Skip to content

support adls.token #20

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 3 commits into from
Closed

support adls.token #20

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
0d1de4e
support adls.token
kevinjqliu Aug 14, 2025
9d772d5
thanks gemini
kevinjqliu Aug 14, 2025
8bd3530
thx gemini
kevinjqliu Aug 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions pyiceberg/io/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,7 @@
ADLS_DFS_STORAGE_AUTHORITY = "adls.dfs-storage-authority"
ADLS_BLOB_STORAGE_SCHEME = "adls.blob-storage-scheme"
ADLS_DFS_STORAGE_SCHEME = "adls.dfs-storage-scheme"
ADLS_TOKEN = "adls.token"
GCS_TOKEN = "gcs.oauth2.token"
GCS_TOKEN_EXPIRES_AT_MS = "gcs.oauth2.token-expires-at"
GCS_PROJECT_ID = "gcs.project-id"
Expand Down
23 changes: 22 additions & 1 deletion pyiceberg/io/fsspec.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@
ADLS_CREDENTIAL,
ADLS_SAS_TOKEN,
ADLS_TENANT_ID,
ADLS_TOKEN,
AWS_ACCESS_KEY_ID,
AWS_REGION,
AWS_SECRET_ACCESS_KEY,
Expand Down Expand Up @@ -192,7 +193,11 @@ def _gs(properties: Properties) -> AbstractFileSystem:


def _adls(properties: Properties) -> AbstractFileSystem:
Copy link

@gemini-code-assist gemini-code-assist bot Aug 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

This change introduces new authentication logic for ADLS using adls.token, but it lacks corresponding unit tests. To ensure the correctness and maintainability of this feature, please add a test case in tests/io/test_fsspec.py. The test should verify that when adls.token is provided in the properties, AzureBlobFileSystem is initialized with an appropriate credential object that wraps the token.

import time

from adlfs import AzureBlobFileSystem
from azure.core.credentials import AccessToken
from azure.core.credentials_async import AsyncTokenCredential

for key, sas_token in {
key.replace(f"{ADLS_SAS_TOKEN}.", ""): value for key, value in properties.items() if key.startswith(ADLS_SAS_TOKEN)
Expand All @@ -202,9 +207,25 @@ def _adls(properties: Properties) -> AbstractFileSystem:
if ADLS_SAS_TOKEN not in properties:
properties[ADLS_SAS_TOKEN] = sas_token

class StaticTokenCredential(AsyncTokenCredential):
_DEFAULT_EXPIRY_SECONDS = 3600

def __init__(self, token_string: str) -> None:
self._token = token_string

async def get_token(self, *scopes: str, **kwargs: Any) -> AccessToken:
# Set expiration 1 hour from now
expires_on = int(time.time()) + self._DEFAULT_EXPIRY_SECONDS
return AccessToken(self._token, expires_on)

if token := properties.get(ADLS_TOKEN):
credential = StaticTokenCredential(token)
else:
credential = properties.get(ADLS_CREDENTIAL) # type: ignore

return AzureBlobFileSystem(
connection_string=properties.get(ADLS_CONNECTION_STRING),
credential=properties.get(ADLS_CREDENTIAL),
credential=credential,
account_name=properties.get(ADLS_ACCOUNT_NAME),
account_key=properties.get(ADLS_ACCOUNT_KEY),
sas_token=properties.get(ADLS_SAS_TOKEN),
Expand Down