azure: better error messages / allow_anonymous_login option (iterativ…

…e#5833) * azure: better error messages / allow_anonymous_login option * dont pass repo to the initializer
meierale · May 31, 2021 · 1fbf0da · 1fbf0da
1 parent bf5deb0
commit 1fbf0da
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 2 deletions.
diff --git a/dvc/fs/azure.py b/dvc/fs/azure.py
@@ -117,8 +117,21 @@ def _prepare_credentials(self, **config):
         login_info["client_id"] = config.get("client_id")
         login_info["client_secret"] = config.get("client_secret")
 
-        if not any(
+        if not (login_info["account_name"] or login_info["connection_string"]):
+            raise AzureAuthError(
+                "Authentication to Azure Blob Storage requires either "
+                "account_name or connection_string.\nLearn more about "
+                "configuration settings at "
+                + format_link("https://man.dvc.org/remote/modify")
+            )
+
+        any_secondary = any(
             value for key, value in login_info.items() if key != "account_name"
+        )
+        if (
+            login_info["account_name"]
+            and not any_secondary
+            and not config.get("allow_anonymous_login")
         ):
             login_info["credential"] = DefaultAzureCredential(
                 exclude_interactive_browser_credential=False

diff --git a/tests/unit/fs/test_azure.py b/tests/unit/fs/test_azure.py
@@ -3,7 +3,7 @@
 
 import pytest
 
-from dvc.fs.azure import AzureFileSystem, _temp_event_loop
+from dvc.fs.azure import AzureAuthError, AzureFileSystem, _temp_event_loop
 from dvc.path_info import PathInfo
 
 container_name = "container-name"
@@ -67,3 +67,66 @@ def wrapped_procedure():
 
         future = executor.submit(wrapped_procedure)
         assert future.result() == "yeey"
+
+
+def test_azure_login_methods():
+    def get_login_method(config):
+        fs = AzureFileSystem(**config)
+        # pylint: disable=pointless-statement
+        return fs.login_method
+
+    with pytest.raises(AzureAuthError):
+        get_login_method({})
+
+    assert (
+        get_login_method({"connection_string": "test"}) == "connection string"
+    )
+    assert get_login_method({"account_name": "test"}).startswith(
+        "default credentials"
+    )
+    assert (
+        get_login_method(
+            {"account_name": "test", "allow_anonymous_login": True}
+        )
+        == "anonymous login"
+    )
+
+    with pytest.raises(AzureAuthError):
+        get_login_method(
+            {"tenant_id": "test", "client_id": "test", "client_secret": "test"}
+        )
+
+    assert (
+        get_login_method(
+            {
+                "account_name": "test",
+                "tenant_id": "test",
+                "client_id": "test",
+                "client_secret": "test",
+            }
+        )
+        == "AD service principal"
+    )
+
+    assert (
+        get_login_method({"account_name": "test", "account_key": "test"})
+        == "account key"
+    )
+    assert (
+        get_login_method({"account_name": "test", "sas_token": "test"})
+        == "SAS token"
+    )
+    assert (
+        get_login_method(
+            {
+                "connection_string": "test",
+                "account_name": "test",
+                "sas_token": "test",
+            }
+        )
+        == "connection string"
+    )
+    assert (
+        get_login_method({"connection_string": "test", "sas_token": "test"})
+        == "connection string"
+    )