HADOOP-14844. Remove requirement to specify TenantGuid for MSI Token Provider. Contributed by Atul Sikaria.
This commit is contained in:
parent
c35510a465
commit
a4661850c1
@ -2717,8 +2717,7 @@
|
||||
fs.adl.oauth2.credential, and fs.adl.oauth2.refresh.url.
|
||||
The RefreshToken type requires property fs.adl.oauth2.client.id and
|
||||
fs.adl.oauth2.refresh.token.
|
||||
The MSI type requires properties fs.adl.oauth2.msi.port and
|
||||
fs.adl.oauth2.msi.tenantguid.
|
||||
The MSI type reads optional property fs.adl.oauth2.msi.port, if specified.
|
||||
The DeviceCode type requires property
|
||||
fs.adl.oauth2.devicecode.clientapp.id.
|
||||
The Custom type requires property fs.adl.oauth2.access.token.provider.
|
||||
@ -2762,17 +2761,8 @@
|
||||
<value></value>
|
||||
<description>
|
||||
The localhost port for the MSI token service. This is the port specified
|
||||
when creating the Azure VM.
|
||||
Used by MSI token provider.
|
||||
</description>
|
||||
</property>
|
||||
|
||||
<property>
|
||||
<name>fs.adl.oauth2.msi.tenantguid</name>
|
||||
<value></value>
|
||||
<description>
|
||||
The tenant guid for the Azure AAD tenant under which the azure data lake
|
||||
store account is created.
|
||||
when creating the Azure VM. The default, if this setting is not specified,
|
||||
is 50342.
|
||||
Used by MSI token provider.
|
||||
</description>
|
||||
</property>
|
||||
|
@ -110,7 +110,7 @@
|
||||
<dependency>
|
||||
<groupId>com.microsoft.azure</groupId>
|
||||
<artifactId>azure-data-lake-store-sdk</artifactId>
|
||||
<version>2.2.2</version>
|
||||
<version>2.2.3</version>
|
||||
</dependency>
|
||||
<!-- ENDS HERE-->
|
||||
<dependency>
|
||||
|
@ -56,7 +56,6 @@ public final class AdlConfKeys {
|
||||
|
||||
// MSI Auth Configuration
|
||||
public static final String MSI_PORT = "fs.adl.oauth2.msi.port";
|
||||
public static final String MSI_TENANT_GUID = "fs.adl.oauth2.msi.tenantguid";
|
||||
|
||||
// DeviceCode Auth configuration
|
||||
public static final String DEVICE_CODE_CLIENT_APP_ID =
|
||||
|
@ -290,9 +290,7 @@ private AccessTokenProvider getConfRefreshTokenBasedTokenProvider(
|
||||
|
||||
private AccessTokenProvider getMsiBasedTokenProvider(
|
||||
Configuration conf) throws IOException {
|
||||
int port = Integer.parseInt(getNonEmptyVal(conf, MSI_PORT));
|
||||
String tenantGuid = getPasswordString(conf, MSI_TENANT_GUID);
|
||||
return new MsiTokenProvider(port, tenantGuid);
|
||||
return new MsiTokenProvider(conf.getInt(MSI_PORT, -1));
|
||||
}
|
||||
|
||||
private AccessTokenProvider getDeviceCodeTokenProvider(
|
||||
|
@ -164,15 +164,11 @@ Identity extension within the VM. The advantage of doing this is that the
|
||||
credentials are managed by the extension, and do not have to be put into
|
||||
core-site.xml.
|
||||
|
||||
To use MSI, the following two steps are needed:
|
||||
1. Modify the VM deployment template to specify the port number of the token
|
||||
service exposed to localhost by the identity extension in the VM.
|
||||
2. Get your Azure ActiveDirectory Tenant ID:
|
||||
1. Go to [the portal](https://portal.azure.com)
|
||||
2. Under services in left nav, look for Azure Active Directory and click on it.
|
||||
3. Click on Properties
|
||||
4. Note down the GUID shown under "Directory ID" - this is your AAD tenant ID
|
||||
|
||||
To use MSI, modify the VM deployment template to use the identity extension. Note the
|
||||
port number you specified in the template: this is the port number for the REST endpoint
|
||||
of the token service exposed to localhost by the identity extension in the VM. The default
|
||||
recommended port number is 50342 - if the recommended port number is used, then the msi.port
|
||||
setting below can be omitted in the configuration.
|
||||
|
||||
##### Configure core-site.xml
|
||||
Add the following properties to your `core-site.xml`
|
||||
@ -185,12 +181,7 @@ Add the following properties to your `core-site.xml`
|
||||
|
||||
<property>
|
||||
<name>fs.adl.oauth2.msi.port</name>
|
||||
<value>PORT NUMBER FROM STEP 1 ABOVE</value>
|
||||
</property>
|
||||
|
||||
<property>
|
||||
<name>fs.adl.oauth2.msi.TenantGuid</name>
|
||||
<value>AAD TENANT ID GUID FROM STEP 2 ABOVE</value>
|
||||
<value>PORT NUMBER FROM ABOVE (if different from the default of 50342)</value>
|
||||
</property>
|
||||
```
|
||||
|
||||
|
@ -43,8 +43,6 @@
|
||||
import static org.apache.hadoop.fs.adl.AdlConfKeys
|
||||
.AZURE_AD_TOKEN_PROVIDER_TYPE_KEY;
|
||||
import static org.apache.hadoop.fs.adl.AdlConfKeys.DEVICE_CODE_CLIENT_APP_ID;
|
||||
import static org.apache.hadoop.fs.adl.AdlConfKeys.MSI_PORT;
|
||||
import static org.apache.hadoop.fs.adl.AdlConfKeys.MSI_TENANT_GUID;
|
||||
import static org.apache.hadoop.fs.adl.TokenProviderType.*;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
|
||||
@ -107,8 +105,6 @@ public void testMSITokenProvider()
|
||||
throws IOException, URISyntaxException {
|
||||
Configuration conf = new Configuration();
|
||||
conf.setEnum(AZURE_AD_TOKEN_PROVIDER_TYPE_KEY, MSI);
|
||||
conf.set(MSI_PORT, "54321");
|
||||
conf.set(MSI_TENANT_GUID, "TENANT_GUID");
|
||||
|
||||
URI uri = new URI("adl://localhost:8080");
|
||||
AdlFileSystem fileSystem = new AdlFileSystem();
|
||||
|
Loading…
Reference in New Issue
Block a user