apacheGH-39343: [C++][FS][Azure] Add client secret auth configuration (…

…apache#39346) ### Rationale for this change Client is a useful Azure authentication ### What changes are included in this PR? Implement `AzureOptions::ConfigureClientSecretCredential` ### Are these changes tested? Simple unittest ### Are there any user-facing changes? Client secret auth is now supported on the Azure filesystem. * Closes: apache#39343 Authored-by: Thomas Newton <[email protected]> Signed-off-by: Sutou Kouhei <[email protected]>
dremio · Dec 22, 2023 · 929c40b · 929c40b
1 parent 2abb3fb
commit 929c40b
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 0 deletions.
diff --git a/cpp/src/arrow/filesystem/azurefs.cc b/cpp/src/arrow/filesystem/azurefs.cc
@@ -113,6 +113,16 @@ Status AzureOptions::ConfigureAccountKeyCredential(const std::string& account_na
   return Status::OK();
 }
 
+Status AzureOptions::ConfigureClientSecretCredential(const std::string& account_name,
+                                                     const std::string& tenant_id,
+                                                     const std::string& client_id,
+                                                     const std::string& client_secret) {
+  credential_kind_ = CredentialKind::kTokenCredential;
+  token_credential_ = std::make_shared<Azure::Identity::ClientSecretCredential>(
+      tenant_id, client_id, client_secret);
+  return Status::OK();
+}
+
 Status AzureOptions::ConfigureDefaultCredential(const std::string& account_name) {
   credential_kind_ = CredentialKind::kTokenCredential;
   token_credential_ = std::make_shared<Azure::Identity::DefaultAzureCredential>();

diff --git a/cpp/src/arrow/filesystem/azurefs.h b/cpp/src/arrow/filesystem/azurefs.h
@@ -110,6 +110,11 @@ struct ARROW_EXPORT AzureOptions {
   Status ConfigureAccountKeyCredential(const std::string& account_name,
                                        const std::string& account_key);
 
+  Status ConfigureClientSecretCredential(const std::string& account_name,
+                                         const std::string& tenant_id,
+                                         const std::string& client_id,
+                                         const std::string& client_secret);
+
   bool Equals(const AzureOptions& other) const;
 
   std::string AccountBlobUrl(const std::string& account_name) const;

diff --git a/cpp/src/arrow/filesystem/azurefs_test.cc b/cpp/src/arrow/filesystem/azurefs_test.cc
@@ -271,6 +271,13 @@ class AzureHierarchicalNSEnv : public AzureEnvImpl<AzureHierarchicalNSEnv> {
   bool WithHierarchicalNamespace() const final { return true; }
 };
 
+TEST(AzureFileSystem, InitializeFilesystemWithClientSecretCredential) {
+  AzureOptions options;
+  ARROW_EXPECT_OK(options.ConfigureClientSecretCredential(
+      "dummy-account-name", "tenant_id", "client_id", "client_secret"));
+  EXPECT_OK_AND_ASSIGN(auto fs, AzureFileSystem::Make(options));
+}
+
 TEST(AzureFileSystem, InitializeFilesystemWithDefaultCredential) {
   AzureOptions options;
   ARROW_EXPECT_OK(options.ConfigureDefaultCredential("dummy-account-name"));