Updated to include Managed Identity support for On-demand cluster #127766
Conversation
|
@KrishnakumarRukmangathan : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
|
Learn Build status updates of commit d07c19f: ✅ Validation status: passed
For more details, please refer to the build report. |
|
#sign-off |
|
Invalid command: '#sign-off'. Only the assigned author of one or more file in this PR can sign off. @nabhishek |
There was a problem hiding this comment.
Pull Request Overview
This PR adds support for Managed Identity authentication methods (System Assigned and User Assigned) for on-demand HDInsight clusters in Azure Data Factory, expanding beyond the existing Service Principal Key authentication.
Key Changes:
- Added two new authentication examples demonstrating System Assigned and User Assigned Managed Identity configurations
- Introduced new properties
clusterResourceGroupAuthTypeandcredentialfor managing authentication types - Added comprehensive documentation explaining Managed Identity authentication requirements and limitations
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| | clusterSize | Number of worker/data nodes in the cluster. The HDInsight cluster is created with 2 head nodes along with the number of worker nodes you specify for this property. The nodes are of size Standard_D3 that has 4 cores, so a 4 worker node cluster takes 24 cores (4\*4 = 16 cores for worker nodes, plus 2\*4 = 8 cores for head nodes). See [Set up clusters in HDInsight with Hadoop, Spark, Kafka, and more](../hdinsight/hdinsight-hadoop-provision-linux-clusters.md) for details. | Yes | | ||
| | linkedServiceName | Azure Storage linked service to be used by the on-demand cluster for storing and processing data. The HDInsight cluster is created in the same region as this Azure Storage account. Azure HDInsight has limitation on the total number of cores you can use in each Azure region it supports. Make sure you have enough core quotas in that Azure region to meet the required clusterSize. For details, refer to [Set up clusters in HDInsight with Hadoop, Spark, Kafka, and more](../hdinsight/hdinsight-hadoop-provision-linux-clusters.md)<p>Currently, you cannot create an on-demand HDInsight cluster that uses an Azure Data Lake Storage (Gen 2) as the storage. If you want to store the result data from HDInsight processing in an Azure Data Lake Storage (Gen 2), use a Copy Activity to copy the data from the Azure Blob Storage to the Azure Data Lake Storage (Gen 2). </p> | Yes | | ||
| | clusterResourceGroup | The HDInsight cluster is created in this resource group. | Yes | | ||
| | clusterResourceGroupAuthType | Specify the HDInsight On-demand cluster resource group authentication type. Supported auth types are "ServicePrincipalKey", "SystemAssignedManagedIdentity", "UserAssignedManagedIdentity". | Required for using Managed Identity authentication. If field is not there, will default to ServicePrincipalKey | |
There was a problem hiding this comment.
The description in the 'Required?' column is unclear. It states 'Required for using Managed Identity authentication' but then says 'will default to ServicePrincipalKey' if not present, which contradicts the 'required' statement. Consider clarifying to: 'No (defaults to ServicePrincipalKey). Required when using Managed Identity authentication.'
| | clusterResourceGroupAuthType | Specify the HDInsight On-demand cluster resource group authentication type. Supported auth types are "ServicePrincipalKey", "SystemAssignedManagedIdentity", "UserAssignedManagedIdentity". | Required for using Managed Identity authentication. If field is not there, will default to ServicePrincipalKey | | |
| | clusterResourceGroupAuthType | Specify the HDInsight On-demand cluster resource group authentication type. Supported auth types are "ServicePrincipalKey", "SystemAssignedManagedIdentity", "UserAssignedManagedIdentity". | No (defaults to ServicePrincipalKey). Required when using Managed Identity authentication. | |
| | linkedServiceName | Azure Storage linked service to be used by the on-demand cluster for storing and processing data. The HDInsight cluster is created in the same region as this Azure Storage account. Azure HDInsight has limitation on the total number of cores you can use in each Azure region it supports. Make sure you have enough core quotas in that Azure region to meet the required clusterSize. For details, refer to [Set up clusters in HDInsight with Hadoop, Spark, Kafka, and more](../hdinsight/hdinsight-hadoop-provision-linux-clusters.md)<p>Currently, you cannot create an on-demand HDInsight cluster that uses an Azure Data Lake Storage (Gen 2) as the storage. If you want to store the result data from HDInsight processing in an Azure Data Lake Storage (Gen 2), use a Copy Activity to copy the data from the Azure Blob Storage to the Azure Data Lake Storage (Gen 2). </p> | Yes | | ||
| | clusterResourceGroup | The HDInsight cluster is created in this resource group. | Yes | | ||
| | clusterResourceGroupAuthType | Specify the HDInsight On-demand cluster resource group authentication type. Supported auth types are "ServicePrincipalKey", "SystemAssignedManagedIdentity", "UserAssignedManagedIdentity". | Required for using Managed Identity authentication. If field is not there, will default to ServicePrincipalKey | | ||
| | credential | Specify the credential reference containing Managed Identity object which has access over the resource group. | Only required for "UserAssignedManagedIdentity" authentication. | |
There was a problem hiding this comment.
The description states 'containing Managed Identity object which has access over the resource group' but should be 'that has access to the resource group' for grammatical correctness.
| | credential | Specify the credential reference containing Managed Identity object which has access over the resource group. | Only required for "UserAssignedManagedIdentity" authentication. | | |
| | credential | Specify the credential reference that has access to the resource group. | Only required for "UserAssignedManagedIdentity" authentication. | |
| "credential": { | ||
| "referenceName": "CredentialName", | ||
| "type": "CredentialReference" | ||
| }, |
There was a problem hiding this comment.
Inconsistent indentation within the credential object. Lines 155-156 have 6 spaces of indentation, while line 157 has only 1 space. Should maintain consistent indentation (either 6 or 8 spaces for inner properties) to match the formatting of other properties in the JSON example.
| }, | |
| }, |
|
Hi @KrishnakumarRukmangathan - This pull request was opened in the public repo. PMs should work in the private repo, per the Microsoft Docs contributor guide. We can keep this PR open for review and merge, but would you make future content updates in the private repo? Thank you! Can you review the proposed changes? Important: When the changes are ready for publication, adding a #label:"aq-pr-triaged" |
prmerger-automator
bot
added
the
aq-pr-triaged
|
Invalid command: '#sign-off'. Only the assigned author of one or more file in this PR can sign off. @nabhishek |
Since when has this change come in effect. Just 2 weeks back I had modified this same article, made necessary changes and merged the PR myself. Can you please let me know what are the new changes in effect? |
|
@v-dirichards Can you please proceed to merge these changes. The author of this article doesn't work on this feature. |
@KrishnakumarRukmangathan When you made the changes two weeks ago, you made them in the private repo (azure-docs-pr). This current PR was opened in the public repo (azure-docs), and the author must sign off on it before we can merge. You can still pull these changes into the private repo, review the articles on staging, fix any validation issues, and then you can add the sign-off comment to let PR reviewers know that the updates are ready to be merged. |
|
#sign-off |
|
#sign-off |
|
Invalid command: '#sign-off'. Only the assigned author of one or more file in this PR can sign off. @nabhishek |
3 participants
No description provided.