azure-quantum 1.1.1__py3-none-any.whl → 1.1.2.dev0__py3-none-any.whl

azure/quantum/_authentication/_chained.py

@@ -4,23 +4,14 @@
 # ------------------------------------
 import logging
 
+import sys
 from azure.core.exceptions import ClientAuthenticationError
-
 from azure.identity import CredentialUnavailableError
+from azure.core.credentials import AccessToken, TokenCredential
 
-try:
-    from typing import TYPE_CHECKING
-except ImportError:
-    TYPE_CHECKING = False
-
-if TYPE_CHECKING:
-    # pylint:disable=unused-import,ungrouped-imports
-    from typing import Any, Optional
-    from azure.core.credentials import AccessToken, TokenCredential
 
 _LOGGER = logging.getLogger(__name__)
 
-import sys
 
 
 def filter_credential_warnings(record):
@@ -35,7 +26,7 @@ def _get_error_message(history):
     attempts = []
     for credential, error in history:
         if error:
-            attempts.append("{}: {}".format(credential.__class__.__name__, error))
+            attempts.append(f"{credential.__class__.__name__}: {error}")
         else:
             attempts.append(credential.__class__.__name__)
     return """
@@ -54,17 +45,21 @@ class _ChainedTokenCredential(object):
     We also don't log a warning unless all credential attempts have failed.
     """
 
-    def __init__(self, *credentials):
-        # type: (*TokenCredential) -> None
-        self._successful_credential = None  # type: Optional[TokenCredential]
+    def __init__(self, *credentials: TokenCredential):
+        self._successful_credential = None
         self.credentials = credentials
 
-    def get_token(self, *scopes, **kwargs):  # pylint:disable=unused-argument
-        # type: (*str, **Any) -> AccessToken
-        """Request a token from each chained credential, in order, returning the first token received.
+    def get_token(self, *scopes: str, **kwargs) -> AccessToken:  # pylint:disable=unused-argument
+        """
+        Request a token from each chained credential, in order,
+        returning the first token received.
         This method is called automatically by Azure SDK clients.
-        :param str scopes: desired scopes for the access token. This method requires at least one scope.
-        :raises ~azure.core.exceptions.ClientAuthenticationError: no credential in the chain provided a token
+
+        :param str scopes: desired scopes for the access token.
+        This method requires at least one scope.
+
+        :raises ~azure.core.exceptions.ClientAuthenticationError:
+        no credential in the chain provided a token
         """
         history = []
 
@@ -85,7 +80,8 @@ class _ChainedTokenCredential(object):
                     self._successful_credential = credential
                     return token
                 except CredentialUnavailableError as ex:
-                    # credential didn't attempt authentication because it lacks required data or state -> continue
+                    # credential didn't attempt authentication because
+                    # it lacks required data or state -> continue
                     history.append((credential, ex.message))
                     _LOGGER.info(
                         "%s - %s is unavailable",
@@ -93,7 +89,8 @@ class _ChainedTokenCredential(object):
                         credential.__class__.__name__,
                     )
                 except Exception as ex:  # pylint: disable=broad-except
-                    # credential failed to authenticate, or something unexpectedly raised -> break
+                    # credential failed to authenticate,
+                    # or something unexpectedly raised -> break
                     history.append((credential, str(ex)))
                     # instead of logging a warning, we just want to log an info
                     # since other credentials might succeed
@@ -104,7 +101,8 @@ class _ChainedTokenCredential(object):
                         ex,
                         exc_info=_LOGGER.isEnabledFor(logging.DEBUG),
                     )
-                    # here we do NOT want break and will continue to try other credentials
+                    # here we do NOT want break and
+                    # will continue to try other credentials
 
         finally:
             # Re-enable warnings from credentials in Azure.Identity

azure/quantum/_authentication/_default.py

@@ -3,36 +3,35 @@
 # Licensed under the MIT License.
 # ------------------------------------
 import logging
-import os
-import requests
 import re
-
-from azure.identity._constants import EnvironmentVariables
-from azure.identity._internal import get_default_authority, normalize_authority
+from typing import Optional
+import urllib3
+from azure.core.credentials import AccessToken
 from azure.identity import (
     AzurePowerShellCredential,
     EnvironmentCredential,
     ManagedIdentityCredential,
-    SharedTokenCacheCredential,
     AzureCliCredential,
     VisualStudioCodeCredential,
     InteractiveBrowserCredential,
     DeviceCodeCredential,
-    _credentials
+    _internal as AzureIdentityInternals,
 )
 from ._chained import _ChainedTokenCredential
 from ._token import _TokenFileCredential
-
-try:
-    from typing import TYPE_CHECKING
-except ImportError:
-    TYPE_CHECKING = False
-
-if TYPE_CHECKING:
-    from typing import Any, List
-    from azure.core.credentials import AccessToken, TokenCredential
+from azure.quantum._constants import ConnectionConstants
 
 _LOGGER = logging.getLogger(__name__)
+WWW_AUTHENTICATE_REGEX = re.compile(
+    r"""
+        ^
+        Bearer\sauthorization_uri="
+            https://(?P<authority>[^/]*)/
+            (?P<tenant_id>[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})
+        "
+    """,
+    re.VERBOSE | re.IGNORECASE)
+WWW_AUTHENTICATE_HEADER_NAME = "WWW-Authenticate"
 
 
 class _DefaultAzureCredential(_ChainedTokenCredential):
@@ -51,165 +50,104 @@ class _DefaultAzureCredential(_ChainedTokenCredential):
        This is a mitigation for bug https://github.com/Azure/azure-sdk-for-python/issues/18975
        We need the following parameters to enable auto-detection of tenant_id
        - subscription_id
-       - arm_base_url (defaults to the production url "https://management.azure.com/")
-    3) Add custom TokenFileCredential as first method to attempt, which will look for a local access token.
+       - arm_endpoint (defaults to the production url "https://management.azure.com/")
+    3) Add custom TokenFileCredential as first method to attempt,
+       which will look for a local access token.
     """
-    def __init__(self, **kwargs):
-        # type: (**Any) -> None
-        self._successful_tenant_id = None
-
-        self.authority = kwargs.pop("authority", None)
-        self.authority = normalize_authority(self.authority) if self.authority else get_default_authority()
-
-        self.interactive_browser_tenant_id = kwargs.pop(
-            "interactive_browser_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)
-        )
-
-        self.subscription_id = kwargs.pop(
-            "subscription_id", os.environ.get("SUBSCRIPTION_ID")
-        )
-        self.arm_base_url = kwargs.pop(
-            "arm_base_url", "https://management.azure.com/"
-        )
-
-        self.managed_identity_client_id = kwargs.pop(
-            "managed_identity_client_id", os.environ.get(EnvironmentVariables.AZURE_CLIENT_ID)
-        )
-
-        self.shared_cache_username = kwargs.pop("shared_cache_username", os.environ.get(EnvironmentVariables.AZURE_USERNAME))
-        self.shared_cache_tenant_id = kwargs.pop(
-            "shared_cache_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)
-        )
-
-        self.vscode_tenant_id = kwargs.pop(
-            "visual_studio_code_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)
-        )
-
-        self.exclude_token_file_credential = kwargs.pop("exclude_token_file_credential", False)
-        self.exclude_environment_credential = kwargs.pop("exclude_environment_credential", False)
-        self.exclude_managed_identity_credential = kwargs.pop("exclude_managed_identity_credential", False)
-        self.exclude_shared_token_cache_credential = kwargs.pop("exclude_shared_token_cache_credential", True)
-        self.exclude_visual_studio_code_credential = kwargs.pop("exclude_visual_studio_code_credential", False)
-        self.exclude_cli_credential = kwargs.pop("exclude_cli_credential", False)
-        self.exclude_interactive_browser_credential = kwargs.pop("exclude_interactive_browser_credential", True)
-        self.exclude_device_code_credential = kwargs.pop("exclude_device_code_credential", False)
-        self.exclude_powershell_credential = kwargs.pop("exclude_powershell_credential", False)
+    def __init__(
+        self,
+        arm_endpoint: str,
+        subscription_id: str,
+        client_id: Optional[str] = None,
+        tenant_id: Optional[str] = None,
+        authority: Optional[str] = None,
+    ):
+        if arm_endpoint is None:
+            raise ValueError("arm_endpoint is mandatory parameter")
+        if subscription_id is None:
+            raise ValueError("subscription_id is mandatory parameter")
 
+        self.authority = self._authority_or_default(
+            authority=authority,
+            arm_endpoint=arm_endpoint)
+        self.tenant_id = tenant_id
+        self.subscription_id = subscription_id
+        self.arm_endpoint = arm_endpoint
+        self.client_id = client_id
         # credentials will be created lazy on the first call to get_token
         super(_DefaultAzureCredential, self).__init__()
 
-    def _initialize_credentials(self):
-        if self.subscription_id is not None \
-           and self.arm_base_url is not None:
-            if self.vscode_tenant_id is None:
-                self.vscode_tenant_id = self._get_tenant_id(arm_base_url=self.arm_base_url, subscription_id=self.subscription_id)
-            if self.shared_cache_tenant_id is None:
-                self.shared_cache_tenant_id = self._get_tenant_id(arm_base_url=self.arm_base_url, subscription_id=self.subscription_id)
-            if self.interactive_browser_tenant_id is None:
-                self.interactive_browser_tenant_id = self._get_tenant_id(arm_base_url=self.arm_base_url, subscription_id=self.subscription_id)
-
-        credentials = []  # type: List[TokenCredential]
-        if not self.exclude_token_file_credential:
-            credentials.append(_TokenFileCredential())
-        if not self.exclude_environment_credential:
-            credentials.append(EnvironmentCredential(authority=self.authority))
-        if not self.exclude_managed_identity_credential:
-            credentials.append(ManagedIdentityCredential(client_id=self.managed_identity_client_id))
-        if not self.exclude_shared_token_cache_credential and SharedTokenCacheCredential.supported():
-            try:
-                # username and/or tenant_id are only required when the cache contains tokens for multiple identities
-                shared_cache = SharedTokenCacheCredential(
-                    username=self.shared_cache_username, tenant_id=self.shared_cache_tenant_id, authority=self.authority
-                )
-                credentials.append(shared_cache)
-            except Exception as ex:  # pylint:disable=broad-except
-                _LOGGER.info("Shared token cache is unavailable: '%s'", ex)
-        if not self.exclude_visual_studio_code_credential:
-            credentials.append(VisualStudioCodeCredential(tenant_id=self.vscode_tenant_id))
-        if not self.exclude_cli_credential:
-            credentials.append(AzureCliCredential())
-        if not self.exclude_powershell_credential:
-            credentials.append(AzurePowerShellCredential())
-        if not self.exclude_interactive_browser_credential:
-            credentials.append(InteractiveBrowserCredential(tenant_id=self.interactive_browser_tenant_id))
-        if not self.exclude_device_code_credential:
-            credentials.append(DeviceCodeCredential(tenant_id=self.interactive_browser_tenant_id))
+    def _authority_or_default(self, authority: str, arm_endpoint: str):
+        if authority:
+            return AzureIdentityInternals.normalize_authority(authority)
+        if arm_endpoint == ConnectionConstants.ARM_DOGFOOD_ENDPOINT:
+            return ConnectionConstants.DOGFOOD_AUTHORITY
+        return ConnectionConstants.AUTHORITY
 
+    def _initialize_credentials(self):
+        self._discover_tenant_id_(
+            arm_endpoint=self.arm_endpoint,
+            subscription_id=self.subscription_id)
+        credentials = []
+        credentials.append(_TokenFileCredential())
+        credentials.append(EnvironmentCredential())
+        if self.client_id:
+            credentials.append(ManagedIdentityCredential(client_id=self.client_id))
+        if self.authority and self.tenant_id:
+            credentials.append(VisualStudioCodeCredential(authority=self.authority, tenant_id=self.tenant_id))
+            credentials.append(AzureCliCredential(tenant_id=self.tenant_id))
+            credentials.append(AzurePowerShellCredential(tenant_id=self.tenant_id))
+            credentials.append(InteractiveBrowserCredential(authority=self.authority, tenant_id=self.tenant_id))
+            if self.client_id:
+                credentials.append(DeviceCodeCredential(authority=self.authority, client_id=self.client_id, tenant_id=self.tenant_id))
         self.credentials = credentials
 
-    def get_token(self, *scopes, **kwargs):
-        # type: (*str, **Any) -> AccessToken
-        """Request an access token for `scopes`.
+    def get_token(self, *scopes: str, **kwargs) -> AccessToken:
+        """
+        Request an access token for `scopes`.
         This method is called automatically by Azure SDK clients.
-        :param str scopes: desired scopes for the access token. This method requires at least one scope.
-        :raises ~azure.core.exceptions.ClientAuthenticationError: authentication failed. The exception has a
-          `message` attribute listing each authentication attempt and its error message.
+        
+        :param str scopes: desired scopes for the access token.
+        This method requires at least one scope.
+        
+        :raises ~azure.core.exceptions.ClientAuthenticationError:authentication failed.
+            The exception has a `message` attribute listing each authentication
+            attempt and its error message.
         """
-        # add credentials the first time it runs the get_token
-        # such that the _get_tenant_id can be called only when needed
-        if self.credentials is None \
-           or len(self.credentials) == 0:
+        # lazy-initialize the credentials
+        if self.credentials is None or len(self.credentials) == 0:
             self._initialize_credentials()
 
         return super(_DefaultAzureCredential, self).get_token(*scopes, **kwargs)
 
-    def _get_tenant_id(self, arm_base_url:str, subscription_id:str):
-        if arm_base_url is None:
-            raise ValueError("arm_base_url is mandatory parameter")
-        if subscription_id is None:
-            raise ValueError("subscription_id is mandatory parameter")
-
-        # returns the cached tenant_id if available
-        if self._successful_tenant_id is not None:
-            return self._successful_tenant_id
+    def _discover_tenant_id_(self, arm_endpoint:str, subscription_id:str):
+        """
+        If the tenant_id was not given, try to obtain it
+        by calling the management endpoint for the subscription_id,
+        or by applying default values.
+        """
+        if self.tenant_id:
+            return
 
         try:
-            uri = (
-                f"{arm_base_url}/subscriptions/"
+            url = (
+                f"{arm_endpoint.rstrip('/')}/subscriptions/"
                 + f"{subscription_id}?api-version=2018-01-01"
+                + "&discover-tenant-id"  # used by the test recording infrastructure
             )
-            response = requests.get(uri)
-
-            # This gnarly piece of code is how we get the guest tenant
-            # authority associated with the subscription.
-            # We make a unauthenticated request to ARM and extract the tenant
-            # authority from the WWW-Authenticate header in the response.
-            # The header is of the form:
-            # Bearer authorization_uri=
-            # https://login.microsoftonline.com/tenantId, key1=value1s
-            auth_header = response.headers["WWW-Authenticate"]
-            _LOGGER.debug(
-                f'{"got the following auth header from"}'
-                f"the management endpoint: {auth_header}"
-            )
-
-            trimmed_auth_header = auth_header[
-                len("Bearer "):
-            ]  # trim the leading 'Bearer '
-            trimmed_auth_header_parts = trimmed_auth_header.split(
-                ","
-            )  # get the various k=v parts
-            key_value_pairs = dict(
-                map(lambda s: tuple(s.split("=")), trimmed_auth_header_parts)
-            )  # make the parts into a dictionary
-            quoted_tenant_uri = key_value_pairs[
-                "authorization_uri"
-            ]  # get the value of the 'authorization_uri' key
-            tenant_uri = quoted_tenant_uri[
-                1:-1
-            ]  # strip it of surrounding quotes
-
-            _LOGGER.debug(
-                f'{"got the following tenant uri from"}'
-                + f"the authentication header: {tenant_uri}"
-            )
-
-            regex = re.compile(pattern=r"([a-f0-9]+[-]){4}[a-f0-9]+", flags=re.IGNORECASE)
-            self._successful_tenant_id = regex.search(tenant_uri).group()
-            return self._successful_tenant_id
-
-        except Exception as e:
-            _LOGGER.debug(
-                f"Failed to get tenant authority for subscription: {e}"
+            http = urllib3.PoolManager()
+            response = http.request(
+                method="GET",
+                url=url,
             )
-            return None
+            if WWW_AUTHENTICATE_HEADER_NAME in response.headers:
+                www_authenticate = response.headers[WWW_AUTHENTICATE_HEADER_NAME]
+                match = re.search(WWW_AUTHENTICATE_REGEX, www_authenticate)
+                if match:
+                    self.tenant_id = match.group("tenant_id")
+        # pylint: disable=broad-exception-caught
+        except Exception as ex:
+            _LOGGER.error(ex)
+
+        # apply default values
+        self.tenant_id = self.tenant_id or ConnectionConstants.MSA_TENANT_ID

azure/quantum/_authentication/_token.py

@@ -10,71 +10,74 @@ import time
 
 from azure.identity import CredentialUnavailableError
 from azure.core.credentials import AccessToken
-
-try:
-    from typing import TYPE_CHECKING
-except ImportError:
-    TYPE_CHECKING = False
-
-if TYPE_CHECKING:
-    # pylint:disable=unused-import,ungrouped-imports
-    from typing import Any
+from azure.quantum._constants import EnvironmentVariables
 
 _LOGGER = logging.getLogger(__name__)
 
-_TOKEN_FILE_ENV_VARIABLE = "AZURE_QUANTUM_TOKEN_FILE"
-
 
 class _TokenFileCredential(object):
     """
-    Implements a custom TokenCredential to use a local file as the source for an AzureQuantum token.
+    Implements a custom TokenCredential to use a local file as
+    the source for an AzureQuantum token.
 
-    It will only use the local file if the AZURE_QUANTUM_TOKEN_FILE environment variable is set, and references
-    an existing json file that contains the access_token and expires_on timestamp in milliseconds.
+    It will only use the local file if the AZURE_QUANTUM_TOKEN_FILE
+    environment variable is set, and references an existing json file
+    that contains the access_token and expires_on timestamp in milliseconds.
 
-    If the environment variable is not set, the file does not exist, or the token is invalid in any way (expired, for example),
-    then the credential will throw CredentialUnavailableError, so that _ChainedTokenCredential can fallback to other methods.
+    If the environment variable is not set, the file does not exist,
+    or the token is invalid in any way (expired, for example),
+    then the credential will throw CredentialUnavailableError,
+    so that _ChainedTokenCredential can fallback to other methods.
     """
-    def __init__(self, **kwargs):
-        # type: (**Any) -> None
-        self.token_file = os.environ.get(_TOKEN_FILE_ENV_VARIABLE)
+    def __init__(self):
+        self.token_file = os.environ.get(EnvironmentVariables.QUANTUM_TOKEN_FILE)
         if self.token_file:
-            _LOGGER.debug("Using provided token file location: {}".format(self.token_file))
+            _LOGGER.debug("Using provided token file location: %s", self.token_file)
         else:
-            _LOGGER.debug("No token file location provided for {} environment variable.".format(_TOKEN_FILE_ENV_VARIABLE))
+            _LOGGER.debug("No token file location provided for %s environment variable.",
+                          EnvironmentVariables.QUANTUM_TOKEN_FILE)
 
-    def get_token(self, *scopes, **kwargs):  # pylint:disable=unused-argument
-        # type: (*str, **Any) -> AccessToken
+    def get_token(self, *scopes: str, **kwargs) -> AccessToken: # pylint:disable=unused-argument
         """Request an access token for `scopes`.
         This method is called automatically by Azure SDK clients.
-        :param str scopes: desired scopes for the access token. This method only returns tokens for the https://quantum.microsoft.com/.default scope.
-        :raises ~azure.identity.CredentialUnavailableError: when failing to get token. The exception has a
-          `message` attribute with the error message.
+        This method only returns tokens for the https://quantum.microsoft.com/.default scope.
+        
+        :param str scopes: desired scopes for the access token.
+        
+        :raises ~azure.identity.CredentialUnavailableError 
+            when failing to get the token.
+            The exception has a `message` attribute with the error message.
         """
         if not self.token_file:
             raise CredentialUnavailableError(message="Token file location not set.")
 
         if not os.path.isfile(self.token_file):
-            raise CredentialUnavailableError(message="Token file at {} does not exist.".format(self.token_file))
+            raise CredentialUnavailableError(
+                message=f"Token file at {self.token_file} does not exist.")
 
         try:
             token = self._parse_token_file(self.token_file)
-        except JSONDecodeError:
-            raise CredentialUnavailableError(message="Failed to parse token file: Invalid JSON.")
-        except KeyError as e:
-            raise CredentialUnavailableError(message="Failed to parse token file: Missing expected value: " + str(e))
-        except Exception as e:
-            raise CredentialUnavailableError(message="Failed to parse token file: " + str(e))
+        except JSONDecodeError as exception:
+            raise CredentialUnavailableError(
+                message="Failed to parse token file: Invalid JSON.") from exception
+        except KeyError as exception:
+            raise CredentialUnavailableError(
+                message="Failed to parse token file: Missing expected value: "
+                        + str(exception)) from exception
+        except Exception as exception:
+            raise CredentialUnavailableError(
+                message="Failed to parse token file: " + str(exception)) from exception
 
         if token.expires_on <= time.time():
-            raise CredentialUnavailableError(message="Token already expired at {}".format(time.asctime(time.gmtime(token.expires_on))))
+            raise CredentialUnavailableError(
+                message=f"Token already expired at {time.asctime(time.gmtime(token.expires_on))}")
 
         return token
 
-    def _parse_token_file(self, path):
-        # type: (*str) -> AccessToken
-        with open(path, "r") as file:
+    def _parse_token_file(self, path) -> AccessToken:
+        with open(path, mode="r", encoding="utf-8") as file:
             data = json.load(file)
-            expires_on = int(data["expires_on"]) / 1000  # Convert ms to seconds, since python time.time only handles epoch time in seconds
+            # Convert ms to seconds, since python time.time only handles epoch time in seconds
+            expires_on = int(data["expires_on"]) / 1000
             token = AccessToken(data["access_token"],  expires_on)
             return token

azure/quantum/_client/_client.py

@@ -10,6 +10,7 @@ from copy import deepcopy
 from typing import Any, TYPE_CHECKING
 
 from azure.core import PipelineClient
+from azure.core.pipeline import policies
 from azure.core.rest import HttpRequest, HttpResponse
 
 from . import models as _models
@@ -44,6 +45,9 @@ class QuantumClient:  # pylint: disable=client-accepts-api-version-keyword
     :vartype sessions: azure.quantum._client.operations.SessionsOperations
     :ivar top_level_items: TopLevelItemsOperations operations
     :vartype top_level_items: azure.quantum._client.operations.TopLevelItemsOperations
+    :param azure_region: Supported Azure regions for Azure Quantum Services. For example, "eastus".
+     Required.
+    :type azure_region: str
     :param subscription_id: The Azure subscription ID. This is a GUID-formatted string (e.g.
      00000000-0000-0000-0000-000000000000). Required.
     :type subscription_id: str
@@ -53,31 +57,47 @@ class QuantumClient:  # pylint: disable=client-accepts-api-version-keyword
     :type workspace_name: str
     :param credential: Credential needed for the client to connect to Azure. Required.
     :type credential: ~azure.core.credentials.TokenCredential
-    :keyword endpoint: Service URL. Default value is "https://quantum.azure.com".
-    :paramtype endpoint: str
-    :keyword api_version: Api Version. Default value is "2022-09-12-preview". Note that overriding
+    :keyword api_version: Api Version. Default value is "2023-11-13-preview". Note that overriding
      this default value may result in unsupported behavior.
     :paramtype api_version: str
     """
 
     def __init__(
         self,
+        azure_region: str,
         subscription_id: str,
         resource_group_name: str,
         workspace_name: str,
         credential: "TokenCredential",
-        *,
-        endpoint: str = "https://quantum.azure.com",
         **kwargs: Any
     ) -> None:
+        _endpoint = kwargs.pop("endpoint", f"https://{azure_region}.quantum.azure.com")
         self._config = QuantumClientConfiguration(
+            azure_region=azure_region,
             subscription_id=subscription_id,
             resource_group_name=resource_group_name,
             workspace_name=workspace_name,
             credential=credential,
             **kwargs
         )
-        self._client: PipelineClient = PipelineClient(base_url=endpoint, config=self._config, **kwargs)
+        _policies = kwargs.pop("policies", None)
+        if _policies is None:
+            _policies = [
+                policies.RequestIdPolicy(**kwargs),
+                self._config.headers_policy,
+                self._config.user_agent_policy,
+                self._config.proxy_policy,
+                policies.ContentDecodePolicy(**kwargs),
+                self._config.redirect_policy,
+                self._config.retry_policy,
+                self._config.authentication_policy,
+                self._config.custom_hook_policy,
+                self._config.logging_policy,
+                policies.DistributedTracingPolicy(**kwargs),
+                policies.SensitiveHeaderCleanupPolicy(**kwargs) if self._config.redirect_policy else None,
+                self._config.http_logging_policy,
+            ]
+        self._client: PipelineClient = PipelineClient(base_url=_endpoint, policies=_policies, **kwargs)
 
         client_models = {k: v for k, v in _models._models.__dict__.items() if isinstance(v, type)}
         client_models.update({k: v for k, v in _models.__dict__.items() if isinstance(v, type)})
@@ -91,7 +111,7 @@ class QuantumClient:  # pylint: disable=client-accepts-api-version-keyword
         self.sessions = SessionsOperations(self._client, self._config, self._serialize, self._deserialize)
         self.top_level_items = TopLevelItemsOperations(self._client, self._config, self._serialize, self._deserialize)
 
-    def send_request(self, request: HttpRequest, **kwargs: Any) -> HttpResponse:
+    def send_request(self, request: HttpRequest, *, stream: bool = False, **kwargs: Any) -> HttpResponse:
         """Runs the network request through the client's chained policies.
 
         >>> from azure.core.rest import HttpRequest
@@ -110,8 +130,14 @@ class QuantumClient:  # pylint: disable=client-accepts-api-version-keyword
         """
 
         request_copy = deepcopy(request)
-        request_copy.url = self._client.format_url(request_copy.url)
-        return self._client.send_request(request_copy, **kwargs)
+        path_format_arguments = {
+            "azureRegion": self._serialize.url(
+                "self._config.azure_region", self._config.azure_region, "str", skip_quote=True
+            ),
+        }
+
+        request_copy.url = self._client.format_url(request_copy.url, **path_format_arguments)
+        return self._client.send_request(request_copy, stream=stream, **kwargs)  # type: ignore
 
     def close(self) -> None:
         self._client.close()