Add back the SharedTokenCacheCredential to handle token which is cached by the InteractiveBrowserCredential #603
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -16,6 +16,9 @@ | |
| InteractiveBrowserCredential, | ||
| DeviceCodeCredential, | ||
| _internal as AzureIdentityInternals, | ||
| TokenCachePersistenceOptions, | ||
| SharedTokenCacheCredential, | ||
| _persistent_cache as AzureIdentityPersistentCache | ||
| ) | ||
| from ._chained import _ChainedTokenCredential | ||
| from ._token import _TokenFileCredential | ||
|
|
@@ -84,22 +87,70 @@ def _authority_or_default(self, authority: str, arm_endpoint: str): | |
| return ConnectionConstants.DOGFOOD_AUTHORITY | ||
| return ConnectionConstants.AUTHORITY | ||
|
|
||
| def _get_cache_options(self) -> Optional[TokenCachePersistenceOptions]: | ||
| """ | ||
| Returns a valid TokenCachePersistenceOptions | ||
| if the AzureIdentity Persistent Cache is accessible. | ||
| Returns None otherwise. | ||
| """ | ||
| cache_options = TokenCachePersistenceOptions( | ||
| allow_unencrypted_storage=True, | ||
| name="AzureQuantumSDK" | ||
| ) | ||
| try: | ||
| # pylint: disable=protected-access | ||
| cache = AzureIdentityPersistentCache._load_persistent_cache(cache_options) | ||
| try: | ||
| _LOGGER.error( | ||
| 'Using Azure.Identity Token Cache at %s. ', | ||
| cache._persistence.get_location() | ||
| ) | ||
| except: # pylint: disable=bare-except | ||
| pass | ||
| return cache_options | ||
| except Exception as ex: # pylint: disable=broad-except | ||
| _LOGGER.warning( | ||
| 'Error trying to access Azure.Identity Token Cache at %s. ' | ||
| 'Raised unexpected exception:\n%s', | ||
| self.__class__._get_cache_options.__qualname__, | ||
| ex, | ||
| exc_info=_LOGGER.isEnabledFor(logging.DEBUG), | ||
| ) | ||
| return None | ||
|
|
||
| def _initialize_credentials(self) -> None: | ||
| self._discover_tenant_id_( | ||
| arm_endpoint=self.arm_endpoint, | ||
| subscription_id=self.subscription_id) | ||
| cache_options = self._get_cache_options() | ||
| credentials = [] | ||
| credentials.append(_TokenFileCredential()) | ||
| credentials.append(EnvironmentCredential()) | ||
| if self.client_id: | ||
| credentials.append(ManagedIdentityCredential(client_id=self.client_id)) | ||
| if self.authority and self.tenant_id: | ||
| credentials.append(VisualStudioCodeCredential( | ||
| authority=self.authority, | ||
| tenant_id=self.tenant_id)) | ||
| credentials.append(AzureCliCredential(tenant_id=self.tenant_id)) | ||
| credentials.append(AzurePowerShellCredential(tenant_id=self.tenant_id)) | ||
| # The SharedTokenCacheCredential is used when the token cache | ||
| # is available to attempt loading a token stored in the cache | ||
| # by the InteractiveBrowserCredential. | ||
| if cache_options: | ||
| credentials.append(SharedTokenCacheCredential( | ||
| authority=self.authority, | ||
|
There was a problem hiding this comment. I think we might also need to pass There was a problem hiding this comment. As I mentioned in this comment #603 (comment), on Linux I have a mismatch of a current tenant id and id from the cache, which leads to exception in the |
||
| cache_persistence_options=cache_options)) | ||
| credentials.append( | ||
| InteractiveBrowserCredential( | ||
| authority=self.authority, | ||
| tenant_id=self.tenant_id, | ||
| cache_persistence_options=cache_options)) | ||
| if self.client_id: | ||
| credentials.append(DeviceCodeCredential( | ||
| authority=self.authority, | ||
| client_id=self.client_id, | ||
| tenant_id=self.tenant_id)) | ||
| self.credentials = credentials | ||
|
|
||
| def get_token(self, *scopes: str, **kwargs) -> AccessToken: | ||
|
|
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry if I am missing something here, but should this be an error log level?
and what do we really guard here in that try/catch clause?
cache._persistence.get_location()?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch. I was using error log level for local testing. I updated it to info.
I guarded the
cache._persistence.get_location()because:_persistenceis a private attribute that can change in the futureget_location()could raise an expected exception in a particular situation that we are not aware ofBut feel free to modify the code as you see better.
Like we could try to get the location, but even if fails, it we could log the rest of the info ("Using Azure.Identity Token Cache.").
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I made a small improvement based on my own comment, but feel free to adjust it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, that makes a lot of sense now, thanks :)