• Home
• org.apache.hadoop
• hadoop-azure
• 3.3.3
• source code
• MsiTokenProvider.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.apache.hadoop.fs.azurebfs.oauth2.MsiTokenProvider Maven / Gradle / Ivy

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.apache.hadoop.fs.azurebfs.oauth2;

import java.io.IOException;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * Provides tokens based on Azure VM's Managed Service Identity.
 */
public class MsiTokenProvider extends AccessTokenProvider {

  private final String authEndpoint;

  private final String authority;

  private final String tenantGuid;

  private final String clientId;

  private long tokenFetchTime = -1;

  private static final long ONE_HOUR = 3600 * 1000;

  private static final Logger LOG = LoggerFactory.getLogger(AccessTokenProvider.class);

  public MsiTokenProvider(final String authEndpoint, final String tenantGuid,
      final String clientId, final String authority) {
    this.authEndpoint = authEndpoint;
    this.tenantGuid = tenantGuid;
    this.clientId = clientId;
    this.authority = authority;
  }

  @Override
  protected AzureADToken refreshToken() throws IOException {
    LOG.debug("AADToken: refreshing token from MSI");
    AzureADToken token = AzureADAuthenticator
        .getTokenFromMsi(authEndpoint, tenantGuid, clientId, authority, false);
    tokenFetchTime = System.currentTimeMillis();
    return token;
  }

  /**
   * Checks if the token is about to expire as per base expiry logic.
   * Otherwise try to expire every 1 hour
   *
   * @return true if the token is expiring in next 1 hour or if a token has
   * never been fetched
   */
  @Override
  protected boolean isTokenAboutToExpire() {
    if (tokenFetchTime == -1 || super.isTokenAboutToExpire()) {
      return true;
    }

    boolean expiring = false;
    long elapsedTimeSinceLastTokenRefreshInMillis =
        System.currentTimeMillis() - tokenFetchTime;
    expiring = elapsedTimeSinceLastTokenRefreshInMillis >= ONE_HOUR
        || elapsedTimeSinceLastTokenRefreshInMillis < 0;
    // In case of, Token is not refreshed for 1 hr or any clock skew issues,
    // refresh token.
    if (expiring) {
      LOG.debug("MSIToken: token renewing. Time elapsed since last token fetch:"
          + " {} milli seconds", elapsedTimeSinceLastTokenRefreshInMillis);
    }

    return expiring;
  }

}