Skip to content

support adls.token #20

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 3 commits into from
Closed

support adls.token #20

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
0d1de4e
support adls.token
kevinjqliu Aug 14, 2025
9d772d5
thanks gemini
kevinjqliu Aug 14, 2025
8bd3530
thx gemini
kevinjqliu Aug 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions pyiceberg/io/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,7 @@
ADLS_DFS_STORAGE_AUTHORITY = "adls.dfs-storage-authority"
ADLS_BLOB_STORAGE_SCHEME = "adls.blob-storage-scheme"
ADLS_DFS_STORAGE_SCHEME = "adls.dfs-storage-scheme"
ADLS_TOKEN = "adls.token"
GCS_TOKEN = "gcs.oauth2.token"
GCS_TOKEN_EXPIRES_AT_MS = "gcs.oauth2.token-expires-at"
GCS_PROJECT_ID = "gcs.project-id"
Expand Down
27 changes: 26 additions & 1 deletion pyiceberg/io/fsspec.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@
ADLS_CREDENTIAL,
ADLS_SAS_TOKEN,
ADLS_TENANT_ID,
ADLS_TOKEN,
AWS_ACCESS_KEY_ID,
AWS_REGION,
AWS_SECRET_ACCESS_KEY,
Expand Down Expand Up @@ -192,7 +193,11 @@ def _gs(properties: Properties) -> AbstractFileSystem:


def _adls(properties: Properties) -> AbstractFileSystem:
Copy link

@gemini-code-assist gemini-code-assist bot Aug 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

This change introduces new authentication logic for ADLS using adls.token, but it lacks corresponding unit tests. To ensure the correctness and maintainability of this feature, please add a test case in tests/io/test_fsspec.py. The test should verify that when adls.token is provided in the properties, AzureBlobFileSystem is initialized with an appropriate credential object that wraps the token.

import time

from adlfs import AzureBlobFileSystem
from azure.core.credentials import AccessToken
from azure.core.credentials_async import AsyncTokenCredential

for key, sas_token in {
key.replace(f"{ADLS_SAS_TOKEN}.", ""): value for key, value in properties.items() if key.startswith(ADLS_SAS_TOKEN)
Expand All @@ -202,9 +207,29 @@ def _adls(properties: Properties) -> AbstractFileSystem:
if ADLS_SAS_TOKEN not in properties:
properties[ADLS_SAS_TOKEN] = sas_token

class StaticTokenCredential(AsyncTokenCredential):
def __init__(self, token_string: str) -> None:
self._token = token_string
# If no expiry provided, set 1 hour from now
self._expires_on = int(time.time()) + 3600

async def get_token(self, *scopes: str, **kwargs: Any) -> AccessToken:
return AccessToken(self._token, self._expires_on)

if ADLS_TOKEN in properties:
token = properties.get(ADLS_TOKEN)
if token is not None:
credential = StaticTokenCredential(token)
else:
credential = None
elif ADLS_CREDENTIAL in properties:
credential = properties.get(ADLS_CREDENTIAL)
else:
credential = None

return AzureBlobFileSystem(
connection_string=properties.get(ADLS_CONNECTION_STRING),
credential=properties.get(ADLS_CREDENTIAL),
credential=credential,
account_name=properties.get(ADLS_ACCOUNT_NAME),
account_key=properties.get(ADLS_ACCOUNT_KEY),
sas_token=properties.get(ADLS_SAS_TOKEN),
Expand Down
Loading