Azure Storage file system support#
Trino includes a native implementation to access Azure Storage with a catalog using the Delta Lake, Hive, Hudi, or Iceberg connectors.
Enable the native implementation with fs.native-azure.enabled=true
in your
catalog properties file.
General configuration#
Use the following properties to configure general aspects of Azure Storage file system support:
Property |
Description |
---|---|
|
Activate the native implementation for Azure Storage support. Defaults to
|
|
Authentication type to use for Azure Storage access. Defaults no
authentication used with |
|
Hostname suffix of the Azure storage endpoint.
Defaults to |
|
Data size for blocks during read operations. Defaults
to |
|
Data size for blocks during write operations.
Defaults to |
|
Maximum number of concurrent write operations. Defaults to 8. |
|
Data size Defaults to |
|
Maximum integer number of concurrent HTTP requests to
Azure from every node. Defaults to double the number of processors on the
node. Minimum |
|
Specify the application identifier appended to the |
Access key authentication#
Use the following properties to configure access key authentication to Azure Storage:
Property |
Description |
---|---|
|
Must be set to |
|
The decrypted access key for the Azure Storage account. Requires
authentication type |
OAuth 2.0 authentication#
Use the following properties to configure OAuth 2.0 authentication to Azure Storage:
Property |
Description |
---|---|
|
Must be set to |
|
Tenant ID for Azure authentication. |
|
The endpoint URL for OAuth 2.0 authentication. |
|
The OAuth 2.0 service principal’s client or application ID. |
|
A OAuth 2.0 client secret for the service principal. |
Access multiple storage accounts#
To allow Trino to access multiple Azure storage accounts from a single catalog configuration, you can use OAuth 2.0 authentication with an Azure service principal. The following steps describe how to create a service principal in Azure and assign an IAM role granting access to the storage accounts:
Create a service principal in Azure Active Directory using Azure App Registrations and save the client secret.
Assign access to the storage accounts from the account’s Access Control (IAM) section. You can add Role Assignments and select appropriate roles, such as Storage Blob Data Contributor.
Assign access using the option User, group, or service principal and select the service principal created. Save to finalize the role assignment.
Once you create the service principal and configure the storage accounts use the Client ID, Secret and Tenant ID values from the application registration, to configure the catalog using properties from OAuth 2.0 authentication.