Re: [PR] Add Entra ID auth manager [iceberg-python]

Wed, 28 Jan 2026 13:05:11 -0800 


rambleraptor commented on code in PR #2974:
URL: https://github.com/apache/iceberg-python/pull/2974#discussion_r2738603458


##########
tests/catalog/test_rest_auth.py:
##########
@@ -153,3 +153,80 @@ def test_google_auth_manager_import_error() -> None:
     with patch.dict("sys.modules", {"google.auth": None, 
"google.auth.transport.requests": None}):
         with pytest.raises(ImportError, match="Google Auth libraries not 
found. Please install 'google-auth'."):
             GoogleAuthManager()
+
+
+@patch("azure.identity.DefaultAzureCredential")
+def test_entra_auth_manager_default_credential(mock_default_cred: MagicMock, 
rest_mock: Mocker) -> None:

Review Comment:
   Could you add a test where the azure-default library can't successfully get 
a token? I'd expect that we'd throw an exception and not try to start sending 
Iceberg requests with a blank auth header.



##########
pyiceberg/catalog/rest/auth.py:
##########
@@ -249,6 +249,68 @@ def auth_header(self) -> str:
         return f"Bearer {self.credentials.token}"
 
 
+class EntraAuthManager(AuthManager):
+    """Auth Manager implementation that supports Microsoft Entra ID (Azure AD) 
authentication.
+
+    This manager uses the Azure Identity library's DefaultAzureCredential 
which automatically
+    tries multiple authentication methods including environment variables, 
managed identity,
+    and Azure CLI.
+
+    See 
https://learn.microsoft.com/en-us/azure/developer/python/sdk/authentication/credential-chains
+    for more details on DefaultAzureCredential.
+    """
+
+    DEFAULT_SCOPE = "https://storage.azure.com/.default";
+
+    def __init__(
+        self,
+        scopes: list[str] | None = None,

Review Comment:
   nit: consider making the default for this `[self.DEFAULT_SCOPE]`. That's 
basically the default anyways (line 287)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to