[
https://issues.apache.org/jira/browse/HADOOP-19736?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18036096#comment-18036096
]
ASF GitHub Bot commented on HADOOP-19736:
-----------------------------------------
manika137 commented on code in PR #8051:
URL: https://github.com/apache/hadoop/pull/8051#discussion_r2501828490
##########
hadoop-tools/hadoop-azure/src/test/java/org/apache/hadoop/fs/azurebfs/extensions/MockUserBoundSASTokenProvider.java:
##########
@@ -0,0 +1,166 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.fs.azurebfs.extensions;
+
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.nio.charset.StandardCharsets;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.azurebfs.constants.AbfsHttpConstants;
+import org.apache.hadoop.fs.azurebfs.constants.TestConfigurationKeys;
+import org.apache.hadoop.fs.azurebfs.constants.HttpHeaderConfigurations;
+import org.apache.hadoop.fs.azurebfs.contracts.exceptions.InvalidUriException;
+import org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider;
+import org.apache.hadoop.fs.azurebfs.services.AbfsHttpHeader;
+import org.apache.hadoop.fs.azurebfs.services.AbfsJdkHttpOperation;
+import org.apache.hadoop.fs.azurebfs.utils.Base64;
+import org.apache.hadoop.fs.azurebfs.utils.DelegationSASGenerator;
+import org.apache.hadoop.fs.azurebfs.utils.SASGenerator;
+import org.apache.hadoop.security.AccessControlException;
+
+import static
org.apache.hadoop.fs.azurebfs.constants.FileSystemConfigurations.DEFAULT_HTTP_CONNECTION_TIMEOUT;
+import static
org.apache.hadoop.fs.azurebfs.constants.FileSystemConfigurations.DEFAULT_HTTP_READ_TIMEOUT;
+
+/**
+ * A mock user-bound SAS token provider implementation.
+ */
+
+public class MockUserBoundSASTokenProvider implements SASTokenProvider {
+
+ private DelegationSASGenerator generator;
+
+ public static final String TEST_OWNER =
"325f1619-4205-432f-9fce-3fd594325ce5";
+ public static final String CORRELATION_ID =
"66ff4ffc-ff17-417e-a2a9-45db8c5b0b5c";
+ public static final String NO_AGENT_PATH = "NoAgentPath";
+
+ @Override
+ public void initialize(Configuration configuration, String accountName)
throws IOException {
+ String appID =
configuration.get(TestConfigurationKeys.FS_AZURE_TEST_APP_ID);
+ String appSecret =
configuration.get(TestConfigurationKeys.FS_AZURE_TEST_APP_SECRET);
+ String sktid =
configuration.get(TestConfigurationKeys.FS_AZURE_TEST_APP_SERVICE_PRINCIPAL_TENANT_ID);
+ String skoid =
configuration.get(TestConfigurationKeys.FS_AZURE_TEST_APP_SERVICE_PRINCIPAL_OBJECT_ID);
+ String skt =
SASGenerator.ISO_8601_FORMATTER.format(Instant.now().minus(SASGenerator.FIVE_MINUTES));
+ String ske =
SASGenerator.ISO_8601_FORMATTER.format(Instant.now().plus(SASGenerator.ONE_DAY));
+ String skv = SASGenerator.AuthenticationVersion.July5.toString();
+
+ String skdutid =
configuration.get(TestConfigurationKeys.FS_AZURE_END_USER_TENANT_ID);
+ String sduoid =
configuration.get(TestConfigurationKeys.FS_AZURE_END_USER_OBJECT_ID);
+
+ byte[] key = getUserDelegationKey(accountName, appID, appSecret, sktid,
skt, ske, skv, skdutid);
+
+ generator = new DelegationSASGenerator(key, skoid, sktid, skt, ske, skv,
skdutid, sduoid);
+ }
+
+ // Invokes the AAD v2.0 authentication endpoint with a client credentials
grant to get an
+ // access token. See
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow.
+ private String getAuthorizationHeader(String accountName, String appID,
String appSecret, String sktid) throws IOException {
+ String authEndPoint =
String.format("https://login.microsoftonline.com/%s/oauth2/v2.0/token";, sktid);
+ ClientCredsTokenProvider provider = new
ClientCredsTokenProvider(authEndPoint, appID, appSecret);
+ return "Bearer " + provider.getToken().getAccessToken();
+ }
+
+ private byte[] getUserDelegationKey(String accountName, String appID, String
appSecret,
+ String sktid, String skt, String ske, String skv, String skdutid) throws
IOException {
+
+ String method = "POST";
+ String account = accountName.substring(0,
accountName.indexOf(AbfsHttpConstants.DOT));
+
+ final StringBuilder sb = new StringBuilder(128);
+ sb.append("https://";);
+ sb.append(account);
+
sb.append(".blob.core.windows.net/?restype=service&comp=userdelegationkey");
Review Comment:
Added
> ABFS: Support for new auth type: User-bound SAS
> -----------------------------------------------
>
> Key: HADOOP-19736
> URL: https://issues.apache.org/jira/browse/HADOOP-19736
> Project: Hadoop Common
> Issue Type: Task
> Components: fs/azure
> Affects Versions: 3.4.1, 3.4.2
> Reporter: Manika Joshi
> Assignee: Manika Joshi
> Priority: Major
> Labels: pull-request-available
>
> Adding support for new authentication type: user bound SAS
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
