Trying to connect to Azure Data Lake storage Gen2 using MSI (Azure Managed Identity) via Hadoop client in console and receive the error
ls: AADToken: HTTP connection failed for getting token from AzureAD. Http response: 400 Bad Request*
Connection via Shared Key works fine.
What was done:
- Created a Windows 10 VM in Azure and installed Haddop client 3.2 from Apache site and JRE 1.8.0
- Created Storage account using https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-quickstart-create-account
- Created Azure AD application using https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
- Turned on System-assigned managed identity for VM as described here https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm
- Assigned a managed identity access to the Storage account as described here https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/howto-assign-access-portal
To connect using a command below:
hadoop fs -Dfs.azure.ssl.channel.mode=Default_JSSE -Dfs.azure.account.oauth.provider.type=org.apache.hadoop.fs.azurebfs.oauth2.MsiTokenProvider -Dfs.azure.account.auth.type=OAuth -Dfs.azure.account.oauth2.msi.tenant=<tenant_ID> -Dfs.azure.account.oauth2.client.id=<Client_ID> -ls abfss://<filesystem_name>2@<storage_account_name>.dfs.core.windows.net/
Something wrong or missed? Please advice.
Thank you!
All Applications
), refer to i.stack.imgur.com/Wotcb.png. The application id(client id) is that you want. If you use that client id, will it work? – Joy Wang-MSFTStorage Blob Data Owner
role? – Joy Wang-MSFT