Re: [PR] GH-39320: [C++][FS][Azure] Add managed identity auth configuration [arrow]

Fri, 22 Dec 2023 11:50:02 -0800 


Tom-Newton commented on code in PR #39321:
URL: https://github.com/apache/arrow/pull/39321#discussion_r1435314150


##########
cpp/src/arrow/filesystem/azurefs.cc:
##########
@@ -117,27 +117,42 @@ Status 
AzureOptions::ConfigureClientSecretCredential(const std::string& account_
                                                      const std::string& 
tenant_id,
                                                      const std::string& 
client_id,
                                                      const std::string& 
client_secret) {
+  account_name_ = account_name;
   credential_kind_ = CredentialKind::kTokenCredential;
   token_credential_ = 
std::make_shared<Azure::Identity::ClientSecretCredential>(
       tenant_id, client_id, client_secret);
   return Status::OK();
 }
 
 Status AzureOptions::ConfigureDefaultCredential(const std::string& 
account_name) {
+  account_name_ = account_name;
   credential_kind_ = CredentialKind::kTokenCredential;
   token_credential_ = 
std::make_shared<Azure::Identity::DefaultAzureCredential>();
   return Status::OK();
 }
 
+Status AzureOptions::ConfigureManagedIdentityCredential(const std::string& 
account_name,
+                                                        const std::string& 
client_id) {
+  account_name_ = account_name;
+  credential_kind_ = CredentialKind::kTokenCredential;
+  token_credential_ =
+      std::make_shared<Azure::Identity::ManagedIdentityCredential>(client_id);
+  return Status::OK();
+}
+
 Status AzureOptions::ConfigureWorkloadIdentityCredential(
     const std::string& account_name) {
+  account_name_ = account_name;
   credential_kind_ = CredentialKind::kTokenCredential;
   token_credential_ = 
std::make_shared<Azure::Identity::WorkloadIdentityCredential>();
   return Status::OK();
 }
 
 Result<std::unique_ptr<Blobs::BlobServiceClient>> 
AzureOptions::MakeBlobServiceClient()
     const {
+  if (account_name_.empty()) {
+    return Status::Invalid("AzureOptions doesn't contain a valid account 
name");
+  }

Review Comment:
   :+1: Do you mind if we do that in a separate PR to fix up anonymous and 
change the default to default credential. This was supposed to be a super 
simple PR until kou realised all the auths were broken :sweat_smile: 



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to