[
https://issues.apache.org/jira/browse/HADOOP-19660?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18020151#comment-18020151
]
ASF GitHub Bot commented on HADOOP-19660:
-----------------------------------------
kunalmnnit commented on code in PR #7901:
URL: https://github.com/apache/hadoop/pull/7901#discussion_r2347334850
##########
hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/oauth2/WorkloadIdentityTokenProvider.java:
##########
@@ -38,11 +38,72 @@ public class WorkloadIdentityTokenProvider extends
AccessTokenProvider {
private static final String EMPTY_TOKEN_FILE_ERROR = "Empty token file found
at specified path: ";
private static final String TOKEN_FILE_READ_ERROR = "Error reading token
file at specified path: ";
+ /**
+ * Internal implementation of ClientAssertionProvider for file-based token
reading.
+ * This provides backward compatibility for the file-based constructor.
+ */
+ private static class FileBasedClientAssertionProvider implements
ClientAssertionProvider {
+ private final String tokenFile;
+
+ public FileBasedClientAssertionProvider(String tokenFile) {
+ this.tokenFile = tokenFile;
+ }
+
+ @Override
+ public void initialize(Configuration configuration, String accountName)
throws IOException {
+ // No initialization needed for file-based provider
+ }
+
+ @Override
+ public String getClientAssertion() throws IOException {
+ String clientAssertion = "";
+ try {
+ File file = new File(tokenFile);
+ clientAssertion = FileUtils.readFileToString(file, "UTF-8");
Review Comment:
Can we take this optimization in subsequent PR since this was existing piece
of code?
https://github.com/apache/hadoop/blob/trunk/hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/oauth2/WorkloadIdentityTokenProvider.java#L103-L115
> ABFS: Proposed Enhancement in WorkloadIdentityTokenProvider
> -----------------------------------------------------------
>
> Key: HADOOP-19660
> URL: https://issues.apache.org/jira/browse/HADOOP-19660
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/azure
> Affects Versions: 3.5.0, 3.4.1
> Reporter: Anuj Modi
> Priority: Major
> Labels: pull-request-available
>
> Externally Reported Enhancement:
> *Current Limitation*
> The current WorkloadIdentityTokenProvider implementation works well for
> file-based token scenarios, but it's tightly coupled to file system
> operations and cannot be easily extended for alternative token sources
> {*}Use Case{*}: *Kubernetes TokenRequest API*
> In modern Kubernetes environments, the recommended approach is to use the
> TokenRequest API to generate short-lived, on-demand service account tokens
> rather than relying on projected volume mounts.
> *Proposed Enhancement*
> I propose modifying WorkloadIdentityTokenProvider to accept a Supplier for
> token retrieval instead of being hardcoded to file operations:
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
