phoebusm
commented
1 year ago Azure AD supports five types of credentials for authentication and it will not be practical to support passing all five types of credentials from user as
- Complicated pybining
- Much better design of Azure identity library in python than C++
- Much more work to implement
All five AD credentials request all return the same access token for connection, which has a relatively simple structure:
struct AccessToken final
{
/**
* @brief Token string.
*
*/
std::string Token;
/**
* @brief A point in time after which the token expires.
*
*/
DateTime ExpiresOn;
};The suggested design will be, user can specify Token and ExpiresOn on the connection string and a nested struct will be added to the protobuf so these can be passed to the C++ layer.
Concerns:
- Users need to keep the expiry of the token in mind
- If the tokens expire before the end of the operation, the operation will fail
- Similar to the logic of existing SAS authentication support
- Cannot find any documentation regarding AD support on Azurite
- Will continue the search
- Last option will be moving the logic to the persistence test (which has the real Azure storage) and user Azure CLI for the setup
Parent ticket: https://github.com/man-group/ArcticDB/issues/898
Add Azure AD Authentication support Reading material: https://learn.microsoft.com/en-us/python/api/azure-identity/azure.identity.defaultazurecredential?view=azure-python https://github.com/Azure/azure-sdk-for-cpp/blob/main/sdk/identity/azure-identity/README.md#credential-classes