[PostgreSQL] Create azure-postgresql-auth package#45655
Draft
pvaneck wants to merge 4 commits intoAzure:mainfrom
Draft
[PostgreSQL] Create azure-postgresql-auth package#45655pvaneck wants to merge 4 commits intoAzure:mainfrom
pvaneck wants to merge 4 commits intoAzure:mainfrom
Conversation
pvaneck
force-pushed
the
postgresql-auth
branch
2 times, most recently
from
d6fbc94 to
876c9e1
Compare
Member
Author
|
/azp run prepare-pipelines |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Member
Author
|
/azp run python - postgresql |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Member
Author
|
/azp run python - postgresql - tests |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Signed-off-by: Paul Van Eck <paulvaneck@microsoft.com>
pvaneck
force-pushed
the
postgresql-auth
branch
from
876c9e1 to
f6dd6be
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Migrates the azure-postgresql-auth package into azure-sdk-for-python, adding the library source, tests, samples, docs, and the service-directory CI/test-resource wiring needed to run validation/live tests in this repo.
Changes:
- Added
azure-postgresql-authpackage implementation (core token/claim handling + psycopg2/psycopg3/SQLAlchemy helpers). - Added unit/live tests and runnable samples for supported drivers.
- Added
sdk/postgresqlCI and test-resources (Bicep + pre-deployment script) to enable live testing in the service directory.
Reviewed changes
Copilot reviewed 41 out of 42 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| sdk/postgresql/tests.yml | Service-directory test pipeline entry targeting azure-postgresql-auth. |
| sdk/postgresql/test-resources.bicep | Azure PostgreSQL Flexible Server test resource deployment. |
| sdk/postgresql/test-resources-pre.ps1 | Pre-deployment parameter preparation for test resources (principal name/type). |
| sdk/postgresql/cspell.yaml | Postgresql service-directory spell-check configuration. |
| sdk/postgresql/ci.yml | Service-directory CI configuration for azure-postgresql-auth artifact. |
| sdk/postgresql/azure-postgresql-auth/tests/utils.py | Test utilities and mock credentials for sync/async tests. |
| sdk/postgresql/azure-postgresql-auth/tests/test_sqlalchemy_async.py | SQLAlchemy async unit/live tests. |
| sdk/postgresql/azure-postgresql-auth/tests/test_sqlalchemy.py | SQLAlchemy sync unit/live tests. |
| sdk/postgresql/azure-postgresql-auth/tests/test_psycopg3_async.py | psycopg3 async unit/live tests. |
| sdk/postgresql/azure-postgresql-auth/tests/test_psycopg3.py | psycopg3 sync unit/live tests. |
| sdk/postgresql/azure-postgresql-auth/tests/test_psycopg2.py | psycopg2 unit/live tests. |
| sdk/postgresql/azure-postgresql-auth/tests/test_core_async.py | Async core auth tests. |
| sdk/postgresql/azure-postgresql-auth/tests/test_core.py | Core auth tests (decode/claim parsing/scopes). |
| sdk/postgresql/azure-postgresql-auth/tests/conftest.py | Live-test fixtures (credential + connection strings). |
| sdk/postgresql/azure-postgresql-auth/sdk_packaging.toml | Packaging automation configuration. |
| sdk/postgresql/azure-postgresql-auth/samples/sample_sqlalchemy_connection.py | SQLAlchemy sync/async sample. |
| sdk/postgresql/azure-postgresql-auth/samples/sample_psycopg3_connection.py | psycopg3 sync/async sample. |
| sdk/postgresql/azure-postgresql-auth/samples/sample_psycopg2_connection.py | psycopg2 sample. |
| sdk/postgresql/azure-postgresql-auth/samples/.env.example | Sample environment template. |
| sdk/postgresql/azure-postgresql-auth/pyproject.toml | Project metadata, deps/extras, and build configuration. |
| sdk/postgresql/azure-postgresql-auth/doc/azure_postgresql_auth.sqlalchemy.rst | Sphinx stub for sqlalchemy module docs. |
| sdk/postgresql/azure-postgresql-auth/doc/azure_postgresql_auth.rst | Sphinx root package doc and toctree. |
| sdk/postgresql/azure-postgresql-auth/doc/azure_postgresql_auth.psycopg3.rst | Sphinx stub for psycopg3 module docs. |
| sdk/postgresql/azure-postgresql-auth/doc/azure_postgresql_auth.psycopg2.rst | Sphinx stub for psycopg2 module docs. |
| sdk/postgresql/azure-postgresql-auth/dev_requirements.txt | Dev/test requirements for local development. |
| sdk/postgresql/azure-postgresql-auth/azure_postgresql_auth/sqlalchemy/entra_connection.py | SQLAlchemy sync event hook for credential injection. |
| sdk/postgresql/azure-postgresql-auth/azure_postgresql_auth/sqlalchemy/async_entra_connection.py | SQLAlchemy async engine event hook (sync token fetch via sync_engine). |
| sdk/postgresql/azure-postgresql-auth/azure_postgresql_auth/sqlalchemy/init.py | Public exports for SQLAlchemy helpers. |
| sdk/postgresql/azure-postgresql-auth/azure_postgresql_auth/psycopg3/entra_connection.py | psycopg3 sync connection subclass enabling Entra auth. |
| sdk/postgresql/azure-postgresql-auth/azure_postgresql_auth/psycopg3/async_entra_connection.py | psycopg3 async connection subclass enabling Entra auth. |
| sdk/postgresql/azure-postgresql-auth/azure_postgresql_auth/psycopg3/init.py | Public exports for psycopg3 helpers. |
| sdk/postgresql/azure-postgresql-auth/azure_postgresql_auth/psycopg2/entra_connection.py | psycopg2 connection subclass enabling Entra auth. |
| sdk/postgresql/azure-postgresql-auth/azure_postgresql_auth/psycopg2/init.py | Public exports for psycopg2 helpers. |
| sdk/postgresql/azure-postgresql-auth/azure_postgresql_auth/errors.py | Package exception types. |
| sdk/postgresql/azure-postgresql-auth/azure_postgresql_auth/core.py | Core token acquisition, JWT decode, and username extraction logic. |
| sdk/postgresql/azure-postgresql-auth/azure_postgresql_auth/_version.py | Package version constant. |
| sdk/postgresql/azure-postgresql-auth/azure_postgresql_auth/init.py | Package init + __version__. |
| sdk/postgresql/azure-postgresql-auth/azure_postgresql_auth/py.typed | Marks package as typed. |
| sdk/postgresql/azure-postgresql-auth/README.md | Package readme (concepts, examples, troubleshooting). |
| sdk/postgresql/azure-postgresql-auth/MANIFEST.in | Packaging manifest for tests/samples/docs/typing marker. |
| sdk/postgresql/azure-postgresql-auth/LICENSE | MIT license file. |
| sdk/postgresql/azure-postgresql-auth/CHANGELOG.md | Release history for the migrated package. |
sdk/postgresql/azure-postgresql-auth/azure_postgresql_auth/core.py
Outdated
Show resolved
Hide resolved
sdk/postgresql/azure-postgresql-auth/azure_postgresql_auth/core.py
Outdated
Show resolved
Hide resolved
Comment on lines
+115
to
+120
| xms_mirid = db_claims.get("xms_mirid") | ||
| username = ( | ||
| parse_principal_name(xms_mirid) | ||
| if isinstance(xms_mirid, str) | ||
| else None or db_claims.get("upn") or db_claims.get("preferred_username") or db_claims.get("unique_name") | ||
| ) |
Comment on lines
+41
to
+45
| # Create a synchronous engine | ||
| engine = create_engine( | ||
| f"postgresql+psycopg://{SERVER}/{DATABASE}", | ||
| connect_args={"credential": DefaultAzureCredential()}, | ||
| ) |
Comment on lines
+43
to
+50
| pool = ConnectionPool( | ||
| conninfo=f"postgresql://{SERVER}:5432/{DATABASE}", | ||
| min_size=1, | ||
| max_size=5, | ||
| open=False, | ||
| connection_class=EntraConnection, | ||
| kwargs={"credential": DefaultAzureCredential()}, | ||
| ) |
The `get_entra_token_async` function should not use the credential as a context manager. This will close the underlying transport in several credential types. The lifecycle of the credential should be maanged by the caller. Signed-off-by: Paul Van Eck <paulvaneck@microsoft.com>
pvaneck
force-pushed
the
postgresql-auth
branch
from
dabd547 to
3e82b41
Compare
Signed-off-by: Paul Van Eck <paulvaneck@microsoft.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a migration of the
azure-postgresql-authextension package to the Azure SDK for Python repo.