anujmodi2021 commented on code in PR #6787: URL: https://github.com/apache/hadoop/pull/6787#discussion_r1595039239
########## hadoop-tools/hadoop-azure/src/site/markdown/testing_azure.md: ########## @@ -879,6 +879,42 @@ hierarchical namespace enabled, and set the following configuration settings: </property> --> + <!--2.5. If "WorkloadIdentityTokenProvider" is set as key provider, uncomment below and + set tenant, client id and token file path. + + All service principals must have federated identity credentials for Kubernetes. + See Azure docs: https://learn.microsoft.com/en-us/azure/active-directory/workload-identities/workload-identity-federation-create-trust?pivots=identity-wif-apps-methods-azp#kubernetes + + Retrieve the Azure identity token from kubernetes: + 1. Create AKS cluster with Workload Identity: https://learn.microsoft.com/en-us/azure/aks/workload-identity-deploy-cluster + 2. Create the pod: + kubectl apply -f src/test/resources/workload-identity-pod.yaml + 3. After the pod is running, retrieve the identity token from the pod logs: + kubectl logs pod/workload-identity + 4. Save the identity token to the token file path specified below. + + The Azure identity token expires after 1 hour. + --> + <!-- + <property> + <name>fs.azure.account.oauth2.msi.tenant.{ABFS_ACCOUNT_NAME}</name> + <value>{tenantGuid}</value> + <description>msi tenantGuid.</description> + </property> + + <property> + <name>fs.azure.account.oauth2.client.id.{ABFS_ACCOUNT_NAME}</name> + <value>{client id}</value> + <description>AAD client id.</description> + </property> + + <property> + <name>fs.azure.account.oauth2.client.token.file.{ABFS_ACCOUNT_NAME}</name> + <value>{token file path}</value> Review Comment: I looked through some online resources and found that clientAssertion has to be in the following format: ```"<Base64URL encoded JOSE Header>.<Base64URL encoded JWS Payload>.<Base64URL encoded JWS Signature>"``` Will add test cases around this. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org