manika137 commented on code in PR #7461:
URL: https://github.com/apache/hadoop/pull/7461#discussion_r2018311461
##########
hadoop-tools/hadoop-azure/src/site/markdown/abfs.md:
##########
@@ -754,22 +754,39 @@ requests. User can specify them as fixed SAS Token to be
used across all the req
</property>
```
- 1. Fixed SAS Token:
+ 2. Account SAS (Fixed SAS Token at Account Level):
+ ```xml
+ <property>
+ <name>fs.azure.sas.fixed.token.ACCOUNT_NAME</name>
+ <value>FIXED_ACCOUNT_SAS_TOKEN</value>
+ </property>
+ ```
+
+ - Replace `FIXED_ACCOUNT_SAS_TOKEN` with fixed Account/Service SAS. You
can also
+ generate SAS from Azure portal. Account -> Security + Networking ->
Shared Access Signature
+
+ 3. Service SAS (Fixed SAS Token at Container Level):
```xml
- <property>
- <name>fs.azure.sas.fixed.token</name>
- <value>FIXED_SAS_TOKEN</value>
- </property>
- ```
+ <property>
+ <name>fs.azure.sas.fixed.token.CONTAINER_NAME.ACCOUNT_NAME</name>
+ <value>FIXED_SAS_TOKEN</value>
+ </property>
+ ```
+
+ - Replace `FIXED_SERVICE_SAS_TOKEN` with fixed Service SAS. You can also
+ generate SAS from Azure portal. Account -> Data storage -> Containers ->
+ right click on your container and select generate SAS ->
+ Give valid permissions and expiry time -> Click on generate SAS and copy
+ the SAS token.
- Replace `FIXED_SAS_TOKEN` with fixed Account/Service SAS. You can also
-generate SAS from Azure portal. Account -> Security + Networking -> Shared
Access Signature
- **Security**: Account/Service SAS requires account keys to be used which
makes
them less secure. There is no scope of having delegated access to different
users.
-*Note:* When `fs.azure.sas.token.provider.type` and `fs.azure.fixed.sas.token`
-are both configured, precedence will be given to the custom token provider
implementation.
+*Note:*
+- When both account SAS and service SAS are configured, precedence will be
given to the service SAS.
+- When `fs.azure.sas.token.provider.type` and `fs.azure.fixed.sas.token`
+ are both configured, precedence will be given to the custom token provider
implementation.
Review Comment:
Makes sense, added
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
