Complete azure-identity prototype#5547
Conversation
|
Can one of the admins verify this patch? |
|
/azp run azure-sdk-for-python - client |
|
Azure Pipelines successfully started running 1 pipeline(s). |
There was a problem hiding this comment.
404 [](start = 35, length = 3)
Why are you retrying on 404?
There was a problem hiding this comment.
Right? According to the IMDS docs the endpoint returns 404 when it's updating, and clients should retry.
There was a problem hiding this comment.
I'm not a big fan of having to create a list with >100 items. There are some things we can do to improve. Just off the top of my head, something like:
class StatusCodeRange(object):
def __init__(self, min_value, max_value):
self.min_value = min_value
self.max_value = max_value
def __eq__(self, other):
return self.min_value <= other and other <= self.max_value
scr = StatusCodeRange(500, 600)
assert 503 in [404, 429, scr]
assert 499 not in [1, 2, scr]It does bastardize the eq method, though, so another version would be to change the simple in check in the retry policy to understand ranges as well...
class SuperRange(object):
def __init__(self, *values):
self.values = values
def __contains__(self, value):
for value_in_range in self.values:
try:
if value_in_range[0] <= value and value <= value_in_range[1]:
return True
except TypeError:
if value_in_range == value:
return True
return False
sur = SuperRange(404, 429, (500, 600))
assert 503 in sur
assert 499 not in surThere was a problem hiding this comment.
Right? According to the IMDS docs the endpoint returns 404 when it's updating, and clients should retry.
Per the linked documentation (great find, btw :)), we should make sure our retry policy follows the suggested timeouts by default. We are trying to make sure that our libraries "do the right thing" (tm).
There was a problem hiding this comment.
Have done. I put #5628 on the backlog to track retry code range support.
|
I plan to merge this once CI is green and open another PR to incorporate the architecture board's feedback. |
This implements the rest of the azure-identity prototype introduced by #5246, adding the remaining credentials with unit tests. With this the package supports sync and async AAD authentication with managed identity or with a certificate or client secret. MSAL is used for token caching and signing the JWT assertion used in cert authentication.
Future work for future PRs includes more documentation, live tests, and maybe more shared code between credentials and between a/sync equivalents. Suggestions around the latter are welcome. Sharing more code is possible but I found everything I tried too difficult to read.
Closes #5251, closes #5149, closes #5150