-
Notifications
You must be signed in to change notification settings - Fork 847
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
object_score: Support Azure Fabric OAuth Provider #6382
Conversation
…ents and improve token handling
The JWT logic seems a little odd to me, are we just using it to decode the expiry? If so could we avoid the additional dependency? |
Hi @tustvold Thank you for you review. Yes, because Token Service only returns a JWT token, so I need to decode the expiry. Any advice without dependency? |
https://jwt.io/introduction you should be able to simply split the string, base64 decode the middle chunk and parse the JSON |
…ents and improve token handling
I am depressed about the large review backlog in this crate. We are looking for more help from the community reviewing PRs -- see #6418 for more |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't have a way to test this, but it looks plausible to me. Thank you.
Perhaps @roeap you might be able to give this one a once over as well?
Thanks all, please help to merge the PR if no question. |
Let's wait a day or two before merging to see if @roeap has some time to review. This is getting very close. Thanks for your patience @RobinLin666 and the help @tustvold |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Thanks for adding this @RobinLin666.
Unfortunately I also don't have access to a fabric workspace to validate, but I assume @RobinLin666 can see this work live :).
Thanks @roeap , yes, I have validated in Fabric Notebook. (For testing, I printed something, and deleted it in the PR) |
@@ -336,6 +344,34 @@ pub enum AzureConfigKey { | |||
/// - `disable_tagging` | |||
DisableTagging, | |||
|
|||
/// Fabric token service url |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I double checked and this enum is marked #[non_exhaustive]
and thus it is ok to add new variants without breaking the API
Thank you very much @tustvold @RobinLin666 and @roeap 🙏 |
Which issue does this PR close?
Closes #.
Rationale for this change
In Azure Fabric, we use token service to get user access token, for supporting long reading and writing operation and auto refresh access token, we implement this.
What changes are included in this PR?
This pull request introduces significant enhancements to the Azure integration within the
object_store
module, including the implementation of a newFabricTokenOAuthProvider
. These changes aim to improve the authentication mechanism and add support for fabric token services.Azure Builder Enhancements:
MicrosoftAzureBuilder
to support fabric token services, includingfabric_token_service_url
,fabric_workload_host
,fabric_session_token
, andfabric_cluster_identifier
. (object_store/src/azure/builder.rs
object_store/src/azure/builder.rsR175-R182)AzureConfigKey
to include new configuration keys related to fabric token services. (object_store/src/azure/builder.rs
object_store/src/azure/builder.rsR347-R374)impl AsRef<str>
andimpl FromStr
forAzureConfigKey
to handle new fabric token service keys. (object_store/src/azure/builder.rs
[1] [2]MicrosoftAzureBuilder
to set and get the new fabric token service-related fields. (object_store/src/azure/builder.rs
[1] [2]MicrosoftAzureBuilder
to create aFabricTokenOAuthProvider
if fabric token service fields are provided. (object_store/src/azure/builder.rs
object_store/src/azure/builder.rsR919-R942)Credential Enhancements:
FabricTokenOAuthProvider
to handle OAuth token challenges for fabric token services, including methods for token validation and fetching. (object_store/src/azure/credential.rs
object_store/src/azure/credential.rsR943-R1049)object_store/src/azure/credential.rs
object_store/src/azure/credential.rsR55-R63)These changes collectively enhance the Azure integration by supporting more complex authentication mechanisms, particularly for environments utilizing fabric token services.
Are there any user-facing changes?
After that, we can set some environment variables to make it auto refresh access token in Fabric Notebook.
Then, user can read/write delta table without storage_option.