![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 27%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPJ%3C/text%3E%3C/svg%3E)
Azure Data Lake Storage
An Azure service that provides an enterprise-wide hyper-scale repository for big data analytic workloads and is integrated with Azure Blob Storage.
1,559 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 63%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hi John,
When seeing your issue it looks like you're encountering with the 403 error when trying to use the fs.exists() method on Azure Data Lake Storage Gen2 (ADLS Gen2) using a Shared Access Signature (SAS) token in your Spark session seems to stem from how the SAS token is being applied (or not applied) for the Hadoop FileSystem operations.
In the first part of your code, where you're reading data from ADLS Gen2, you're directly setting the SAS token configuration on the Spark session configuration. This works well for Spark's built-in data source APIs (like spark.read.parquet) because Spark correctly uses these configurations to authenticate requests to Azure Blob Storage.
However, when you attempt to use the Hadoop FileSystem API directly (like fs.exists()), the SAS token configuration needs to be explicitly set in the Hadoop Configuration context used by the Spark session. This is because the direct Hadoop FileSystem operations might not automatically pick up the SAS token settings from the Spark configuration.
Possible Solution
To ensure that the Hadoop FileSystem API can authenticate using the SAS token, you should explicitly set the necessary configuration properties in the Hadoop Configuration context. Specifically, you need to ensure that the SAS token is properly configured for use by the Hadoop FileSystem API. You can try setting the SAS token directly in the Hadoop configuration, similar to how you've set it in the Spark configuration: hadoop_conf = spark._jsc.hadoopConfiguration()
hadoop_conf.set("fs.azure", "org.apache.hadoop.fs.azure.NativeAzureFileSystem")
hadoop_conf.set("fs.azure.sas.token.provider.type.gsdevtest.dfs.core.windows.net", "org.apache.hadoop.fs.azurebfs.sas.FixedSASTokenProvider")
hadoop_conf.set("fs.azure.sas.fixed.token.gsdevtest.dfs.core.windows.net", "<your_sas_token>")
Make sure you replace <your_sas_token> with your actual SAS token, keeping in mind to not expose your SAS token in your code for security reasons.
Additional Steps
- Ensure Correct Scope: Verify that the SAS token has the appropriate permissions for the operations you are attempting to perform. For
fs.exists(), at minimum, read permissions on the directory or file are necessary. - Check SAS Token Expiry: Ensure that the SAS token hasn't expired. An expired token will result in a 403 error.
- URL Encoding: Confirm that the SAS token is correctly URL-encoded. Sometimes, issues can arise if special characters in the SAS token are not properly encoded.
By explicitly setting the SAS token within the Hadoop configuration context used by your Spark session, you should be able to authenticate the fs.exists() call and other Hadoop FileSystem operations against ADLS Gen2.
I hope this helps, if you have any questions please let me know.