[
https://issues.apache.org/jira/browse/NIFI-9728?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Isha Lamboo updated NIFI-9728:
------------------------------
Description:
The ADLSCredentialsControllerService has support for the Azure
(system-assigned) managed identity, obtaining access tokens from the local
Azure Instance Metadata service endpoint.
Azure also supports user-assigned Managed Identities that are available through
the same Metadata endpoint by specifying the correct ClientID.
Currently if more than one Managed Identity is available, the Controller
appears to obtain a token from one of them at random(?).
The improvement would be to add a new property "Managed Identity ClientID" and
if not empty, make the ADLSCredentialsControllerService obtain a token for that
specific identity.
If the NIFI-8278 is implemented, a new Authentication Type of "User-assigned
Managed Identity" can control whether to use the ClientID property or obtain
the system-assigned Managed Identity.
was:
The ADLSCredentialsControllerService has support the Azure (system-assigned)
managed identity, obtaining access tokens from the local Azure Instance
Metadata service endpoint.
Azure also supports user-assigned Managed Identities that are available through
the same Metadata endpoint by specifying the correct ClientID.
Currently if more than one Managed Identity is available, the Controller
appears to obtain a token from one of them at random(?).
The improvement would be to add a new property "Managed Identity ClientID" and
if not empty, make the ADLSCredentialsControllerService obtain a token for that
specific identity.
If the NIFI-8278 is implemented, a new Authentication Type of "User-assigned
Managed Identity" can control whether to use the ClientID property or obtain
the system-assigned Managed Identity.
> Add support for Azure user-assigned Managed Identity
> ----------------------------------------------------
>
> Key: NIFI-9728
> URL: https://issues.apache.org/jira/browse/NIFI-9728
> Project: Apache NiFi
> Issue Type: Improvement
> Reporter: Isha Lamboo
> Priority: Major
>
> The ADLSCredentialsControllerService has support for the Azure
> (system-assigned) managed identity, obtaining access tokens from the local
> Azure Instance Metadata service endpoint.
> Azure also supports user-assigned Managed Identities that are available
> through the same Metadata endpoint by specifying the correct ClientID.
> Currently if more than one Managed Identity is available, the Controller
> appears to obtain a token from one of them at random(?).
> The improvement would be to add a new property "Managed Identity ClientID"
> and if not empty, make the ADLSCredentialsControllerService obtain a token
> for that specific identity.
> If the NIFI-8278 is implemented, a new Authentication Type of "User-assigned
> Managed Identity" can control whether to use the ClientID property or obtain
> the system-assigned Managed Identity.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
