Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
The ADLSCredentialsControllerService has support for the Azure (system-assigned) managed identity, obtaining access tokens from the local Azure Instance Metadata service endpoint.
Azure also supports user-assigned Managed Identities that are available through the same Metadata endpoint by specifying the correct ClientID.
Currently if more than one Managed Identity is available, the Controller appears to obtain a token from one of them at random.
The improvement would be to add a new property "Managed Identity ClientID" and if not empty, make the ADLSCredentialsControllerService obtain a token for that specific identity.
If the NIFI-8278 is implemented, a new Authentication Type of "User-assigned Managed Identity" can control whether to use the ClientID property or obtain the system-assigned Managed Identity.
Attachments
Issue Links
- links to