Azure - Cluster Authentication

Card Puncher Data Processing

Token

When creating a cluster, the authentication is made through a token. The property fs.adl.oauth2.access.token.provider.type is Custom

<property>
  <name>fs.adl.oauth2.access.token.provider.type</name>
  <value>Custom</value>
</property>

<property>
  <name>fs.azure.datalake.token.provider.script</name>
  <value>/usr/lib/hdinsight-common/scripts/decrypt.sh</value>
</property>

<property>
  <name>fs.azure.datalake.token.provider.service.urls</name>
  <value>http://gw1-42h.ceches310vkhzwh.ax.internal.cloudapp.net:909/api/oauthtoken,http://gw3-42h.cechecmupznukhzwh.ax.internal.cloudapp.net:909/api/oauthtoken</value>
</property>

How to get a token ?

  • You can get an encrypted token by calling one of the URL in fs.azure.datalake.token.provider.service.urls
  • That you can decrypt with the shell script set in the property fs.azure.datalake.token.provider.script

Example:

  • Get the encrypted token
curl curl http://gw1-42h.ceches310vkhzwh.ax.internal.cloudapp.net:909/api/oauthtoken
{"AccessToken":"MIIGHQYJKoZIhvcNAQcDoIIGDjCCBgoCAQA…….","ExpiresOn":1500447750098}

  • Decrypt it
/usr/lib/hdinsight-common/scripts/decrypt.sh MIIGHQYJKoZIhvcNAQcDoIIGDjCCBgoCAQA…….
EAw+eA8qSpvrvw0Tnsm3lOXVSdalW

Documentation / Reference







Share this page:
Follow us:
Task Runner