Skip to content

Commit

Permalink
Add workload identity
Browse files Browse the repository at this point in the history
  • Loading branch information
Tom-Newton committed Dec 20, 2023
1 parent 87865b5 commit eefb162
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 0 deletions.
8 changes: 8 additions & 0 deletions cpp/src/arrow/filesystem/azurefs.cc
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,14 @@ Status AzureOptions::ConfigureDefaultCredential(const std::string& account_name)
return Status::OK();
}

Status AzureOptions::ConfigureManagedIdentityCredential(const std::string& account_name,
std::string const& clientId) {
credential_kind_ = CredentialKind::kTokenCredential;
token_credential_ =
std::make_shared<Azure::Identity::ManagedIdentityCredential>(clientId);
return Status::OK();
}

Result<std::unique_ptr<Blobs::BlobServiceClient>> AzureOptions::MakeBlobServiceClient()
const {
switch (credential_kind_) {
Expand Down
3 changes: 3 additions & 0 deletions cpp/src/arrow/filesystem/azurefs.h
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,9 @@ struct ARROW_EXPORT AzureOptions {

Status ConfigureDefaultCredential(const std::string& account_name);

Status ConfigureManagedIdentityCredential(const std::string& account_name,
std::string const& clientId = std::string());

Status ConfigureAccountKeyCredential(const std::string& account_name,
const std::string& account_key);

Expand Down
9 changes: 9 additions & 0 deletions cpp/src/arrow/filesystem/azurefs_test.cc
Original file line number Diff line number Diff line change
Expand Up @@ -276,6 +276,15 @@ TEST(AzureFileSystem, InitializeFilesystemWithDefaultCredential) {
EXPECT_OK_AND_ASSIGN(auto default_credential_fs, AzureFileSystem::Make(options));
}

TEST(AzureFileSystem, InitializeFilesystemWithManagedIdentityCredential) {
AzureOptions options;
ARROW_EXPECT_OK(options.ConfigureManagedIdentityCredential("dummy-account-name"));
EXPECT_OK_AND_ASSIGN(auto fs, AzureFileSystem::Make(options));

ARROW_EXPECT_OK(options.ConfigureManagedIdentityCredential("dummy-account-name", "specific-client-id"));
EXPECT_OK_AND_ASSIGN(fs, AzureFileSystem::Make(options));
}

TEST(AzureFileSystem, OptionsCompare) {
AzureOptions options;
EXPECT_TRUE(options.Equals(options));
Expand Down

0 comments on commit eefb162

Please sign in to comment.