kevinjqliu opened a new issue, #13819: URL: https://github.com/apache/iceberg/issues/13819
### Feature Request / Improvement Similar to #13818 **Description** ADLSFileIO currently relies on DefaultAzureCredential and other implicit authentication flows to obtain Azure credentials. While this works for many cases, there are scenarios where developers want to explicitly provide a service principal’s tenantId, clientId, and clientSecret in configuration, without relying on environment variables, Azure CLI, or managed identity. **Proposed Solution** Add configuration properties ``` adls.tenant-id adls.client-id adls.client-secret ``` note these properties are already used in pyiceberg and iceberg-rust (see https://grep.app/search?q=adls.client-id) When these properties are provided, ADLSFileIO should internally initialize the DataLakeFileSystemClient using ClientSecretCredential from the Azure Identity SDK: ``` TokenCredential credential = new ClientSecretCredentialBuilder() .tenantId(conf.get("adls.tenant-id")) .clientId(conf.get("adls.client-id")) .clientSecret(conf.get("adls.client-secret")) .build(); ``` This credential would then be passed into the DataLakeFileSystemClientBuilder instead of DefaultAzureCredential. ### Query engine None ### Willingness to contribute - [ ] I can contribute this improvement/feature independently - [ ] I would be willing to contribute this improvement/feature with guidance from the Iceberg community - [ ] I cannot contribute this improvement/feature at this time -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For additional commands, e-mail: issues-h...@iceberg.apache.org
