Skip to content

Managed identity authentication module for native Azure Storage support #24261

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Managed identity authentication module for native Azure Storage support #24261

wants to merge 1 commit into from

Conversation

nandorKollar
Copy link

@nandorKollar nandorKollar commented Nov 26, 2024
edited
Loading

Description

Implement Managed Identity module for native Azure Storage support. Oauth and access key authentication are already available with native storage support, however authentication with managed identities are only possible with deprecated legacy Azure support with customised core-site.xml.

Additional context and related issues

Release notes

( ) This is not user-visible or is docs only, and no release notes are required.
( ) Release notes are required. Please propose a release note for me.
( ) Release notes are required, with the following suggested text:

## Section
Fixes #16041

@nandorKollar nandorKollar marked this pull request as ready for review November 28, 2024 08:48
@anusudarsan
Copy link
Member

is this a dupe of #23447 ?

@nandorKollar
Copy link
Author

nandorKollar commented Dec 5, 2024
edited
Loading

is this a dupe of #23447 ?

Yes, both achieve approximately the same goal with different approach. As far as I see, #23447 doesn't create a new auth module, instead reuses the existing default module. DefaultAzureCredential chains several authentication modes (see details here), and it's parametrised with the clientid/resourceid. My PR is more explicit, as it creates a separate module for it, and only tries to authenticate with managed identities. Note, that I think in case authentication with EnvironmentCredential (1st in authentication chain) succeeds (because env vars mentioned in azure doc include a valid credential), then even if Trino configs point to a managed identity, that's not going to be used.

@github-actions GitHub Actions
Copy link

This pull request has gone a while without any activity. Tagging for triage help: @mosabua

@github-actions github-actions bot added the stale label Dec 30, 2024
@github-actions GitHub Actions
Copy link

Closing this pull request, as it has been stale for six weeks. Feel free to re-open at any time.

@github-actions github-actions bot closed this Jan 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
stale
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nandorKollar @anusudarsan