[ https://issues.apache.org/jira/browse/HADOOP-18516?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17843237#comment-17843237 ]
ASF GitHub Bot commented on HADOOP-18516: ----------------------------------------- steveloughran commented on code in PR #6552: URL: https://github.com/apache/hadoop/pull/6552#discussion_r1589326534 ########## hadoop-tools/hadoop-azure/src/site/markdown/abfs.md: ########## @@ -609,21 +610,119 @@ In case delegation token is enabled, and the config `fs.azure.delegation.token ### Shared Access Signature (SAS) Token Provider -A Shared Access Signature (SAS) token provider supplies the ABFS connector with SAS -tokens by implementing the SASTokenProvider interface. - -```xml -<property> - <name>fs.azure.account.auth.type</name> - <value>SAS</value> -</property> -<property> - <name>fs.azure.sas.token.provider.type</name> - <value>{fully-qualified-class-name-for-implementation-of-SASTokenProvider-interface}</value> -</property> -``` - -The declared class must implement `org.apache.hadoop.fs.azurebfs.extensions.SASTokenProvider`. +A shared access signature (SAS) provides secure delegated access to resources in +your storage account. With a SAS, you have granular control over how a client can access your data. +To know more about how SAS Authentication works refer to +[Grant limited access to Azure Storage resources using shared access signatures (SAS)](https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview) + +There are three types of SAS supported by Azure Storage: +- [User Delegation SAS](https://learn.microsoft.com/en-us/rest/api/storageservices/create-user-delegation-sas): Recommended for use with ABFS Driver with HNS Enabled ADLS Gen2 accounts. It is Identify based SAS that works at blob/directory level) Review Comment: this is the last change before we merge... > [ABFS]: Support fixed SAS token config in addition to Custom SASTokenProvider > Implementation > -------------------------------------------------------------------------------------------- > > Key: HADOOP-18516 > URL: https://issues.apache.org/jira/browse/HADOOP-18516 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/azure > Affects Versions: 3.4.0 > Reporter: Sree Bhattacharyya > Assignee: Anuj Modi > Priority: Minor > Labels: pull-request-available > > This PR introduces a new configuration for Fixed SAS Tokens: > *"fs.azure.sas.fixed.token"* > Using this new configuration, users can configure a fixed SAS Token in the > account settings files itself. Ideally, this should be used with SAS Tokens > that are scoped at a container or account level (Service or Account SAS), > which can be considered to be a constant for one account or container, over > multiple operations. > The other method of using a SAS Token remains valid as well, where a user > provides a custom implementation of the SASTokenProvider interface, using > which a SAS Token are obtained. > When an Account SAS Token is configured as the fixed SAS Token, and it is > used, it is ensured that operations are within the scope of the SAS Token. > The code checks for whether the fixed token and the token provider class > implementation are configured. In the case of both being set, preference is > given to the custom SASTokenProvider implementation. It must be noted that if > such an implementation provides a SAS Token which has a lower scope than > Account SAS, some filesystem and service level operations might be out of > scope and may not succeed. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org