Azure Storage file system support#
Trino includes a native implementation to access Azure Data Lake Storage Gen2 with a catalog using the Delta Lake, Hive, Hudi, or Iceberg connectors.
Enable the native implementation with fs.native-azure.enabled=true in your
catalog properties file. Additionally, the Azure storage account must have
hierarchical namespace enabled.
General configuration#
Use the following properties to configure general aspects of Azure Storage file system support:
Property |
Description |
|---|---|
|
Activate the native implementation for Azure Storage support. Defaults to
|
|
Authentication type to use for Azure Storage access. Defaults no
authentication used with |
|
Hostname suffix of the Azure storage endpoint.
Defaults to |
|
Data size for blocks during read operations. Defaults
to |
|
Data size for blocks during write operations.
Defaults to |
|
Maximum number of concurrent write operations. Defaults to 8. |
|
Data size Defaults to |
|
Maximum integer number of concurrent HTTP requests to
Azure from every node. Defaults to double the number of processors on the
node. Minimum |
|
Specify the application identifier appended to the |
Access key authentication#
Use the following properties to configure access key authentication to Azure Storage:
Property |
Description |
|---|---|
|
Must be set to |
|
The decrypted access key for the Azure Storage account. Requires
authentication type |
OAuth 2.0 authentication#
Use the following properties to configure OAuth 2.0 authentication to Azure Storage:
Property |
Description |
|---|---|
|
Must be set to |
|
Tenant ID for Azure authentication. |
|
The endpoint URL for OAuth 2.0 authentication. |
|
The OAuth 2.0 service principal’s client or application ID. |
|
A OAuth 2.0 client secret for the service principal. |
Access multiple storage accounts#
To allow Trino to access multiple Azure storage accounts from a single catalog configuration, you can use OAuth 2.0 authentication with an Azure service principal. The following steps describe how to create a service principal in Azure and assign an IAM role granting access to the storage accounts:
Create a service principal in Azure Active Directory using Azure App Registrations and save the client secret.
Assign access to the storage accounts from the account’s Access Control (IAM) section. You can add Role Assignments and select appropriate roles, such as Storage Blob Data Contributor.
Assign access using the option User, group, or service principal and select the service principal created. Save to finalize the role assignment.
Once you create the service principal and configure the storage accounts use the Client ID, Secret and Tenant ID values from the application registration, to configure the catalog using properties from OAuth 2.0 authentication.
Migration from legacy Azure Storage file system#
Trino includes legacy Azure Storage support to use with a catalog using the Delta Lake, Hive, Hudi, or Iceberg connectors. Upgrading existing deployments to the current native implementation is recommended. Legacy support is deprecated and will be removed.
To migrate a catalog to use the native file system implementation for Azure, make the following edits to your catalog configuration:
Add the
fs.native-azure.enabled=truecatalog configuration property.Configure the
azure.auth-typecatalog configuration property.Refer to the following table to rename your existing legacy catalog configuration properties to the corresponding native configuration properties. Supported configuration values are identical unless otherwise noted.
Legacy property |
Native property |
Notes |
|---|---|---|
|
|
|
|
|
Also see |
|
|
|
|
|
|
|
|
Remove the following legacy configuration properties if they exist in your catalog configuration:
hive.azure.abfs-storage-accounthive.azure.wasb-access-keyhive.azure.wasb-storage-account