Handle ImportError when constructing DefaultAzureCredential #8294
Conversation
chlowell
added
Client
|
Can one of the admins verify this patch? |
| username = os.environ.get(EnvironmentVariables.AZURE_USERNAME) | ||
| shared_cache = SharedTokenCacheCredential(username=username, authority=authority, **kwargs) | ||
| credentials.append(shared_cache) | ||
| except ImportError as ex: |
There was a problem hiding this comment.
I would make this guy bulletproof, and catch whatever could happen, and not just ImportError. Thoughts?
There was a problem hiding this comment.
I was specific here because any other exception is a new bug I want to know about, and I don't want to rely on e.g. a test case expecting ImportError from SharedTokenCacheCredential() to alert me to such bugs.
There was a problem hiding this comment.
I understand your point, from a dev perspective it makes sense, it's just on customer's machine, we won't be able to recover from yet another issue from "msal_extensions", where a generic except would allow to.
I was more thinking "if anything goes wrong while trying to create the cache, skip it", that would still allow a customer to authenticate even in panic unexpected error from the cache.
My remark being just a suggestion, approved it :)
* InteractiveBrowserCredential prompts for account selection (#8470) * remove *.yaml under tests folder from manifest.in (#8625) * [AutoPR] cosmos-db/resource-manager (#8560) * regenerated * fix script * another place * fix * fix * one more change * one more * undo multiapi script * regeneated * undo multiapi script * history, version + additional fix * regenerated * fixed test * fixed generation mistake * added more breaking changes to history * regenerated again * additional fixes * udpated test names * test recordings * Update README.md (#8628) Add standard section on security issues below the "file an issue via GitHub Issues' bullet. * Handle exceptions when constructing DefaultAzureCredential (#8294) * Python 3.8 test pipeline is not cancelled when build is cancelled (#8544) * Skip python 3.8 testing when CI is cancelled * Cosmos docstring review (#8607) * cosmos docstring edits * user-defined * trailing whitespace * xfail flaky emulator tests * review feedback * Default credentials are configurable by kwargs (#8514) * Nightly build is failing due version conflict between storage datalak… (#8635) * Nightly build is failing due version conflict between storage datalake and storage blob * InkRecognizer to use GA azure-core (#8341) * InkRecognizer to use Ga azure-core * Disable auto-pr update * Azconfig remove tests from whl (#8663) * update tests * ignoring the azure folder directly (#8673)
As described in #8292,
SharedTokenCacheCredentialraises anImportErrorin Python 3.8 running on Windows.DefaultAzureCredentialis therefore unusable on 3.8/win because it constructsSharedTokenCacheCredential. With this change,DefaultAzureCredentialexpects the exception and will not attempt to use the shared token cache on 3.8/win.With this change:
DefaultAzureCredentialworks on 3.8/win minus the shared token cache, whose unavailability it logsSharedTokenCacheCredentialstill allows the exception to propagate