azure-quantum 1.1.1__tar.gz → 1.1.2.dev0__tar.gz

{azure-quantum-1.1.1 → azure-quantum-1.1.2.dev0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: azure-quantum
-Version: 1.1.1
+Version: 1.1.2.dev0
 Summary: Python client for Azure Quantum
 Home-page: https://github.com/microsoft/azure-quantum-python
 Author: Microsoft

{azure-quantum-1.1.1 → azure-quantum-1.1.2.dev0}/azure/quantum/_authentication/_chained.py

@@ -4,23 +4,14 @@
 # ------------------------------------
 import logging
 
+import sys
 from azure.core.exceptions import ClientAuthenticationError
-
 from azure.identity import CredentialUnavailableError
+from azure.core.credentials import AccessToken, TokenCredential
 
-try:
-    from typing import TYPE_CHECKING
-except ImportError:
-    TYPE_CHECKING = False
-
-if TYPE_CHECKING:
-    # pylint:disable=unused-import,ungrouped-imports
-    from typing import Any, Optional
-    from azure.core.credentials import AccessToken, TokenCredential
 
 _LOGGER = logging.getLogger(__name__)
 
-import sys
 
 
 def filter_credential_warnings(record):
@@ -35,7 +26,7 @@ def _get_error_message(history):
     attempts = []
     for credential, error in history:
         if error:
-            attempts.append("{}: {}".format(credential.__class__.__name__, error))
+            attempts.append(f"{credential.__class__.__name__}: {error}")
         else:
             attempts.append(credential.__class__.__name__)
     return """
@@ -54,17 +45,21 @@ class _ChainedTokenCredential(object):
     We also don't log a warning unless all credential attempts have failed.
     """
 
-    def __init__(self, *credentials):
-        # type: (*TokenCredential) -> None
-        self._successful_credential = None  # type: Optional[TokenCredential]
+    def __init__(self, *credentials: TokenCredential):
+        self._successful_credential = None
         self.credentials = credentials
 
-    def get_token(self, *scopes, **kwargs):  # pylint:disable=unused-argument
-        # type: (*str, **Any) -> AccessToken
-        """Request a token from each chained credential, in order, returning the first token received.
+    def get_token(self, *scopes: str, **kwargs) -> AccessToken:  # pylint:disable=unused-argument
+        """
+        Request a token from each chained credential, in order,
+        returning the first token received.
         This method is called automatically by Azure SDK clients.
-        :param str scopes: desired scopes for the access token. This method requires at least one scope.
-        :raises ~azure.core.exceptions.ClientAuthenticationError: no credential in the chain provided a token
+
+        :param str scopes: desired scopes for the access token.
+        This method requires at least one scope.
+
+        :raises ~azure.core.exceptions.ClientAuthenticationError:
+        no credential in the chain provided a token
         """
         history = []
 
@@ -85,7 +80,8 @@ class _ChainedTokenCredential(object):
                     self._successful_credential = credential
                     return token
                 except CredentialUnavailableError as ex:
-                    # credential didn't attempt authentication because it lacks required data or state -> continue
+                    # credential didn't attempt authentication because
+                    # it lacks required data or state -> continue
                     history.append((credential, ex.message))
                     _LOGGER.info(
                         "%s - %s is unavailable",
@@ -93,7 +89,8 @@ class _ChainedTokenCredential(object):
                         credential.__class__.__name__,
                     )
                 except Exception as ex:  # pylint: disable=broad-except
-                    # credential failed to authenticate, or something unexpectedly raised -> break
+                    # credential failed to authenticate,
+                    # or something unexpectedly raised -> break
                     history.append((credential, str(ex)))
                     # instead of logging a warning, we just want to log an info
                     # since other credentials might succeed
@@ -104,7 +101,8 @@ class _ChainedTokenCredential(object):
                         ex,
                         exc_info=_LOGGER.isEnabledFor(logging.DEBUG),
                     )
-                    # here we do NOT want break and will continue to try other credentials
+                    # here we do NOT want break and
+                    # will continue to try other credentials
 
         finally:
             # Re-enable warnings from credentials in Azure.Identity

azure-quantum-1.1.2.dev0/azure/quantum/_authentication/_default.py

@@ -0,0 +1,153 @@
+# ------------------------------------
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+# ------------------------------------
+import logging
+import re
+from typing import Optional
+import urllib3
+from azure.core.credentials import AccessToken
+from azure.identity import (
+    AzurePowerShellCredential,
+    EnvironmentCredential,
+    ManagedIdentityCredential,
+    AzureCliCredential,
+    VisualStudioCodeCredential,
+    InteractiveBrowserCredential,
+    DeviceCodeCredential,
+    _internal as AzureIdentityInternals,
+)
+from ._chained import _ChainedTokenCredential
+from ._token import _TokenFileCredential
+from azure.quantum._constants import ConnectionConstants
+
+_LOGGER = logging.getLogger(__name__)
+WWW_AUTHENTICATE_REGEX = re.compile(
+    r"""
+        ^
+        Bearer\sauthorization_uri="
+            https://(?P<authority>[^/]*)/
+            (?P<tenant_id>[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})
+        "
+    """,
+    re.VERBOSE | re.IGNORECASE)
+WWW_AUTHENTICATE_HEADER_NAME = "WWW-Authenticate"
+
+
+class _DefaultAzureCredential(_ChainedTokenCredential):
+    """
+    Based on Azure.Identity.DefaultAzureCredential from:
+    https://github.com/Azure/azure-sdk-for-python/blob/master/sdk/identity/azure-identity/azure/identity/_credentials/default.py
+
+    The three key differences are:
+    1) Inherit from _ChainedTokenCredential, which has 
+       more aggressive error handling than ChainedTokenCredential
+    2) Instantiate the internal credentials the first time the get_token gets called
+       such that we can get the tenant_id if it was not passed by the user (but we don't
+       want to do that in the constructor).
+       We automatically identify the user's tenant_id for a given subscription 
+       so that users with MSA accounts don't need to pass it.
+       This is a mitigation for bug https://github.com/Azure/azure-sdk-for-python/issues/18975
+       We need the following parameters to enable auto-detection of tenant_id
+       - subscription_id
+       - arm_endpoint (defaults to the production url "https://management.azure.com/")
+    3) Add custom TokenFileCredential as first method to attempt,
+       which will look for a local access token.
+    """
+    def __init__(
+        self,
+        arm_endpoint: str,
+        subscription_id: str,
+        client_id: Optional[str] = None,
+        tenant_id: Optional[str] = None,
+        authority: Optional[str] = None,
+    ):
+        if arm_endpoint is None:
+            raise ValueError("arm_endpoint is mandatory parameter")
+        if subscription_id is None:
+            raise ValueError("subscription_id is mandatory parameter")
+
+        self.authority = self._authority_or_default(
+            authority=authority,
+            arm_endpoint=arm_endpoint)
+        self.tenant_id = tenant_id
+        self.subscription_id = subscription_id
+        self.arm_endpoint = arm_endpoint
+        self.client_id = client_id
+        # credentials will be created lazy on the first call to get_token
+        super(_DefaultAzureCredential, self).__init__()
+
+    def _authority_or_default(self, authority: str, arm_endpoint: str):
+        if authority:
+            return AzureIdentityInternals.normalize_authority(authority)
+        if arm_endpoint == ConnectionConstants.ARM_DOGFOOD_ENDPOINT:
+            return ConnectionConstants.DOGFOOD_AUTHORITY
+        return ConnectionConstants.AUTHORITY
+
+    def _initialize_credentials(self):
+        self._discover_tenant_id_(
+            arm_endpoint=self.arm_endpoint,
+            subscription_id=self.subscription_id)
+        credentials = []
+        credentials.append(_TokenFileCredential())
+        credentials.append(EnvironmentCredential())
+        if self.client_id:
+            credentials.append(ManagedIdentityCredential(client_id=self.client_id))
+        if self.authority and self.tenant_id:
+            credentials.append(VisualStudioCodeCredential(authority=self.authority, tenant_id=self.tenant_id))
+            credentials.append(AzureCliCredential(tenant_id=self.tenant_id))
+            credentials.append(AzurePowerShellCredential(tenant_id=self.tenant_id))
+            credentials.append(InteractiveBrowserCredential(authority=self.authority, tenant_id=self.tenant_id))
+            if self.client_id:
+                credentials.append(DeviceCodeCredential(authority=self.authority, client_id=self.client_id, tenant_id=self.tenant_id))
+        self.credentials = credentials
+
+    def get_token(self, *scopes: str, **kwargs) -> AccessToken:
+        """
+        Request an access token for `scopes`.
+        This method is called automatically by Azure SDK clients.
+        
+        :param str scopes: desired scopes for the access token.
+        This method requires at least one scope.
+        
+        :raises ~azure.core.exceptions.ClientAuthenticationError:authentication failed.
+            The exception has a `message` attribute listing each authentication
+            attempt and its error message.
+        """
+        # lazy-initialize the credentials
+        if self.credentials is None or len(self.credentials) == 0:
+            self._initialize_credentials()
+
+        return super(_DefaultAzureCredential, self).get_token(*scopes, **kwargs)
+
+    def _discover_tenant_id_(self, arm_endpoint:str, subscription_id:str):
+        """
+        If the tenant_id was not given, try to obtain it
+        by calling the management endpoint for the subscription_id,
+        or by applying default values.
+        """
+        if self.tenant_id:
+            return
+
+        try:
+            url = (
+                f"{arm_endpoint.rstrip('/')}/subscriptions/"
+                + f"{subscription_id}?api-version=2018-01-01"
+                + "&discover-tenant-id"  # used by the test recording infrastructure
+            )
+            http = urllib3.PoolManager()
+            response = http.request(
+                method="GET",
+                url=url,
+            )
+            if WWW_AUTHENTICATE_HEADER_NAME in response.headers:
+                www_authenticate = response.headers[WWW_AUTHENTICATE_HEADER_NAME]
+                match = re.search(WWW_AUTHENTICATE_REGEX, www_authenticate)
+                if match:
+                    self.tenant_id = match.group("tenant_id")
+        # pylint: disable=broad-exception-caught
+        except Exception as ex:
+            _LOGGER.error(ex)
+
+        # apply default values
+        self.tenant_id = self.tenant_id or ConnectionConstants.MSA_TENANT_ID

azure-quantum-1.1.2.dev0/azure/quantum/_authentication/_token.py

@@ -0,0 +1,83 @@
+##
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+##
+import json
+from json.decoder import JSONDecodeError
+import logging
+import os
+import time
+
+from azure.identity import CredentialUnavailableError
+from azure.core.credentials import AccessToken
+from azure.quantum._constants import EnvironmentVariables
+
+_LOGGER = logging.getLogger(__name__)
+
+
+class _TokenFileCredential(object):
+    """
+    Implements a custom TokenCredential to use a local file as
+    the source for an AzureQuantum token.
+
+    It will only use the local file if the AZURE_QUANTUM_TOKEN_FILE
+    environment variable is set, and references an existing json file
+    that contains the access_token and expires_on timestamp in milliseconds.
+
+    If the environment variable is not set, the file does not exist,
+    or the token is invalid in any way (expired, for example),
+    then the credential will throw CredentialUnavailableError,
+    so that _ChainedTokenCredential can fallback to other methods.
+    """
+    def __init__(self):
+        self.token_file = os.environ.get(EnvironmentVariables.QUANTUM_TOKEN_FILE)
+        if self.token_file:
+            _LOGGER.debug("Using provided token file location: %s", self.token_file)
+        else:
+            _LOGGER.debug("No token file location provided for %s environment variable.",
+                          EnvironmentVariables.QUANTUM_TOKEN_FILE)
+
+    def get_token(self, *scopes: str, **kwargs) -> AccessToken: # pylint:disable=unused-argument
+        """Request an access token for `scopes`.
+        This method is called automatically by Azure SDK clients.
+        This method only returns tokens for the https://quantum.microsoft.com/.default scope.
+        
+        :param str scopes: desired scopes for the access token.
+        
+        :raises ~azure.identity.CredentialUnavailableError 
+            when failing to get the token.
+            The exception has a `message` attribute with the error message.
+        """
+        if not self.token_file:
+            raise CredentialUnavailableError(message="Token file location not set.")
+
+        if not os.path.isfile(self.token_file):
+            raise CredentialUnavailableError(
+                message=f"Token file at {self.token_file} does not exist.")
+
+        try:
+            token = self._parse_token_file(self.token_file)
+        except JSONDecodeError as exception:
+            raise CredentialUnavailableError(
+                message="Failed to parse token file: Invalid JSON.") from exception
+        except KeyError as exception:
+            raise CredentialUnavailableError(
+                message="Failed to parse token file: Missing expected value: "
+                        + str(exception)) from exception
+        except Exception as exception:
+            raise CredentialUnavailableError(
+                message="Failed to parse token file: " + str(exception)) from exception
+
+        if token.expires_on <= time.time():
+            raise CredentialUnavailableError(
+                message=f"Token already expired at {time.asctime(time.gmtime(token.expires_on))}")
+
+        return token
+
+    def _parse_token_file(self, path) -> AccessToken:
+        with open(path, mode="r", encoding="utf-8") as file:
+            data = json.load(file)
+            # Convert ms to seconds, since python time.time only handles epoch time in seconds
+            expires_on = int(data["expires_on"]) / 1000
+            token = AccessToken(data["access_token"],  expires_on)
+            return token

{azure-quantum-1.1.1 → azure-quantum-1.1.2.dev0}/azure/quantum/_client/_client.py

@@ -10,6 +10,7 @@ from copy import deepcopy
 from typing import Any, TYPE_CHECKING
 
 from azure.core import PipelineClient
+from azure.core.pipeline import policies
 from azure.core.rest import HttpRequest, HttpResponse
 
 from . import models as _models
@@ -44,6 +45,9 @@ class QuantumClient:  # pylint: disable=client-accepts-api-version-keyword
     :vartype sessions: azure.quantum._client.operations.SessionsOperations
     :ivar top_level_items: TopLevelItemsOperations operations
     :vartype top_level_items: azure.quantum._client.operations.TopLevelItemsOperations
+    :param azure_region: Supported Azure regions for Azure Quantum Services. For example, "eastus".
+     Required.
+    :type azure_region: str
     :param subscription_id: The Azure subscription ID. This is a GUID-formatted string (e.g.
      00000000-0000-0000-0000-000000000000). Required.
     :type subscription_id: str
@@ -53,31 +57,47 @@ class QuantumClient:  # pylint: disable=client-accepts-api-version-keyword
     :type workspace_name: str
     :param credential: Credential needed for the client to connect to Azure. Required.
     :type credential: ~azure.core.credentials.TokenCredential
-    :keyword endpoint: Service URL. Default value is "https://quantum.azure.com".
-    :paramtype endpoint: str
-    :keyword api_version: Api Version. Default value is "2022-09-12-preview". Note that overriding
+    :keyword api_version: Api Version. Default value is "2023-11-13-preview". Note that overriding
      this default value may result in unsupported behavior.
     :paramtype api_version: str
     """
 
     def __init__(
         self,
+        azure_region: str,
         subscription_id: str,
         resource_group_name: str,
         workspace_name: str,
         credential: "TokenCredential",
-        *,
-        endpoint: str = "https://quantum.azure.com",
         **kwargs: Any
     ) -> None:
+        _endpoint = kwargs.pop("endpoint", f"https://{azure_region}.quantum.azure.com")
         self._config = QuantumClientConfiguration(
+            azure_region=azure_region,
             subscription_id=subscription_id,
             resource_group_name=resource_group_name,
             workspace_name=workspace_name,
             credential=credential,
             **kwargs
         )
-        self._client: PipelineClient = PipelineClient(base_url=endpoint, config=self._config, **kwargs)
+        _policies = kwargs.pop("policies", None)
+        if _policies is None:
+            _policies = [
+                policies.RequestIdPolicy(**kwargs),
+                self._config.headers_policy,
+                self._config.user_agent_policy,
+                self._config.proxy_policy,
+                policies.ContentDecodePolicy(**kwargs),
+                self._config.redirect_policy,
+                self._config.retry_policy,
+                self._config.authentication_policy,
+                self._config.custom_hook_policy,
+                self._config.logging_policy,
+                policies.DistributedTracingPolicy(**kwargs),
+                policies.SensitiveHeaderCleanupPolicy(**kwargs) if self._config.redirect_policy else None,
+                self._config.http_logging_policy,
+            ]
+        self._client: PipelineClient = PipelineClient(base_url=_endpoint, policies=_policies, **kwargs)
 
         client_models = {k: v for k, v in _models._models.__dict__.items() if isinstance(v, type)}
         client_models.update({k: v for k, v in _models.__dict__.items() if isinstance(v, type)})
@@ -91,7 +111,7 @@ class QuantumClient:  # pylint: disable=client-accepts-api-version-keyword
         self.sessions = SessionsOperations(self._client, self._config, self._serialize, self._deserialize)
         self.top_level_items = TopLevelItemsOperations(self._client, self._config, self._serialize, self._deserialize)
 
-    def send_request(self, request: HttpRequest, **kwargs: Any) -> HttpResponse:
+    def send_request(self, request: HttpRequest, *, stream: bool = False, **kwargs: Any) -> HttpResponse:
         """Runs the network request through the client's chained policies.
 
         >>> from azure.core.rest import HttpRequest
@@ -110,8 +130,14 @@ class QuantumClient:  # pylint: disable=client-accepts-api-version-keyword
         """
 
         request_copy = deepcopy(request)
-        request_copy.url = self._client.format_url(request_copy.url)
-        return self._client.send_request(request_copy, **kwargs)
+        path_format_arguments = {
+            "azureRegion": self._serialize.url(
+                "self._config.azure_region", self._config.azure_region, "str", skip_quote=True
+            ),
+        }
+
+        request_copy.url = self._client.format_url(request_copy.url, **path_format_arguments)
+        return self._client.send_request(request_copy, stream=stream, **kwargs)  # type: ignore
 
     def close(self) -> None:
         self._client.close()

{azure-quantum-1.1.1 → azure-quantum-1.1.2.dev0}/azure/quantum/_client/_configuration.py

@@ -6,30 +6,26 @@
 # Changes may cause incorrect behavior and will be lost if the code is regenerated.
 # --------------------------------------------------------------------------
 
-import sys
 from typing import Any, TYPE_CHECKING
 
-from azure.core.configuration import Configuration
 from azure.core.pipeline import policies
 
 from ._version import VERSION
 
-if sys.version_info >= (3, 8):
-    from typing import Literal  # pylint: disable=no-name-in-module, ungrouped-imports
-else:
-    from typing_extensions import Literal  # type: ignore  # pylint: disable=ungrouped-imports
-
 if TYPE_CHECKING:
     # pylint: disable=unused-import,ungrouped-imports
     from azure.core.credentials import TokenCredential
 
 
-class QuantumClientConfiguration(Configuration):  # pylint: disable=too-many-instance-attributes
+class QuantumClientConfiguration:  # pylint: disable=too-many-instance-attributes
     """Configuration for QuantumClient.
 
     Note that all parameters used to create this instance are saved as instance
     attributes.
 
+    :param azure_region: Supported Azure regions for Azure Quantum Services. For example, "eastus".
+     Required.
+    :type azure_region: str
     :param subscription_id: The Azure subscription ID. This is a GUID-formatted string (e.g.
      00000000-0000-0000-0000-000000000000). Required.
     :type subscription_id: str
@@ -39,22 +35,24 @@ class QuantumClientConfiguration(Configuration):  # pylint: disable=too-many-ins
     :type workspace_name: str
     :param credential: Credential needed for the client to connect to Azure. Required.
     :type credential: ~azure.core.credentials.TokenCredential
-    :keyword api_version: Api Version. Default value is "2022-09-12-preview". Note that overriding
+    :keyword api_version: Api Version. Default value is "2023-11-13-preview". Note that overriding
      this default value may result in unsupported behavior.
     :paramtype api_version: str
     """
 
     def __init__(
         self,
+        azure_region: str,
         subscription_id: str,
         resource_group_name: str,
         workspace_name: str,
         credential: "TokenCredential",
         **kwargs: Any
     ) -> None:
-        super(QuantumClientConfiguration, self).__init__(**kwargs)
-        api_version: Literal["2022-09-12-preview"] = kwargs.pop("api_version", "2022-09-12-preview")
+        api_version: str = kwargs.pop("api_version", "2022-09-12-preview")
 
+        if azure_region is None:
+            raise ValueError("Parameter 'azure_region' must not be None.")
         if subscription_id is None:
             raise ValueError("Parameter 'subscription_id' must not be None.")
         if resource_group_name is None:
@@ -64,6 +62,7 @@ class QuantumClientConfiguration(Configuration):  # pylint: disable=too-many-ins
         if credential is None:
             raise ValueError("Parameter 'credential' must not be None.")
 
+        self.azure_region = azure_region
         self.subscription_id = subscription_id
         self.resource_group_name = resource_group_name
         self.workspace_name = workspace_name
@@ -71,6 +70,7 @@ class QuantumClientConfiguration(Configuration):  # pylint: disable=too-many-ins
         self.api_version = api_version
         self.credential_scopes = kwargs.pop("credential_scopes", ["https://quantum.microsoft.com/.default"])
         kwargs.setdefault("sdk_moniker", "quantum/{}".format(VERSION))
+        self.polling_interval = kwargs.get("polling_interval", 30)
         self._configure(**kwargs)
 
     def _configure(self, **kwargs: Any) -> None:
@@ -79,9 +79,9 @@ class QuantumClientConfiguration(Configuration):  # pylint: disable=too-many-ins
         self.proxy_policy = kwargs.get("proxy_policy") or policies.ProxyPolicy(**kwargs)
         self.logging_policy = kwargs.get("logging_policy") or policies.NetworkTraceLoggingPolicy(**kwargs)
         self.http_logging_policy = kwargs.get("http_logging_policy") or policies.HttpLoggingPolicy(**kwargs)
-        self.retry_policy = kwargs.get("retry_policy") or policies.RetryPolicy(**kwargs)
         self.custom_hook_policy = kwargs.get("custom_hook_policy") or policies.CustomHookPolicy(**kwargs)
         self.redirect_policy = kwargs.get("redirect_policy") or policies.RedirectPolicy(**kwargs)
+        self.retry_policy = kwargs.get("retry_policy") or policies.RetryPolicy(**kwargs)
         self.authentication_policy = kwargs.get("authentication_policy")
         if self.credential and not self.authentication_policy:
             self.authentication_policy = policies.BearerTokenCredentialPolicy(