github.com/apache/beam/sdks/v2@v2.48.2/python/apache_beam/internal/azure/auth.py

github.com/apache/beam/sdks/v2@v2.48.2/python/apache_beam/internal/azure/auth.py (about)

     1  #
     2  # Licensed to the Apache Software Foundation (ASF) under one or more
     3  # contributor license agreements.  See the NOTICE file distributed with
     4  # this work for additional information regarding copyright ownership.
     5  # The ASF licenses this file to You under the Apache License, Version 2.0
     6  # (the "License"); you may not use this file except in compliance with
     7  # the License.  You may obtain a copy of the License at
     8  #
     9  #    http://www.apache.org/licenses/LICENSE-2.0
    10  #
    11  # Unless required by applicable law or agreed to in writing, software
    12  # distributed under the License is distributed on an "AS IS" BASIS,
    13  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14  # See the License for the specific language governing permissions and
    15  # limitations under the License.
    16  #
    17  
    18  """Azure credentials and authentication."""
    19  
    20  # pytype: skip-file
    21  
    22  import logging
    23  import threading
    24  
    25  from apache_beam.options.pipeline_options import AzureOptions
    26  
    27  try:
    28    from azure.identity import DefaultAzureCredential
    29    _AZURE_AUTH_AVAILABLE = True
    30  except ImportError:
    31    _AZURE_AUTH_AVAILABLE = False
    32  
    33  _LOGGER = logging.getLogger(__name__)
    34  
    35  
    36  def get_service_credentials(pipeline_options):
    37    """For internal use only; no backwards-compatibility guarantees.
    38  
    39    Get credentials to access Azure services.
    40    Args:
    41      pipeline_options: Pipeline options, used in creating credentials
    42        like managed identity credentials.
    43  
    44    Returns:
    45      A ``azure.identity.*Credential`` object or None if credentials
    46      not found. Returned object is thread-safe.
    47    """
    48    return _Credentials.get_service_credentials(pipeline_options)
    49  
    50  
    51  class _Credentials(object):
    52    _credentials_lock = threading.Lock()
    53    _credentials_init = False
    54    _credentials = None
    55  
    56    @classmethod
    57    def get_service_credentials(cls, pipeline_options):
    58      with cls._credentials_lock:
    59        if cls._credentials_init:
    60          return cls._credentials
    61        cls._credentials = cls._get_service_credentials(pipeline_options)
    62        cls._credentials_init = True
    63  
    64      return cls._credentials
    65  
    66    @staticmethod
    67    def _get_service_credentials(pipeline_options):
    68      if not _AZURE_AUTH_AVAILABLE:
    69        _LOGGER.warning(
    70            'Unable to find default credentials because the azure.identity '
    71            'library is not available. Install the azure.identity library to use '
    72            'Azure default credentials.')
    73        return None
    74  
    75      try:
    76        credentials = DefaultAzureCredential(
    77          managed_identity_client_id=pipeline_options.view_as(AzureOptions)\
    78            .azure_managed_identity_client_id)
    79        _LOGGER.debug('Connecting using Azure Default Credentials.')
    80        return credentials
    81      except Exception as e:
    82        _LOGGER.warning('Unable to find Azure credentials to use: %s\n', e)
    83        return None