From 8d661eb43b0a059b6b004b90cde3f9271c4e9ffc Mon Sep 17 00:00:00 2001 From: Laurent Mazuel Date: Wed, 2 Apr 2025 23:39:22 +0000 Subject: [PATCH 1/4] Add audience parameter to Tables --- .../azure/data/tables/_authentication.py | 6 +++++- .../azure/data/tables/_base_client.py | 14 +++++++++++--- .../azure/data/tables/_table_client.py | 5 ++++- 3 files changed, 20 insertions(+), 5 deletions(-) diff --git a/sdk/tables/azure-data-tables/azure/data/tables/_authentication.py b/sdk/tables/azure-data-tables/azure/data/tables/_authentication.py index 107e7d747a35..706520f33165 100644 --- a/sdk/tables/azure-data-tables/azure/data/tables/_authentication.py +++ b/sdk/tables/azure-data-tables/azure/data/tables/_authentication.py @@ -246,10 +246,14 @@ def _configure_credential( Union[AzureNamedKeyCredential, AzureSasCredential, TokenCredential, SharedKeyCredentialPolicy] ], cosmos_endpoint: bool = False, + audience: Optional[str] = None, ) -> Optional[Union[BearerTokenChallengePolicy, AzureSasCredentialPolicy, SharedKeyCredentialPolicy]]: if hasattr(credential, "get_token"): credential = cast(TokenCredential, credential) - scope = COSMOS_OAUTH_SCOPE if cosmos_endpoint else STORAGE_OAUTH_SCOPE + if audience: + scope = audience + "/.default" + else: + scope = COSMOS_OAUTH_SCOPE if cosmos_endpoint else STORAGE_OAUTH_SCOPE return BearerTokenChallengePolicy(credential, scope) if isinstance(credential, SharedKeyCredentialPolicy): return credential diff --git a/sdk/tables/azure-data-tables/azure/data/tables/_base_client.py b/sdk/tables/azure-data-tables/azure/data/tables/_base_client.py index 83204237a0a7..845b62f69905 100644 --- a/sdk/tables/azure-data-tables/azure/data/tables/_base_client.py +++ b/sdk/tables/azure-data-tables/azure/data/tables/_base_client.py @@ -71,6 +71,7 @@ def __init__( # pylint: disable=missing-client-constructor-parameter-credential *, credential: Optional[Union[AzureSasCredential, AzureNamedKeyCredential, TokenCredential]] = None, api_version: Optional[str] = None, + audience: Optional[str] = None, # Add audience parameter **kwargs: Any, ) -> None: """ @@ -86,6 +87,8 @@ def __init__( # pylint: disable=missing-client-constructor-parameter-credential :keyword api_version: Specifies the version of the operation to use for this request. Default value is "2019-02-02". :paramtype api_version: str or None + :keyword audience: The audience to use for credential authentication. + :paramtype audience: str or None """ try: if not endpoint.lower().startswith("http"): @@ -129,7 +132,7 @@ def __init__( # pylint: disable=missing-client-constructor-parameter-credential } self._hosts = _hosts - self._policies = self._configure_policies(hosts=self._hosts, **kwargs) + self._policies = self._configure_policies(audience=audience, hosts=self._hosts, **kwargs) # pass audience if self._cosmos_endpoint: self._policies.insert(0, CosmosPatchTransformPolicy()) @@ -222,8 +225,13 @@ def _format_url(self, hostname): """ return f"{self.scheme}://{hostname}{self._query_str}" - def _configure_policies(self, **kwargs): - credential_policy = _configure_credential(self.credential, self._cosmos_endpoint) + def _configure_policies( + self, + *, + audience: Optional[str] = None, + **kwargs: Any + ) -> List[Any]: + credential_policy = _configure_credential(self.credential, cosmos_endpoint=self._cosmos_endpoint, audience=audience) return [ RequestIdPolicy(**kwargs), StorageHeadersPolicy(**kwargs), diff --git a/sdk/tables/azure-data-tables/azure/data/tables/_table_client.py b/sdk/tables/azure-data-tables/azure/data/tables/_table_client.py index 1c6835f895c8..9a9fae243d07 100644 --- a/sdk/tables/azure-data-tables/azure/data/tables/_table_client.py +++ b/sdk/tables/azure-data-tables/azure/data/tables/_table_client.py @@ -73,6 +73,7 @@ def __init__( # pylint: disable=missing-client-constructor-parameter-credential table_name: str, *, credential: Optional[Union[AzureSasCredential, AzureNamedKeyCredential, TokenCredential]] = None, + audience: Optional[str] = None, api_version: Optional[str] = None, encoder_map: Optional[EncoderMapType] = None, decoder_map: Optional[DecoderMapType] = None, @@ -91,6 +92,8 @@ def __init__( # pylint: disable=missing-client-constructor-parameter-credential ~azure.core.credentials.AzureNamedKeyCredential or ~azure.core.credentials.AzureSasCredential or ~azure.core.credentials.TokenCredential or None + :keyword audience: Optional audience to use when authenticating. Defaults to None. + :paramtype audience: str or None :keyword api_version: Specifies the version of the operation to use for this request. Default value is "2019-02-02". :paramtype api_version: str or None @@ -112,7 +115,7 @@ def __init__( # pylint: disable=missing-client-constructor-parameter-credential self.table_name: str = table_name self.encoder = TableEntityEncoder(convert_map=encoder_map) self.decoder = TableEntityDecoder(convert_map=decoder_map, flatten_result_entity=flatten_result_entity) - super(TableClient, self).__init__(endpoint, credential=credential, api_version=api_version, **kwargs) + super(TableClient, self).__init__(endpoint, credential=credential, api_version=api_version, audience=audience, **kwargs) @classmethod def from_connection_string(cls, conn_str: str, table_name: str, **kwargs: Any) -> "TableClient": From a508d6246d61fe65901af015b6b9119eaeccdc15 Mon Sep 17 00:00:00 2001 From: Paul Van Eck Date: Sat, 12 Apr 2025 00:56:40 +0000 Subject: [PATCH 2/4] [Tables] Add more audience support Signed-off-by: Paul Van Eck --- sdk/tables/azure-data-tables/CHANGELOG.md | 1 + .../azure/data/tables/_authentication.py | 2 +- .../azure/data/tables/_base_client.py | 20 +++++++++---------- .../azure/data/tables/_table_client.py | 7 +++++-- .../data/tables/aio/_authentication_async.py | 6 +++++- .../data/tables/aio/_base_client_async.py | 10 +++++++--- .../data/tables/aio/_table_client_async.py | 8 +++++++- .../tests/test_table_client.py | 19 ++++++++++++++++++ .../tests/test_table_client_async.py | 20 +++++++++++++++++++ 9 files changed, 74 insertions(+), 19 deletions(-) diff --git a/sdk/tables/azure-data-tables/CHANGELOG.md b/sdk/tables/azure-data-tables/CHANGELOG.md index 967b40179937..1a57ee6576db 100644 --- a/sdk/tables/azure-data-tables/CHANGELOG.md +++ b/sdk/tables/azure-data-tables/CHANGELOG.md @@ -6,6 +6,7 @@ * Added to support customized encoding and decoding in entity CRUD operations. * Added to support Entity property in Tuple and Enum types. * Added to support flatten Entity metadata in entity deserialization by passing kwarg `flatten_result_entity` when creating clients. +* Added support for configuring custom audiences for `TokenCredential` authentication when initializing a `TableClient` or `TableServiceClient`. ### Bugs Fixed * Fixed duplicate odata tag bug in encoder when Entity property has "@odata.type" provided. diff --git a/sdk/tables/azure-data-tables/azure/data/tables/_authentication.py b/sdk/tables/azure-data-tables/azure/data/tables/_authentication.py index 706520f33165..06e00bea0e29 100644 --- a/sdk/tables/azure-data-tables/azure/data/tables/_authentication.py +++ b/sdk/tables/azure-data-tables/azure/data/tables/_authentication.py @@ -251,7 +251,7 @@ def _configure_credential( if hasattr(credential, "get_token"): credential = cast(TokenCredential, credential) if audience: - scope = audience + "/.default" + scope = audience.rstrip("/") + "/.default" else: scope = COSMOS_OAUTH_SCOPE if cosmos_endpoint else STORAGE_OAUTH_SCOPE return BearerTokenChallengePolicy(credential, scope) diff --git a/sdk/tables/azure-data-tables/azure/data/tables/_base_client.py b/sdk/tables/azure-data-tables/azure/data/tables/_base_client.py index 845b62f69905..f45b6ec1555f 100644 --- a/sdk/tables/azure-data-tables/azure/data/tables/_base_client.py +++ b/sdk/tables/azure-data-tables/azure/data/tables/_base_client.py @@ -71,7 +71,7 @@ def __init__( # pylint: disable=missing-client-constructor-parameter-credential *, credential: Optional[Union[AzureSasCredential, AzureNamedKeyCredential, TokenCredential]] = None, api_version: Optional[str] = None, - audience: Optional[str] = None, # Add audience parameter + audience: Optional[str] = None, **kwargs: Any, ) -> None: """ @@ -84,11 +84,12 @@ def __init__( # pylint: disable=missing-client-constructor-parameter-credential ~azure.core.credentials.AzureNamedKeyCredential or ~azure.core.credentials.AzureSasCredential or ~azure.core.credentials.TokenCredential or None + :keyword audience: Optional audience to use for Microsoft Entra ID authentication. If not specified, + the public cloud audience will be used. + :paramtype audience: str or None :keyword api_version: Specifies the version of the operation to use for this request. Default value is "2019-02-02". :paramtype api_version: str or None - :keyword audience: The audience to use for credential authentication. - :paramtype audience: str or None """ try: if not endpoint.lower().startswith("http"): @@ -132,7 +133,7 @@ def __init__( # pylint: disable=missing-client-constructor-parameter-credential } self._hosts = _hosts - self._policies = self._configure_policies(audience=audience, hosts=self._hosts, **kwargs) # pass audience + self._policies = self._configure_policies(audience=audience, hosts=self._hosts, **kwargs) if self._cosmos_endpoint: self._policies.insert(0, CosmosPatchTransformPolicy()) @@ -225,13 +226,10 @@ def _format_url(self, hostname): """ return f"{self.scheme}://{hostname}{self._query_str}" - def _configure_policies( - self, - *, - audience: Optional[str] = None, - **kwargs: Any - ) -> List[Any]: - credential_policy = _configure_credential(self.credential, cosmos_endpoint=self._cosmos_endpoint, audience=audience) + def _configure_policies(self, *, audience: Optional[str] = None, **kwargs: Any) -> List[Any]: + credential_policy = _configure_credential( + self.credential, cosmos_endpoint=self._cosmos_endpoint, audience=audience + ) return [ RequestIdPolicy(**kwargs), StorageHeadersPolicy(**kwargs), diff --git a/sdk/tables/azure-data-tables/azure/data/tables/_table_client.py b/sdk/tables/azure-data-tables/azure/data/tables/_table_client.py index 9a9fae243d07..87692998cef0 100644 --- a/sdk/tables/azure-data-tables/azure/data/tables/_table_client.py +++ b/sdk/tables/azure-data-tables/azure/data/tables/_table_client.py @@ -92,7 +92,8 @@ def __init__( # pylint: disable=missing-client-constructor-parameter-credential ~azure.core.credentials.AzureNamedKeyCredential or ~azure.core.credentials.AzureSasCredential or ~azure.core.credentials.TokenCredential or None - :keyword audience: Optional audience to use when authenticating. Defaults to None. + :keyword audience: Optional audience to use for Microsoft Entra ID authentication. If not specified, + the public cloud audience will be used. :paramtype audience: str or None :keyword api_version: Specifies the version of the operation to use for this request. Default value is "2019-02-02". @@ -115,7 +116,9 @@ def __init__( # pylint: disable=missing-client-constructor-parameter-credential self.table_name: str = table_name self.encoder = TableEntityEncoder(convert_map=encoder_map) self.decoder = TableEntityDecoder(convert_map=decoder_map, flatten_result_entity=flatten_result_entity) - super(TableClient, self).__init__(endpoint, credential=credential, api_version=api_version, audience=audience, **kwargs) + super(TableClient, self).__init__( + endpoint, credential=credential, api_version=api_version, audience=audience, **kwargs + ) @classmethod def from_connection_string(cls, conn_str: str, table_name: str, **kwargs: Any) -> "TableClient": diff --git a/sdk/tables/azure-data-tables/azure/data/tables/aio/_authentication_async.py b/sdk/tables/azure-data-tables/azure/data/tables/aio/_authentication_async.py index 54cd261bb8f3..0db4c12cc095 100644 --- a/sdk/tables/azure-data-tables/azure/data/tables/aio/_authentication_async.py +++ b/sdk/tables/azure-data-tables/azure/data/tables/aio/_authentication_async.py @@ -102,10 +102,14 @@ def _configure_credential( Union[AzureNamedKeyCredential, AzureSasCredential, AsyncTokenCredential, SharedKeyCredentialPolicy] ], cosmos_endpoint: bool = False, + audience: Optional[str] = None, ) -> Optional[Union[AsyncBearerTokenChallengePolicy, AzureSasCredentialPolicy, SharedKeyCredentialPolicy]]: if hasattr(credential, "get_token"): credential = cast(AsyncTokenCredential, credential) - scope = COSMOS_OAUTH_SCOPE if cosmos_endpoint else STORAGE_OAUTH_SCOPE + if audience: + scope = audience.rstrip("/") + "/.default" + else: + scope = COSMOS_OAUTH_SCOPE if cosmos_endpoint else STORAGE_OAUTH_SCOPE return AsyncBearerTokenChallengePolicy(credential, scope) if isinstance(credential, SharedKeyCredentialPolicy): return credential diff --git a/sdk/tables/azure-data-tables/azure/data/tables/aio/_base_client_async.py b/sdk/tables/azure-data-tables/azure/data/tables/aio/_base_client_async.py index 952b7b1932c7..e37bbefc9d22 100644 --- a/sdk/tables/azure-data-tables/azure/data/tables/aio/_base_client_async.py +++ b/sdk/tables/azure-data-tables/azure/data/tables/aio/_base_client_async.py @@ -57,6 +57,7 @@ def __init__( # pylint: disable=missing-client-constructor-parameter-credential endpoint: str, *, credential: Optional[Union[AzureSasCredential, AzureNamedKeyCredential, AsyncTokenCredential]] = None, + audience: Optional[str] = None, api_version: Optional[str] = None, **kwargs: Any, ) -> None: @@ -70,6 +71,9 @@ def __init__( # pylint: disable=missing-client-constructor-parameter-credential ~azure.core.credentials.AzureNamedKeyCredential or ~azure.core.credentials.AzureSasCredential or ~azure.core.credentials_async.AsyncTokenCredential or None + :keyword audience: Optional audience to use for Microsoft Entra ID authentication. If not specified, + the public cloud audience will be used. + :paramtype audience: str or None :keyword api_version: Specifies the version of the operation to use for this request. Default value is "2019-02-02". :paramtype api_version: str or None @@ -116,7 +120,7 @@ def __init__( # pylint: disable=missing-client-constructor-parameter-credential } self._hosts = _hosts - self._policies = self._configure_policies(hosts=self._hosts, **kwargs) + self._policies = self._configure_policies(audience=audience, hosts=self._hosts, **kwargs) if self._cosmos_endpoint: self._policies.insert(0, CosmosPatchTransformPolicy()) @@ -215,8 +219,8 @@ def _format_url(self, hostname): """ return f"{self.scheme}://{hostname}{self._query_str}" - def _configure_policies(self, **kwargs): - credential_policy = _configure_credential(self.credential, self._cosmos_endpoint) + def _configure_policies(self, *, audience: Optional[str] = None, **kwargs: Any) -> List[Any]: + credential_policy = _configure_credential(self.credential, self._cosmos_endpoint, audience=audience) return [ RequestIdPolicy(**kwargs), StorageHeadersPolicy(**kwargs), diff --git a/sdk/tables/azure-data-tables/azure/data/tables/aio/_table_client_async.py b/sdk/tables/azure-data-tables/azure/data/tables/aio/_table_client_async.py index b0376da23c8b..feef43d499b6 100644 --- a/sdk/tables/azure-data-tables/azure/data/tables/aio/_table_client_async.py +++ b/sdk/tables/azure-data-tables/azure/data/tables/aio/_table_client_async.py @@ -74,6 +74,7 @@ def __init__( # pylint: disable=missing-client-constructor-parameter-credential table_name: str, *, credential: Optional[Union[AzureSasCredential, AzureNamedKeyCredential, AsyncTokenCredential]] = None, + audience: Optional[str] = None, api_version: Optional[str] = None, encoder_map: Optional[EncoderMapType] = None, decoder_map: Optional[DecoderMapType] = None, @@ -92,6 +93,9 @@ def __init__( # pylint: disable=missing-client-constructor-parameter-credential ~azure.core.credentials.AzureNamedKeyCredential or ~azure.core.credentials.AzureSasCredential or ~azure.core.credentials_async.AsyncTokenCredential or None + :keyword audience: Optional audience to use for Microsoft Entra ID authentication. If not specified, + the public cloud audience will be used. + :paramtype audience: str or None :keyword api_version: Specifies the version of the operation to use for this request. Default value is "2019-02-02". :paramtype api_version: str or None @@ -113,7 +117,9 @@ def __init__( # pylint: disable=missing-client-constructor-parameter-credential self.table_name: str = table_name self.encoder = TableEntityEncoder(convert_map=encoder_map) self.decoder = TableEntityDecoder(convert_map=decoder_map, flatten_result_entity=flatten_result_entity) - super(TableClient, self).__init__(endpoint, credential=credential, api_version=api_version, **kwargs) + super(TableClient, self).__init__( + endpoint, credential=credential, api_version=api_version, audience=audience, **kwargs + ) @classmethod def from_connection_string(cls, conn_str: str, table_name: str, **kwargs: Any) -> "TableClient": diff --git a/sdk/tables/azure-data-tables/tests/test_table_client.py b/sdk/tables/azure-data-tables/tests/test_table_client.py index 9201cda53b7d..f4e11d11ab22 100644 --- a/sdk/tables/azure-data-tables/tests/test_table_client.py +++ b/sdk/tables/azure-data-tables/tests/test_table_client.py @@ -10,6 +10,7 @@ from datetime import datetime, timedelta from devtools_testutils import AzureRecordedTestCase, recorded_by_proxy +from unittest.mock import patch from azure.data.tables import ( TableServiceClient, @@ -903,6 +904,24 @@ def test_create_service_with_token(self): assert service.credential == token_credential assert not hasattr(service.credential, "account_key") + @pytest.mark.parametrize("client_class", SERVICES) + def test_create_service_client_with_custom_audience(self, client_class): + url = self.account_url(self.tables_storage_account_name, "table") + token_credential = self.get_token_credential() + custom_audience = "https://foo.bar" + expected_scope = custom_audience + "/.default" + + # Test with patching to verify BearerTokenChallengePolicy is created with the proper scope. + with patch("azure.data.tables._authentication.BearerTokenChallengePolicy") as mock_policy: + client_class( + url, + credential=token_credential, + table_name="foo", + audience=custom_audience, + ) + + mock_policy.assert_called_with(token_credential, expected_scope) + def test_create_client_with_api_version(self): url = self.account_url(self.tables_storage_account_name, "table") client = TableServiceClient(url, credential=self.credential) diff --git a/sdk/tables/azure-data-tables/tests/test_table_client_async.py b/sdk/tables/azure-data-tables/tests/test_table_client_async.py index 38fa6800ec67..52cf51514c97 100644 --- a/sdk/tables/azure-data-tables/tests/test_table_client_async.py +++ b/sdk/tables/azure-data-tables/tests/test_table_client_async.py @@ -11,6 +11,7 @@ from datetime import datetime, timedelta from devtools_testutils import AzureRecordedTestCase from devtools_testutils.aio import recorded_by_proxy_async +from unittest.mock import patch from azure.core.credentials import AzureNamedKeyCredential, AzureSasCredential from azure.core.exceptions import ResourceNotFoundError, HttpResponseError, ClientAuthenticationError @@ -670,6 +671,25 @@ async def test_create_service_with_token_async(self): assert service.credential == token_credential assert not hasattr(service.credential, "account_key") + @pytest.mark.asyncio + @pytest.mark.parametrize("client_class", SERVICES) + def test_create_service_client_with_custom_audience(self, client_class): + url = self.account_url(self.tables_storage_account_name, "table") + token_credential = self.get_token_credential() + custom_audience = "https://foo.bar" + expected_scope = custom_audience + "/.default" + + # Test with patching to verify AsyncBearerTokenChallengePolicy is created with the proper scope. + with patch("azure.data.tables.aio._authentication_async.AsyncBearerTokenChallengePolicy") as mock_policy: + client_class( + url, + credential=token_credential, + table_name="foo", + audience=custom_audience, + ) + + mock_policy.assert_called_with(token_credential, expected_scope) + @pytest.mark.skip("HTTP prefix does not raise an error") @pytest.mark.asyncio async def test_create_service_with_token_and_http(self): From 3688820d8c02bed790a120f97e84750d17e3917e Mon Sep 17 00:00:00 2001 From: Paul Van Eck Date: Sat, 12 Apr 2025 01:15:39 +0000 Subject: [PATCH 3/4] Update changelog Signed-off-by: Paul Van Eck --- sdk/tables/azure-data-tables/CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/tables/azure-data-tables/CHANGELOG.md b/sdk/tables/azure-data-tables/CHANGELOG.md index 1a57ee6576db..86a6b7ed5bbf 100644 --- a/sdk/tables/azure-data-tables/CHANGELOG.md +++ b/sdk/tables/azure-data-tables/CHANGELOG.md @@ -6,7 +6,7 @@ * Added to support customized encoding and decoding in entity CRUD operations. * Added to support Entity property in Tuple and Enum types. * Added to support flatten Entity metadata in entity deserialization by passing kwarg `flatten_result_entity` when creating clients. -* Added support for configuring custom audiences for `TokenCredential` authentication when initializing a `TableClient` or `TableServiceClient`. +* Added support for configuring custom audiences for `TokenCredential` authentication when initializing a `TableClient` or `TableServiceClient`. ([#40487](https://github.com/Azure/azure-sdk-for-python/pull/40487)) ### Bugs Fixed * Fixed duplicate odata tag bug in encoder when Entity property has "@odata.type" provided. From 14d4e97d10df0edb64a1064c9eca828006dc7acb Mon Sep 17 00:00:00 2001 From: Paul Van Eck Date: Mon, 14 Apr 2025 20:20:59 +0000 Subject: [PATCH 4/4] update overloads Signed-off-by: Paul Van Eck --- .../azure/data/tables/_authentication.py | 18 +++++++++++++----- .../data/tables/aio/_authentication_async.py | 18 +++++++++++++----- 2 files changed, 26 insertions(+), 10 deletions(-) diff --git a/sdk/tables/azure-data-tables/azure/data/tables/_authentication.py b/sdk/tables/azure-data-tables/azure/data/tables/_authentication.py index 06e00bea0e29..ed23c11f3b52 100644 --- a/sdk/tables/azure-data-tables/azure/data/tables/_authentication.py +++ b/sdk/tables/azure-data-tables/azure/data/tables/_authentication.py @@ -222,23 +222,31 @@ def on_challenge(self, request: PipelineRequest, response: PipelineResponse) -> @overload -def _configure_credential(credential: AzureNamedKeyCredential) -> SharedKeyCredentialPolicy: ... +def _configure_credential( + credential: AzureNamedKeyCredential, cosmos_endpoint: bool = False, audience: Optional[str] = None +) -> SharedKeyCredentialPolicy: ... @overload -def _configure_credential(credential: SharedKeyCredentialPolicy) -> SharedKeyCredentialPolicy: ... +def _configure_credential( + credential: SharedKeyCredentialPolicy, cosmos_endpoint: bool = False, audience: Optional[str] = None +) -> SharedKeyCredentialPolicy: ... @overload -def _configure_credential(credential: AzureSasCredential) -> AzureSasCredentialPolicy: ... +def _configure_credential( + credential: AzureSasCredential, cosmos_endpoint: bool = False, audience: Optional[str] = None +) -> AzureSasCredentialPolicy: ... @overload -def _configure_credential(credential: TokenCredential) -> BearerTokenChallengePolicy: ... +def _configure_credential( + credential: TokenCredential, cosmos_endpoint: bool = False, audience: Optional[str] = None +) -> BearerTokenChallengePolicy: ... @overload -def _configure_credential(credential: None) -> None: ... +def _configure_credential(credential: None, cosmos_endpoint: bool = False, audience: Optional[str] = None) -> None: ... def _configure_credential( diff --git a/sdk/tables/azure-data-tables/azure/data/tables/aio/_authentication_async.py b/sdk/tables/azure-data-tables/azure/data/tables/aio/_authentication_async.py index 0db4c12cc095..9d67c078920f 100644 --- a/sdk/tables/azure-data-tables/azure/data/tables/aio/_authentication_async.py +++ b/sdk/tables/azure-data-tables/azure/data/tables/aio/_authentication_async.py @@ -78,23 +78,31 @@ async def on_challenge(self, request: PipelineRequest, response: PipelineRespons @overload -def _configure_credential(credential: AzureNamedKeyCredential) -> SharedKeyCredentialPolicy: ... +def _configure_credential( + credential: AzureNamedKeyCredential, cosmos_endpoint: bool = False, audience: Optional[str] = None +) -> SharedKeyCredentialPolicy: ... @overload -def _configure_credential(credential: SharedKeyCredentialPolicy) -> SharedKeyCredentialPolicy: ... +def _configure_credential( + credential: SharedKeyCredentialPolicy, cosmos_endpoint: bool = False, audience: Optional[str] = None +) -> SharedKeyCredentialPolicy: ... @overload -def _configure_credential(credential: AzureSasCredential) -> AzureSasCredentialPolicy: ... +def _configure_credential( + credential: AzureSasCredential, cosmos_endpoint: bool = False, audience: Optional[str] = None +) -> AzureSasCredentialPolicy: ... @overload -def _configure_credential(credential: AsyncTokenCredential) -> AsyncBearerTokenChallengePolicy: ... +def _configure_credential( + credential: AsyncTokenCredential, cosmos_endpoint: bool = False, audience: Optional[str] = None +) -> AsyncBearerTokenChallengePolicy: ... @overload -def _configure_credential(credential: None) -> None: ... +def _configure_credential(credential: None, cosmos_endpoint: bool = False, audience: Optional[str] = None) -> None: ... def _configure_credential(