Skip to content

Commit 566cad3

Browse files
daviewalesdaviewales
committed
Rework default scopes
1 parent 51fdf54 commit 566cad3

File tree

1 file changed

+10
-12
lines changed

1 file changed

+10
-12
lines changed

obstore/python/obstore/auth/azure.py

+10-12
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,8 @@
1212
import azure.identity.aio
1313

1414
if TYPE_CHECKING:
15+
from collections.abc import Iterable
16+
1517
from obstore.store import AzureCredential
1618

1719
AzureCredentialUnionType = (
@@ -55,6 +57,8 @@
5557
| azure.identity.aio.WorkloadIdentityCredential
5658
)
5759

60+
DEFAULT_SCOPES = ("https://storage.azure.com/.default",)
61+
5862

5963
class AzureCredentialProvider:
6064
"""A CredentialProvider for [AzureStore][obstore.store.AzureStore] that uses [`azure.identity`][].
@@ -80,7 +84,7 @@ class AzureCredentialProvider:
8084
def __init__(
8185
self,
8286
credential: AzureCredentialUnionType | None = None,
83-
scopes: list[str] | None = None,
87+
scopes: Iterable[str] = DEFAULT_SCOPES,
8488
tenant_id: str | None = None,
8589
) -> None:
8690
"""Create a new AzureCredentialProvider.
@@ -90,18 +94,15 @@ def __init__(
9094
in which case [`azure.identity.DefaultAzureCredential`][] will be
9195
called to find default credentials.
9296
scopes: Scopes required by the access token. If not specified,
93-
["https://storage.azure.com/.default"] will be used by default.
97+
("https://storage.azure.com/.default",) will be used by default.
9498
tenant_id: Optionally specify the Azure Tenant ID which will be passed to
9599
the credential's `get_token` method.
96100
97101
[`azure.identity.DefaultAzureCredential`]: https://learn.microsoft.com/en-us/python/api/azure-identity/azure.identity.defaultazurecredential
98102
99103
"""
100104
self.credential = credential or azure.identity.DefaultAzureCredential()
101-
102-
# Use the Azure Storage scope by default
103-
self.scopes = scopes or ["https://storage.azure.com/.default"]
104-
105+
self.scopes = scopes
105106
self.tenant_id = tenant_id
106107

107108
# Token cache
@@ -152,7 +153,7 @@ class AzureAsyncCredentialProvider:
152153
def __init__(
153154
self,
154155
credential: AzureAsyncCredentialUnionType | None = None,
155-
scopes: list[str] | None = None,
156+
scopes: Iterable[str] = DEFAULT_SCOPES,
156157
tenant_id: str | None = None,
157158
) -> None:
158159
"""Create a new AzureAsyncCredentialProvider.
@@ -162,18 +163,15 @@ def __init__(
162163
in which case [`azure.identity.aio.DefaultAzureCredential`][] will be
163164
called to find default credentials.
164165
scopes: Scopes required by the access token. If not specified,
165-
["https://storage.azure.com/.default"] will be used by default.
166+
("https://storage.azure.com/.default",) will be used by default.
166167
tenant_id: Optionally specify the Azure Tenant ID which will be passed to
167168
the credential's `get_token` method.
168169
169170
[`azure.identity.aio.DefaultAzureCredential`]: https://learn.microsoft.com/en-us/python/api/azure-identity/azure.identity.aio.defaultazurecredential
170171
171172
"""
172173
self.credential = credential or azure.identity.aio.DefaultAzureCredential()
173-
174-
# Use the Azure Storage scope by default
175-
self.scopes = scopes or ["https://storage.azure.com/.default"]
176-
174+
self.scopes = scopes
177175
self.tenant_id = tenant_id
178176

179177
# Token cache

0 commit comments

Comments
 (0)