[PR] [pinot-adls] Add SAS token authentication support in ADLSGen2PinotFS [pinot]

Mon, 14 Jul 2025 16:21:38 -0700 


suvodeep-pyne opened a new pull request, #16343:
URL: https://github.com/apache/pinot/pull/16343

   This PR adds support for SAS (Shared Access Signature) token authentication 
in the ADLSGen2PinotFS plugin, providing an additional authentication method 
for Azure Data Lake Storage Gen2.
   
     Changes Made:
     - Enhanced Authentication Options: Added SAS token authentication as a new 
authentication type alongside existing methods (default
     credential, client secret)
     - Configuration Support: Added sasToken configuration property to specify 
the SAS token
     - Added unit tests to verify SAS token authentication functionality and 
error handling
   
   
     Configuration Usage:
   
     To use SAS token authentication, configure the following properties:
   ```
     # Authentication type
     authenticationType=SAS_TOKEN
   
     # Required: SAS token for authentication
     
sasToken=sp=rwdl&se=2025-12-31T23:59:59Z&sv=2022-11-02&sr=c&sig=your-signature-here
   
     # Required: Azure storage account name
     accountName=your-storage-account-name
   
     # Required: File system/container name
     fileSystemName=your-container-name
   
     # Optional: Proxy configuration (if needed)
     proxyHost=proxy.company.com
     proxyPort=8080
     proxyUsername=proxy-user
     proxyPassword=proxy-pass
   ```
     Example SAS Token Format:
   ```
     sp=rwdl&se=2025-12-31T23:59:59Z&sv=2022-11-02&sr=c&sig=abcdef123456...
   ```
   
     Where:
     - sp=rwdl - Permissions (read, write, delete, list)
     - se= - Expiry date/time
     - sv= - API version
     - sr=c - Resource type (container)
     - sig= - Signature
   
     Benefits:
   
     - Simplified Authentication: No need to manage service principal 
credentials or client secrets
     - Fine-grained Access: SAS tokens can be scoped to specific containers and 
operations
     - Time-bound Access: Built-in expiration for enhanced security
     - Corporate Friendly: Easier to integrate with corporate security policies
   
     Validation:
   
     The implementation includes proper validation to ensure required 
parameters (accountName, sasToken) are provided and throws appropriate
     exceptions when missing.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For additional commands, e-mail: commits-h...@pinot.apache.org

Reply via email to