[jira] [Commented] (HADOOP-18542) Azure Token provider requires tenant and client IDs despite being optional

[ASF GitHub Bot (Jira)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-18542?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17684757#comment-17684757
 ] 

ASF GitHub Bot commented on HADOOP-18542:
-----------------------------------------

CLevasseur commented on PR #4262:
URL: https://github.com/apache/hadoop/pull/4262#issuecomment-1419271362

   I have had a look at IdentityTransformer (we're talking about [those 
configuration 
keys](https://github.com/apache/hadoop/blob/c7ec1897c408257ea1f157123c0d1604b632c048/hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/oauth2/IdentityTransformer.java#L61-L64),
 right ?)but I am not sure what those fields are for and how to set them, I 
have tried the following snippet but it failed with similar errors.
   
   ```xml
     <property>
       <name>fs.azure.identity.transformer.domain.name</name>
       <value>$superuser</value>
     </property>
   
     <property>
       
<name>fs.azure.identity.transformer.service.principal.substitution.list</name>
       <value>*</value>
     </property>
   ```
   
   I have added a unit-test to check that we can now instantiate an 
MsiTokenProvider without setting the client and tenant IDs in the 
configuration. The integration tests that are failing look unrelated to my 
changes (see test run in my previous comment).




> Azure Token provider requires tenant and client IDs despite being optional
> --------------------------------------------------------------------------
>
>                 Key: HADOOP-18542
>                 URL: https://issues.apache.org/jira/browse/HADOOP-18542
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: fs/azure, hadoop-thirdparty
>    Affects Versions: 3.3.2, 3.3.3, 3.3.4
>            Reporter: Carl
>            Priority: Major
>              Labels: pull-request-available
>
> The `AbfsConfiguration` class requires that we provide a tenant and client ID 
> when using the `MsiTokenProvider` class to fetch an authentication token. The 
> bug is that those fields are not required by the Azure API, which can infer 
> those fields when the call is made from an Azure instance.
> The fix is to make tenant and client ID optional when getting an Azure token 
> from the Azure Metadata Service.
> A fix has been submitted here: [https://github.com/apache/hadoop/pull/4262]
> The bug was introduced with HADOOP-17725  
> ([https://github.com/apache/hadoop/pull/3041/files])



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org