/azurebfs/constants/TestConfigurationKeys.java

  public static final String FS_AZURE_TEST_APP_SERVICE_PRINCIPAL_OBJECT_ID = "fs.azure.test.app.service.principal.object.id";

+  public static final String FS_AZURE_END_USER_TENANT_ID = "fs.azure.test.end.user.tenant.id";
+  public static final String FS_AZURE_END_USER_OBJECT_ID = "fs.azure.test.end.user.object.id";


same as above

user-bound SAS

05b52e4

github-actions bot added trunk TOOLS ABFS labels Oct 24, 2025

manika137 marked this pull request as draft October 27, 2025 15:26

manika137 added 2 commits October 27, 2025 20:25

Merge branch 'trunk' into HADOOP-19736_UBS

fc9251f

UBS code changes

4c181df

UDS compatible

0411d9b

missed class added

a33f682

bhattmanish98 reviewed Oct 29, 2025

View reviewed changes


		public static final String FS_AZURE_TEST_APP_SERVICE_PRINCIPAL_OBJECT_ID = "fs.azure.test.app.service.principal.object.id";

		public static final String FS_AZURE_END_USER_TENANT_ID = "fs.azure.test.end.user.tenant.id";

HADOOP-19736: ABFS. Support for new auth type: User-bound SAS #8051

Are you sure you want to change the base?

HADOOP-19736: ABFS. Support for new auth type: User-bound SAS #8051

Conversation

manika137 commented Oct 24, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description of PR

How was this patch tested?

Uh oh!

hadoop-yetus commented Oct 24, 2025

Uh oh!

hadoop-yetus commented Oct 28, 2025

Uh oh!

hadoop-yetus commented Oct 28, 2025

Uh oh!

hadoop-yetus commented Oct 28, 2025

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

manika137 commented Oct 24, 2025 •

edited

Loading