This is an automated email from the ASF dual-hosted git repository.
kou pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow.git
The following commit(s) were added to refs/heads/main by this push:
new 3c66491846 GH-39318: [C++][FS][Azure] Add workload identity auth
configuration (#39319)
3c66491846 is described below
commit 3c66491846a24f17014b31a22fafdda0229f881a
Author: Thomas Newton <[email protected]>
AuthorDate: Thu Dec 21 00:29:47 2023 +0000
GH-39318: [C++][FS][Azure] Add workload identity auth configuration (#39319)
### Rationale for this change
Workload identity is a useful Azure authentication method.
### What changes are included in this PR?
Implement `AzureOptions::ConfigureWorkloadIdentityCredential`
### Are these changes tested?
Added a simple test initialising a fileystem using
`ConfigureWorkloadIdentityCredential`. This is not the most comprehensive test
but its the same as what we agreed on for
https://github.com/apache/arrow/pull/39263.
### Are there any user-facing changes?
Workload identity authentication is now supported.
* Closes: #39318
Authored-by: Thomas Newton <[email protected]>
Signed-off-by: Sutou Kouhei <[email protected]>
---
cpp/src/arrow/filesystem/azurefs.cc | 7 +++++++
cpp/src/arrow/filesystem/azurefs.h | 2 ++
cpp/src/arrow/filesystem/azurefs_test.cc | 8 +++++++-
3 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/cpp/src/arrow/filesystem/azurefs.cc
b/cpp/src/arrow/filesystem/azurefs.cc
index a9795e40a6..d72ead92ed 100644
--- a/cpp/src/arrow/filesystem/azurefs.cc
+++ b/cpp/src/arrow/filesystem/azurefs.cc
@@ -119,6 +119,13 @@ Status AzureOptions::ConfigureDefaultCredential(const
std::string& account_name)
return Status::OK();
}
+Status AzureOptions::ConfigureWorkloadIdentityCredential(
+ const std::string& account_name) {
+ credential_kind_ = CredentialKind::kTokenCredential;
+ token_credential_ =
std::make_shared<Azure::Identity::WorkloadIdentityCredential>();
+ return Status::OK();
+}
+
Result<std::unique_ptr<Blobs::BlobServiceClient>>
AzureOptions::MakeBlobServiceClient()
const {
switch (credential_kind_) {
diff --git a/cpp/src/arrow/filesystem/azurefs.h
b/cpp/src/arrow/filesystem/azurefs.h
index 0c41c42928..be3ca5ba23 100644
--- a/cpp/src/arrow/filesystem/azurefs.h
+++ b/cpp/src/arrow/filesystem/azurefs.h
@@ -103,6 +103,8 @@ struct ARROW_EXPORT AzureOptions {
Status ConfigureDefaultCredential(const std::string& account_name);
+ Status ConfigureWorkloadIdentityCredential(const std::string& account_name);
+
Status ConfigureAccountKeyCredential(const std::string& account_name,
const std::string& account_key);
diff --git a/cpp/src/arrow/filesystem/azurefs_test.cc
b/cpp/src/arrow/filesystem/azurefs_test.cc
index 53e71f3658..ecf7522b98 100644
--- a/cpp/src/arrow/filesystem/azurefs_test.cc
+++ b/cpp/src/arrow/filesystem/azurefs_test.cc
@@ -275,7 +275,13 @@ class AzureHierarchicalNSEnv : public
AzureEnvImpl<AzureHierarchicalNSEnv> {
TEST(AzureFileSystem, InitializeFilesystemWithDefaultCredential) {
AzureOptions options;
ARROW_EXPECT_OK(options.ConfigureDefaultCredential("dummy-account-name"));
- EXPECT_OK_AND_ASSIGN(auto default_credential_fs,
AzureFileSystem::Make(options));
+ EXPECT_OK_AND_ASSIGN(auto fs, AzureFileSystem::Make(options));
+}
+
+TEST(AzureFileSystem, InitializeFilesystemWithWorkloadIdentityCredential) {
+ AzureOptions options;
+
ARROW_EXPECT_OK(options.ConfigureWorkloadIdentityCredential("dummy-account-name"));
+ EXPECT_OK_AND_ASSIGN(auto fs, AzureFileSystem::Make(options));
}
TEST(AzureFileSystem, OptionsCompare) {
