[
https://issues.apache.org/jira/browse/HADOOP-14627?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16124842#comment-16124842
]
Hudson commented on HADOOP-14627:
---------------------------------
SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #12175 (See
[https://builds.apache.org/job/Hadoop-trunk-Commit/12175/])
HADOOP-14627. Support MSI and DeviceCode token provider in ADLS. (jzhuge: rev
7769e9614956283a86eda9e4e69aaa592c0ca960)
* (edit)
hadoop-tools/hadoop-azure-datalake/src/test/java/org/apache/hadoop/fs/adl/TestAzureADTokenProvider.java
* (edit) hadoop-tools/hadoop-azure-datalake/src/site/markdown/index.md
* (edit)
hadoop-tools/hadoop-azure-datalake/src/main/java/org/apache/hadoop/fs/adl/AdlConfKeys.java
* (edit)
hadoop-tools/hadoop-azure-datalake/src/main/java/org/apache/hadoop/fs/adl/AdlFileSystem.java
* (edit)
hadoop-tools/hadoop-azure-datalake/src/main/java/org/apache/hadoop/fs/adl/TokenProviderType.java
* (edit) hadoop-tools/hadoop-azure-datalake/pom.xml
* (edit) hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
> Support MSI and DeviceCode token provider in ADLS
> -------------------------------------------------
>
> Key: HADOOP-14627
> URL: https://issues.apache.org/jira/browse/HADOOP-14627
> Project: Hadoop Common
> Issue Type: Improvement
> Components: fs/adl
> Environment: MSI Change applies only to Hadoop running in an Azure VM
> Reporter: Atul Sikaria
> Assignee: Atul Sikaria
> Fix For: 2.9.0, 3.0.0-beta1, 2.8.3
>
> Attachments: HADOOP-14627-001.patch, HADOOP-14627.002.patch,
> HADOOP-14627.003.patch, HADOOP-14627.004.patch
>
>
> This change is to upgrade the Hadoop ADLS connector to enable new auth
> features exposed by the ADLS Java SDK.
> Specifically:
> MSI Tokens: MSI (Managed Service Identity) is a way to provide an identity to
> an Azure Service. In the case of VMs, they can be used to give an identity to
> a VM deployment. This simplifies managing Service Principals, since the creds
> don’t have to be managed in core-site files anymore. The way this works is
> that during VM deployment, the ARM (Azure Resource Manager) template needs to
> be modified to enable MSI. Once deployed, the MSI extension runs a service on
> the VM that exposes a token endpoint to http://localhost at a port specified
> in the template. The SDK has a new TokenProvider to fetch the token from this
> local endpoint. This change would expose that TokenProvider as an auth option.
> DeviceCode auth: This enables a token to be obtained from an interactive
> login. The user is given a URL and a token to use on the login screen. User
> can use the token to login from any device. Once the login is done, the token
> that is obtained is in the name of the user who logged in. Note that because
> of the interactive login involved, this is not very suitable for job
> scenarios, but can work for ad-hoc scenarios like running “hdfs dfs” commands.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
