PySpark — Connect Azure ADLS Gen 2

Subham Khandelwal
3 min readDec 18, 2022


Cloud Distributed Storage spaces such as Google GCS, Amazon S3 and Azure ADLS often serves as data endpoints in many big data workloads.

Representation Image

Today, we are going to try and connect Azure ADLS to our PySpark Cluster. And as you know to begin with we would definitely need an Azure Account and Storage Account created.

Once you have Storage Account and Blob contained deployed, like in our case.

Checkout Azure Documentation to create a ADLS Gen 2 Container —

Azure Blob Container

Create the Service Principle (SP) required to access the same. Move to Home > Azure Active Directory > App Registrations > New Registration

Service Principle

Once the Service Principle is created, lets assign the correct roles to access the ADLS. Move to Home > Storage Accounts > {Your Account} >Access Control (IAM) > Add > Add role assignment

Select the role as Storage Blob Data Contributor and move to Next tab. In next tab select the Service Principle we created recently and finally Review + Create.

Now our Service Principle is ready with access to Storage account. One last step is to generate a client-secret for the SP we created. Move to Home > Azure Active Directory > App Registrations > {Your SP}

SP Clien Secret

Make sure to note the client-secret value, as this is one time. All configurations are done now in Azure.

Lets move to our PySpark Cluster to add the final configurations. Create the Spark Session with required dependencies

# Create Spark Session

from pyspark.sql import SparkSession
from pyspark import SparkConf

conf = SparkConf().setAppName("Connect ADLS").setMaster("local[*]")

spark = SparkSession \
.builder \
.config(conf=conf) \

Spark Session

Add all the required configuration information as follows

 spark.conf.set("<storage-account-name>", "OAuth")
spark.conf.set("<storage-account-name>", "org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider")
spark.conf.set("<storage-account-name>", "<application-id>")
spark.conf.set("<storage-account-name>", "<directory-id>/oauth2/token")

Which in current case would look like the below (few info is redacted due to privacy):

 spark.conf.set("", "OAuth")
spark.conf.set("", "org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider")
spark.conf.set("", "f5ad39b3-3223-4eb6-af73-***********")
spark.conf.set("", "*******/oauth2/token")

<storage-account-name> is the name of the Storage Account Created

<application-id> is the Application ID of the SP.

<directory-id> is the Directory ID of the SP.

<password> is the Client Secret of the SP.

Now, lets try to read our dataset

# Read the dataset

df = spark \
.read \
.format("csv") \
.option("header", True) \
Read the dataset

We can easily read the data. The location specified is of the following format


Lets try to write the same dataset into ADLS in form of Parquet

# Lets compute and write back to ADLS

df \
.write \
.format("parquet") \
.partitionBy("DEPT ID") \
Data Written

Note: For security reasons the credentials are never supplied into the code file/notebook. The credentials are stored in core-site.xml or other specification/configuration files with required parameters.

Checkout the iPython Notebook on Github —

Checkout my Personal Blog —

Checkout the PySpark Medium Series —