py2docfx 0.1.19rc2173760__py3-none-any.whl → 0.1.20__py3-none-any.whl

py2docfx/__main__.py

@@ -106,8 +106,8 @@ async def main(argv) -> int:
     
     # create log folder and package log folder
     log_folder = os.path.join(PACKAGE_ROOT, LOG_FOLDER)
-    os.makedirs(log_folder)
-    os.makedirs(os.path.join(log_folder, "package_logs"))
+    os.makedirs(log_folder, exist_ok=True)
+    os.makedirs(os.path.join(log_folder, "package_logs"), exist_ok=True)
     
     py2docfxLogger.decide_global_log_level(verbose, show_warning)
     

py2docfx/convert_prepare/arg_parser.py

@@ -162,7 +162,7 @@ def parse_command_line_args(argv) -> (
                 ado_token, output_root, verbose, show_warning)
     elif args.param_json:
         (package_info_list, required_packages) = load_command_params(args.param_json)
-        return (package_info_list, required_packages, github_token,
+        return (list(package_info_list), list(required_packages), github_token,
                 ado_token, output_root, verbose, show_warning)
     else:
         package_info = PackageInfo()

py2docfx/convert_prepare/get_source.py

@@ -41,10 +41,11 @@ def update_package_info(executable: str, pkg: PackageInfo, source_folder: str):
 
             setattr(pkg, attr, attr_val)
     else:
-        folder = next(
-            f for f in all_files if path.isdir(f) and f.endswith(".dist-info")
-        )
-        if folder:
+        # Find .dist-info folders
+        dist_info_folders = [f for f in all_files if path.isdir(f) and f.endswith(".dist-info")]
+        
+        if dist_info_folders:
+            folder = dist_info_folders[0]  # Take the first one if multiple exist
             if path.exists(path.join(folder, "METADATA")):
                 with open(
                     path.join(folder, "METADATA"), "r", encoding="utf-8"
@@ -97,6 +98,9 @@ async def get_source(executable: str, pkg: PackageInfo, cnt: int, vststoken=None
             sys.path.insert(0, source_folder)
     elif pkg.install_type == PackageInfo.InstallType.PYPI:
         full_name = pkg.get_combined_name_version()
+        # Ensure the dist directory exists
+        os.makedirs(dist_dir, exist_ok=True)
+        
         await pip_utils.download(
             full_name,
             dist_dir,
@@ -104,25 +108,53 @@ async def get_source(executable: str, pkg: PackageInfo, cnt: int, vststoken=None
             prefer_source_distribution=pkg.prefer_source_distribution,
         )
         # unpack the downloaded wheel file.
-        downloaded_dist_file = path.join(dist_dir, os.listdir(dist_dir)[0])
+        dist_files = os.listdir(dist_dir)
+        if not dist_files:
+            msg = f"No files downloaded to {dist_dir} for package {pkg.name}"
+            py2docfx_logger.error(msg)
+            raise FileNotFoundError(f"No files found in {dist_dir}")
+            
+        downloaded_dist_file = path.join(dist_dir, dist_files[0])
         await pack.unpack_dist(pkg.name, downloaded_dist_file)
         os.remove(downloaded_dist_file)
+        dist_files = os.listdir(dist_dir)
+        if not dist_files:
+            msg = f"No files found in {dist_dir} after unpacking for package {pkg.name}"
+            py2docfx_logger.error(msg)
+            raise FileNotFoundError(f"No files found in {dist_dir} after unpacking")
+            
         source_folder = path.join(
             path.dirname(downloaded_dist_file),
-            os.listdir(dist_dir)[0]
+            dist_files[0]
         )
     elif pkg.install_type == PackageInfo.InstallType.DIST_FILE:
+        # Ensure the dist directory exists
+        os.makedirs(dist_dir, exist_ok=True)
+        
         await pip_utils.download(pkg.location, dist_dir, prefer_source_distribution=False)
         # unpack the downloaded dist file.
-        downloaded_dist_file = path.join(dist_dir, os.listdir(dist_dir)[0])
+        dist_files = os.listdir(dist_dir)
+        if not dist_files:
+            msg = f"No files downloaded to {dist_dir} for package {pkg.name}"
+            py2docfx_logger.error(msg)
+            raise FileNotFoundError(f"No files found in {dist_dir}")
+            
+        downloaded_dist_file = path.join(dist_dir, dist_files[0])
         await pack.unpack_dist(pkg.name, downloaded_dist_file)
         os.remove(downloaded_dist_file)
+        
+        # Check again after unpacking
+        dist_files = os.listdir(dist_dir)
+        if not dist_files:
+            msg = f"No files found in {dist_dir} after unpacking for package {pkg.name}"
+            py2docfx_logger.error(msg)
+            raise FileNotFoundError(f"No files found in {dist_dir} after unpacking")
         if downloaded_dist_file.endswith(".tar.gz"):
             downloaded_dist_file = downloaded_dist_file.rsplit(".", maxsplit=1)[
                 0]
         source_folder = path.join(
             path.dirname(downloaded_dist_file),
-            os.listdir(dist_dir)[0]
+            dist_files[0] if dist_files else ""
         )
     else:
         msg = f"Unknown install type: {pkg.install_type}"

py2docfx/convert_prepare/git.py

@@ -25,7 +25,7 @@ async def clone(repo_location, branch, folder, extra_token=None):
         raise ValueError(msg)
     else:
         # Remove http(s):// from url to record. Further avoid dup-clone.
-        pureURL = re.sub("^\s*https?://", "", repo_location)
+        pureURL = re.sub(r"^\s*https?://", "", repo_location)
 
         if pureURL not in repoMap:
             branch = convertBranch(repo_location, branch, extra_token)

py2docfx/docfx_yaml/logger.py

@@ -77,16 +77,18 @@ def counts_errors_warnings(log_file_path):
                 warning_count += 1
     return warning_count, error_count
 
-def get_warning_error_count():
-    main_log_file_path = os.path.join("logs", "log.txt")
-    warning_count, error_count = counts_errors_warnings(main_log_file_path)
-    
-    log_folder_path = os.path.join("logs", "package_logs")
-    for log_file in os.listdir(log_folder_path):
-        log_file_path = os.path.join(log_folder_path, log_file)
-        warnings, errors = counts_errors_warnings(log_file_path)
-        warning_count += warnings
-        error_count += errors
+def get_warning_error_count():
+    main_log_file_path = os.path.join("logs", "log.txt")
+    warning_count, error_count = counts_errors_warnings(main_log_file_path)
+    
+    log_folder_path = os.path.join("logs", "package_logs")
+    # Check if the directory exists before trying to list its contents
+    if os.path.exists(log_folder_path) and os.path.isdir(log_folder_path):
+        for log_file in os.listdir(log_folder_path):
+            log_file_path = os.path.join(log_folder_path, log_file)
+            warnings, errors = counts_errors_warnings(log_file_path)
+            warning_count += warnings
+            error_count += errors
     
     return warning_count, error_count
 
@@ -118,15 +120,17 @@ def print_out_log_by_log_level(log_list, log_level):
         if log['level'] >= log_level and log['message'] not in ['', '\n', '\r\n']:
             print(log['message'])
 
-def output_log_by_log_level():
-    log_level = get_log_level()
-    main_log_file_path = os.path.join("logs", "log.txt")
-    print_out_log_by_log_level(parse_log(main_log_file_path), log_level)
-    
-    package_logs_folder = os.path.join("logs", "package_logs")
-    for log_file in os.listdir(package_logs_folder):
-        log_file_path = os.path.join(package_logs_folder, log_file)
-        print_out_log_by_log_level(parse_log(log_file_path), log_level)
+def output_log_by_log_level():
+    log_level = get_log_level()
+    main_log_file_path = os.path.join("logs", "log.txt")
+    print_out_log_by_log_level(parse_log(main_log_file_path), log_level)
+    
+    package_logs_folder = os.path.join("logs", "package_logs")
+    # Check if the directory exists before trying to list its contents
+    if os.path.exists(package_logs_folder) and os.path.isdir(package_logs_folder):
+        for log_file in os.listdir(package_logs_folder):
+            log_file_path = os.path.join(package_logs_folder, log_file)
+            print_out_log_by_log_level(parse_log(log_file_path), log_level)
 
 async def run_async_subprocess(exe_path, cmd, logger, cwd=None):
     if cwd is None:

py2docfx/venv/basevenv/Lib/site-packages/certifi/__init__.py

@@ -1,4 +1,4 @@
 from .core import contents, where
 
 __all__ = ["contents", "where"]
-__version__ = "2025.07.14"
+__version__ = "2025.08.03"

py2docfx/venv/venv1/Lib/site-packages/azure/identity/_credentials/authorization_code.py

@@ -127,7 +127,7 @@ class AuthorizationCodeCredential(GetTokenMixin):
             return token
 
         token = None
-        for refresh_token in self._client.get_cached_refresh_tokens(scopes):
+        for refresh_token in self._client.get_cached_refresh_tokens(scopes, **kwargs):
             if "secret" in refresh_token:
                 token = self._client.obtain_token_by_refresh_token(scopes, refresh_token["secret"], **kwargs)
                 if token:

py2docfx/venv/venv1/Lib/site-packages/azure/identity/_credentials/broker.py

@@ -0,0 +1,79 @@
+# ------------------------------------
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+# ------------------------------------
+import sys
+from typing import Any
+
+import msal
+from azure.core.credentials import AccessToken, AccessTokenInfo, SupportsTokenInfo
+from .._exceptions import CredentialUnavailableError
+from .._internal.utils import get_broker_credential, is_wsl
+
+
+class BrokerCredential(SupportsTokenInfo):
+    """A broker credential that handles prerequisite checking and falls back appropriately.
+
+    This credential checks if the azure-identity-broker package is available and the platform
+    is supported. If both conditions are met, it uses the real broker credential. Otherwise,
+    it raises CredentialUnavailableError with an appropriate message.
+    """
+
+    def __init__(self, **kwargs: Any) -> None:
+
+        self._tenant_id = kwargs.pop("tenant_id", None)
+        self._client_id = kwargs.pop("client_id", None)
+        self._broker_credential = None
+        self._unavailable_message = None
+
+        # Check prerequisites and initialize the appropriate credential
+        broker_credential_class = get_broker_credential()
+        if broker_credential_class and (sys.platform.startswith("win") or is_wsl()):
+            # The silent auth flow for brokered auth is available on Windows/WSL with the broker package
+            try:
+                broker_credential_args = {
+                    "tenant_id": self._tenant_id,
+                    "parent_window_handle": msal.PublicClientApplication.CONSOLE_WINDOW_HANDLE,
+                    "use_default_broker_account": True,
+                    "disable_interactive_fallback": True,
+                    **kwargs,
+                }
+                if self._client_id:
+                    broker_credential_args["client_id"] = self._client_id
+                self._broker_credential = broker_credential_class(**broker_credential_args)
+            except Exception as ex:  # pylint: disable=broad-except
+                self._unavailable_message = f"InteractiveBrowserBrokerCredential initialization failed: {ex}"
+        else:
+            # Determine the specific reason for unavailability
+            if broker_credential_class is None:
+                self._unavailable_message = (
+                    "InteractiveBrowserBrokerCredential unavailable. "
+                    "The 'azure-identity-broker' package is required to use brokered authentication."
+                )
+            else:
+                self._unavailable_message = (
+                    "InteractiveBrowserBrokerCredential unavailable. "
+                    "Brokered authentication is only supported on Windows and WSL platforms."
+                )
+
+    def get_token(self, *scopes: str, **kwargs: Any) -> AccessToken:
+        if self._broker_credential:
+            return self._broker_credential.get_token(*scopes, **kwargs)
+        raise CredentialUnavailableError(message=self._unavailable_message)
+
+    def get_token_info(self, *scopes: str, **kwargs: Any) -> AccessTokenInfo:
+        if self._broker_credential:
+            return self._broker_credential.get_token_info(*scopes, **kwargs)
+        raise CredentialUnavailableError(message=self._unavailable_message)
+
+    def __enter__(self) -> "BrokerCredential":
+        if self._broker_credential:
+            self._broker_credential.__enter__()
+        return self
+
+    def __exit__(self, *args):
+        if self._broker_credential:
+            self._broker_credential.__exit__(*args)
+
+    def close(self) -> None:
+        self.__exit__()

py2docfx/venv/venv1/Lib/site-packages/azure/identity/_credentials/chained.py

@@ -23,10 +23,16 @@ _LOGGER = logging.getLogger(__name__)
 def _get_error_message(history):
     attempts = []
     for credential, error in history:
+        # Check if credential has a custom name (for DACErrorReporter instances)
+        if hasattr(credential, "_credential_name"):
+            credential_name = credential._credential_name  # pylint: disable=protected-access
+        else:
+            credential_name = credential.__class__.__name__
+
         if error:
-            attempts.append("{}: {}".format(credential.__class__.__name__, error))
+            attempts.append("{}: {}".format(credential_name, error))
         else:
-            attempts.append(credential.__class__.__name__)
+            attempts.append(credential_name)
     return """
 Attempted credentials:\n\t{}""".format(
         "\n\t".join(attempts)

py2docfx/venv/venv1/Lib/site-packages/azure/identity/_credentials/default.py

@@ -6,10 +6,18 @@ import logging
 import os
 from typing import List, Any, Optional, cast
 
-from azure.core.credentials import AccessToken, AccessTokenInfo, TokenRequestOptions, SupportsTokenInfo, TokenCredential
+from azure.core.credentials import (
+    AccessToken,
+    AccessTokenInfo,
+    TokenRequestOptions,
+    SupportsTokenInfo,
+    TokenCredential,
+)
+from .. import CredentialUnavailableError
 from .._constants import EnvironmentVariables
-from .._internal import get_default_authority, normalize_authority, within_dac
+from .._internal.utils import get_default_authority, normalize_authority, within_dac, process_credential_exclusions
 from .azure_powershell import AzurePowerShellCredential
+from .broker import BrokerCredential
 from .browser import InteractiveBrowserCredential
 from .chained import ChainedTokenCredential
 from .environment import EnvironmentCredential
@@ -23,6 +31,32 @@ from .workload_identity import WorkloadIdentityCredential
 _LOGGER = logging.getLogger(__name__)
 
 
+class FailedDACCredential:
+    """This acts as a substitute for a credential that has failed to initialize in the DAC chain.
+
+    This allows instantiation errors to be reported in ChainTokenCredential if all token requests fail.
+    """
+
+    def __init__(self, credential_name: str, error: str) -> None:
+        self._error = error
+        self._credential_name = credential_name
+
+    def get_token(self, *scopes: str, **kwargs: Any) -> AccessToken:
+        raise CredentialUnavailableError(self._error)
+
+    def get_token_info(self, *scopes, options: Optional[TokenRequestOptions] = None, **kwargs: Any) -> AccessTokenInfo:
+        raise CredentialUnavailableError(self._error)
+
+    def __enter__(self) -> "FailedDACCredential":
+        return self
+
+    def __exit__(self, *args: Any) -> None:
+        pass
+
+    def close(self) -> None:
+        pass
+
+
 class DefaultAzureCredential(ChainedTokenCredential):
     """A credential capable of handling most Azure SDK authentication scenarios. For more information, See
     `Usage guidance for DefaultAzureCredential
@@ -42,6 +76,8 @@ class DefaultAzureCredential(ChainedTokenCredential):
     5. The identity currently logged in to the Azure CLI.
     6. The identity currently logged in to Azure PowerShell.
     7. The identity currently logged in to the Azure Developer CLI.
+    8. Brokered authentication. On Windows and WSL only, this uses the default account logged in via
+       Web Account Manager (WAM) if the `azure-identity-broker` package is installed.
 
     This default behavior is configurable with keyword arguments.
 
@@ -64,9 +100,13 @@ class DefaultAzureCredential(ChainedTokenCredential):
         **False**.
     :keyword bool exclude_interactive_browser_credential: Whether to exclude interactive browser authentication (see
         :class:`~azure.identity.InteractiveBrowserCredential`). Defaults to **True**.
+    :keyword bool exclude_broker_credential: Whether to exclude the broker credential from the credential chain.
+        Defaults to **False**.
     :keyword str interactive_browser_tenant_id: Tenant ID to use when authenticating a user through
         :class:`~azure.identity.InteractiveBrowserCredential`. Defaults to the value of environment variable
         AZURE_TENANT_ID, if any. If unspecified, users will authenticate in their home tenants.
+    :keyword str broker_tenant_id: The tenant ID to use when using brokered authentication. Defaults to the value of
+        environment variable AZURE_TENANT_ID, if any. If unspecified, users will authenticate in their home tenants.
     :keyword str managed_identity_client_id: The client ID of a user-assigned managed identity. Defaults to the value
         of the environment variable AZURE_CLIENT_ID, if any. If not specified, a system-assigned identity will be used.
     :keyword str workload_identity_client_id: The client ID of an identity assigned to the pod. Defaults to the value
@@ -75,14 +115,15 @@ class DefaultAzureCredential(ChainedTokenCredential):
         Defaults to the value of environment variable AZURE_TENANT_ID, if any.
     :keyword str interactive_browser_client_id: The client ID to be used in interactive browser credential. If not
         specified, users will authenticate to an Azure development application.
+    :keyword str broker_client_id: The client ID to be used in brokered authentication. If not specified, users will
+        authenticate to an Azure development application.
     :keyword str shared_cache_username: Preferred username for :class:`~azure.identity.SharedTokenCacheCredential`.
         Defaults to the value of environment variable AZURE_USERNAME, if any.
     :keyword str shared_cache_tenant_id: Preferred tenant for :class:`~azure.identity.SharedTokenCacheCredential`.
         Defaults to the value of environment variable AZURE_TENANT_ID, if any.
     :keyword str visual_studio_code_tenant_id: Tenant ID to use when authenticating with
-        :class:`~azure.identity.VisualStudioCodeCredential`. Defaults to the "Azure: Tenant" setting in VS Code's user
-        settings or, when that setting has no value, the "organizations" tenant, which supports only Azure Active
-        Directory work or school accounts.
+        :class:`~azure.identity.VisualStudioCodeCredential`. Defaults to the tenant specified in the authentication
+        record file used by the Azure Resources extension.
     :keyword int process_timeout: The timeout in seconds to use for developer credentials that run
         subprocesses (e.g. AzureCliCredential, AzurePowerShellCredential). Defaults to **10** seconds.
 
@@ -101,18 +142,10 @@ class DefaultAzureCredential(ChainedTokenCredential):
             raise TypeError("'tenant_id' is not supported in DefaultAzureCredential.")
 
         authority = kwargs.pop("authority", None)
-
-        vscode_tenant_id = kwargs.pop(
-            "visual_studio_code_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)
-        )
-        vscode_args = dict(kwargs)
-        if authority:
-            vscode_args["authority"] = authority
-        if vscode_tenant_id:
-            vscode_args["tenant_id"] = vscode_tenant_id
-
         authority = normalize_authority(authority) if authority else get_default_authority()
 
+        vscode_tenant_id = kwargs.pop("visual_studio_code_tenant_id", None)
+
         interactive_browser_tenant_id = kwargs.pop(
             "interactive_browser_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)
         )
@@ -126,6 +159,9 @@ class DefaultAzureCredential(ChainedTokenCredential):
         )
         interactive_browser_client_id = kwargs.pop("interactive_browser_client_id", None)
 
+        broker_tenant_id = kwargs.pop("broker_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID))
+        broker_client_id = kwargs.pop("broker_client_id", None)
+
         shared_cache_username = kwargs.pop("shared_cache_username", os.environ.get(EnvironmentVariables.AZURE_USERNAME))
         shared_cache_tenant_id = kwargs.pop(
             "shared_cache_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)
@@ -133,52 +169,97 @@ class DefaultAzureCredential(ChainedTokenCredential):
 
         process_timeout = kwargs.pop("process_timeout", 10)
 
-        token_credentials_env = os.environ.get(EnvironmentVariables.AZURE_TOKEN_CREDENTIALS, "").strip().lower()
-        exclude_workload_identity_credential = kwargs.pop("exclude_workload_identity_credential", False)
-        exclude_environment_credential = kwargs.pop("exclude_environment_credential", False)
-        exclude_managed_identity_credential = kwargs.pop("exclude_managed_identity_credential", False)
-        exclude_shared_token_cache_credential = kwargs.pop("exclude_shared_token_cache_credential", False)
-        exclude_visual_studio_code_credential = kwargs.pop("exclude_visual_studio_code_credential", True)
-        exclude_developer_cli_credential = kwargs.pop("exclude_developer_cli_credential", False)
-        exclude_cli_credential = kwargs.pop("exclude_cli_credential", False)
-        exclude_interactive_browser_credential = kwargs.pop("exclude_interactive_browser_credential", True)
-        exclude_powershell_credential = kwargs.pop("exclude_powershell_credential", False)
-
-        if token_credentials_env == "dev":
-            # In dev mode, use only developer credentials
-            exclude_environment_credential = True
-            exclude_managed_identity_credential = True
-            exclude_workload_identity_credential = True
-        elif token_credentials_env == "prod":
-            # In prod mode, use only production credentials
-            exclude_shared_token_cache_credential = True
-            exclude_visual_studio_code_credential = True
-            exclude_cli_credential = True
-            exclude_developer_cli_credential = True
-            exclude_powershell_credential = True
-            exclude_interactive_browser_credential = True
-        elif token_credentials_env != "":
-            # If the environment variable is set to something other than dev or prod, raise an error
-            raise ValueError(
-                f"Invalid value for {EnvironmentVariables.AZURE_TOKEN_CREDENTIALS}: {token_credentials_env}. "
-                "Valid values are 'dev' or 'prod'."
-            )
+        # Define credential configuration mapping
+        credential_config = {
+            "environment": {
+                "exclude_param": "exclude_environment_credential",
+                "env_name": "environmentcredential",
+                "default_exclude": False,
+            },
+            "workload_identity": {
+                "exclude_param": "exclude_workload_identity_credential",
+                "env_name": "workloadidentitycredential",
+                "default_exclude": False,
+            },
+            "managed_identity": {
+                "exclude_param": "exclude_managed_identity_credential",
+                "env_name": "managedidentitycredential",
+                "default_exclude": False,
+            },
+            "shared_token_cache": {
+                "exclude_param": "exclude_shared_token_cache_credential",
+                "default_exclude": False,
+            },
+            "visual_studio_code": {
+                "exclude_param": "exclude_visual_studio_code_credential",
+                "env_name": "visualstudiocodecredential",
+                "default_exclude": False,
+            },
+            "cli": {
+                "exclude_param": "exclude_cli_credential",
+                "env_name": "azureclicredential",
+                "default_exclude": False,
+            },
+            "developer_cli": {
+                "exclude_param": "exclude_developer_cli_credential",
+                "env_name": "azuredeveloperclicredential",
+                "default_exclude": False,
+            },
+            "powershell": {
+                "exclude_param": "exclude_powershell_credential",
+                "env_name": "azurepowershellcredential",
+                "default_exclude": False,
+            },
+            "interactive_browser": {
+                "exclude_param": "exclude_interactive_browser_credential",
+                "env_name": "interactivebrowsercredential",
+                "default_exclude": True,
+            },
+            "broker": {
+                "exclude_param": "exclude_broker_credential",
+                "default_exclude": False,
+            },
+        }
+
+        # Extract user-provided exclude flags and set defaults
+        exclude_flags = {}
+        user_excludes = {}
+        for cred_key, config in credential_config.items():
+            param_name = cast(str, config["exclude_param"])
+            user_excludes[cred_key] = kwargs.pop(param_name, None)
+            exclude_flags[cred_key] = config["default_exclude"]
+
+        # Process AZURE_TOKEN_CREDENTIALS environment variable and apply user overrides
+        exclude_flags = process_credential_exclusions(credential_config, exclude_flags, user_excludes)
+
+        # Extract individual exclude flags for backward compatibility
+        exclude_environment_credential = exclude_flags["environment"]
+        exclude_workload_identity_credential = exclude_flags["workload_identity"]
+        exclude_managed_identity_credential = exclude_flags["managed_identity"]
+        exclude_shared_token_cache_credential = exclude_flags["shared_token_cache"]
+        exclude_visual_studio_code_credential = exclude_flags["visual_studio_code"]
+        exclude_cli_credential = exclude_flags["cli"]
+        exclude_developer_cli_credential = exclude_flags["developer_cli"]
+        exclude_powershell_credential = exclude_flags["powershell"]
+        exclude_interactive_browser_credential = exclude_flags["interactive_browser"]
+        exclude_broker_credential = exclude_flags["broker"]
 
         credentials: List[SupportsTokenInfo] = []
         within_dac.set(True)
         if not exclude_environment_credential:
             credentials.append(EnvironmentCredential(authority=authority, _within_dac=True, **kwargs))
         if not exclude_workload_identity_credential:
-            if all(os.environ.get(var) for var in EnvironmentVariables.WORKLOAD_IDENTITY_VARS):
-                client_id = workload_identity_client_id
+            try:
                 credentials.append(
                     WorkloadIdentityCredential(
-                        client_id=cast(str, client_id),
+                        client_id=cast(str, workload_identity_client_id),
                         tenant_id=workload_identity_tenant_id,
-                        token_file_path=os.environ[EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE],
+                        token_file_path=os.environ.get(EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE),
                         **kwargs,
                     )
                 )
+            except ValueError as ex:
+                credentials.append(FailedDACCredential("WorkloadIdentityCredential", error=str(ex)))
         if not exclude_managed_identity_credential:
             credentials.append(
                 ManagedIdentityCredential(
@@ -197,7 +278,7 @@ class DefaultAzureCredential(ChainedTokenCredential):
             except Exception as ex:  # pylint:disable=broad-except
                 _LOGGER.info("Shared token cache is unavailable: '%s'", ex)
         if not exclude_visual_studio_code_credential:
-            credentials.append(VisualStudioCodeCredential(**vscode_args))
+            credentials.append(VisualStudioCodeCredential(tenant_id=vscode_tenant_id))
         if not exclude_cli_credential:
             credentials.append(AzureCliCredential(process_timeout=process_timeout))
         if not exclude_powershell_credential:
@@ -213,6 +294,12 @@ class DefaultAzureCredential(ChainedTokenCredential):
                 )
             else:
                 credentials.append(InteractiveBrowserCredential(tenant_id=interactive_browser_tenant_id, **kwargs))
+        if not exclude_broker_credential:
+            broker_credential_args = {"tenant_id": broker_tenant_id, **kwargs}
+            if broker_client_id:
+                broker_credential_args["client_id"] = broker_client_id
+            credentials.append(BrokerCredential(**broker_credential_args))
+
         within_dac.set(False)
         super(DefaultAzureCredential, self).__init__(*credentials)
 
@@ -245,8 +332,10 @@ class DefaultAzureCredential(ChainedTokenCredential):
             )
             return token
         within_dac.set(True)
-        token = super().get_token(*scopes, claims=claims, tenant_id=tenant_id, **kwargs)
-        within_dac.set(False)
+        try:
+            token = super().get_token(*scopes, claims=claims, tenant_id=tenant_id, **kwargs)
+        finally:
+            within_dac.set(False)
         return token
 
     def get_token_info(self, *scopes: str, options: Optional[TokenRequestOptions] = None) -> AccessTokenInfo:
@@ -274,6 +363,8 @@ class DefaultAzureCredential(ChainedTokenCredential):
             return token_info
 
         within_dac.set(True)
-        token_info = cast(SupportsTokenInfo, super()).get_token_info(*scopes, options=options)
-        within_dac.set(False)
+        try:
+            token_info = cast(SupportsTokenInfo, super()).get_token_info(*scopes, options=options)
+        finally:
+            within_dac.set(False)
         return token_info

py2docfx/venv/venv1/Lib/site-packages/azure/identity/_credentials/imds.py

@@ -6,9 +6,11 @@ import os
 import json
 from typing import Any, Optional, Dict
 
+from azure.core.pipeline import PipelineResponse
 from azure.core.exceptions import ClientAuthenticationError, HttpResponseError
 from azure.core.pipeline.transport import HttpRequest
 from azure.core.credentials import AccessTokenInfo
+from azure.core.pipeline.policies import RetryPolicy
 
 from .. import CredentialUnavailableError
 from .._constants import EnvironmentVariables
@@ -31,6 +33,28 @@ PIPELINE_SETTINGS = {
 }
 
 
+class ImdsRetryPolicy(RetryPolicy):
+    """Custom retry policy for IMDS credential with extended retry duration for 410 responses.
+
+    This policy ensures that specifically for 410 status codes, the total exponential backoff duration
+    is at least 70 seconds to handle temporary IMDS endpoint unavailability.
+    For other status codes, it uses the standard retry behavior.
+    """
+
+    def __init__(self, **kwargs: Any) -> None:
+        # Increased backoff factor to ensure at least 70 seconds retry duration for 410 responses.
+        # Five retries, with each retry sleeping for [0.0s, 5.0s, 10.0s, 20.0s, 40.0s] between attempts (75s total)
+        self.backoff_factor_for_410 = 2.5
+        super().__init__(**kwargs)
+
+    def is_retry(self, settings: Dict[str, Any], response: PipelineResponse[Any, Any]) -> bool:
+        if response.http_response.status_code == 410:
+            settings["backoff"] = self.backoff_factor_for_410
+        else:
+            settings["backoff"] = self.backoff_factor
+        return super().is_retry(settings, response)
+
+
 def _get_request(scope: str, identity_config: Dict) -> HttpRequest:
     url = (
         os.environ.get(EnvironmentVariables.AZURE_POD_IDENTITY_AUTHORITY_HOST, IMDS_AUTHORITY).strip("/")
@@ -58,7 +82,7 @@ def _check_forbidden_response(ex: HttpResponseError) -> None:
 
 class ImdsCredential(MsalManagedIdentityClient):
     def __init__(self, **kwargs: Any) -> None:
-        super(ImdsCredential, self).__init__(**kwargs)
+        super().__init__(retry_policy_class=ImdsRetryPolicy, **dict(PIPELINE_SETTINGS, **kwargs))
         self._config = kwargs
 
         if EnvironmentVariables.AZURE_POD_IDENTITY_AUTHORITY_HOST in os.environ: