jabbera commented on code in PR #45706:
URL: https://github.com/apache/arrow/pull/45706#discussion_r1987154594
##########
python/pyarrow/_azurefs.pyx:
##########
@@ -100,6 +105,9 @@ cdef class AzureFileSystem(FileSystem):
if account_key:
options.ConfigureAccountKeyCredential(tobytes(account_key))
self.account_key = tobytes(account_key)
+ elif sas_token:
+ options.ConfigureSASCredential(tobytes(sas_token))
+ self.sas_token = tobytes(sas_token)
Review Comment:
Order of preference would be:
Entra ID (no sas token or account key)
User delegated sas token (this is still entra based but can be used in
scenarios where the default entra provider mentioned above isn't suitable. The
oauth obo flow is the case in dealing with). These expire relatively quickly
(hours).
Standard sas token (these can have expiration, restricted access). These are
signed with the account key and can have very long expirations.
Account key. Using this is essentially giving away a master key that's also
a key factory. It's a bearer token that can mint new bearer tokens.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscr...@arrow.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
