Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Chain exceptions from LibsecretPersistence #20380

Merged
merged 4 commits into from
Aug 24, 2021
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 14 additions & 5 deletions sdk/identity/azure-identity/azure/identity/_persistent_cache.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,19 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
# ------------------------------------
import logging
import os
import sys
from typing import TYPE_CHECKING

import six

if TYPE_CHECKING:
from typing import Any
import msal_extensions

_LOGGER = logging.getLogger(__name__)


class TokenCachePersistenceOptions(object):
"""Options for persistent token caching.
Expand Down Expand Up @@ -86,12 +91,16 @@ def _get_persistence(allow_unencrypted, account_name, cache_name):
return msal_extensions.LibsecretPersistence(
file_path, cache_name, {"MsalClientID": "Microsoft.Developer.IdentityService"}, label=account_name
)
except ImportError:
except Exception as ex: # pylint:disable=broad-except
_LOGGER.debug('msal-extensions is unable to encrypt a persistent cache: "%s"', ex, exc_info=True)
if not allow_unencrypted:
raise ValueError(
"PyGObject is required to encrypt the persistent cache. Please install that library or "
+ 'specify "allow_unencrypted_storage=True" to store the cache without encryption.'
error = ValueError(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why don't we explicitly tell users we need PyGObject to work?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To avoid having to keep this message up to date with msal-extensions. It may stop requiring PyGObject, or require a different version of it (it's a runtime dependency). The details of the error aren't lost; msal-extensions includes them in the exception we're raising from. Having written this I'm thinking our message should be even less specific, because this one is misleading when we can't encrypt because we're in an SSH session.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you give me more information that other than ImportError, which error(s) we want to cover here?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The next version of msal-extensions may raise ValueError or RuntimeError as well as ImportError (code is here). It might also be possible for us to see an unexpected (by msal-extensions) PyGObject exception. Handling all exceptions here appeals to me because I don't want to rely too much on the current behavior of msal-extensions, and for us the particular exception isn't important.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am fine with that. The only question I think would be do we want to give different error messages for different types of error so it can be more actionable for users to fix them?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

msal-extensions does that with its errors, so by chaining them we give users the details without depending on how msal-extensions handles libsecret/PyGObject errors.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

"Cache encryption is impossible because libsecret dependencies are not installed or are unusable,"
+ " for example because no display is available (as in an SSH session). The chained exception has"
+ ' more information. Specify "allow_unencrypted_storage=True" to store the cache unencrypted'
+ " instead of raising this exception."
)
return msal_extensions.FilePersistence(file_path)
six.raise_from(error, ex)
return msal_extensions.FilePersistence(file_path)

raise NotImplementedError("A persistent cache is not available in this environment.")