FIX: Strip stale auth fields from pycore_context after token acquisition in bulkcopy#488
Open
bewithgaurav wants to merge 4 commits intomainfrom
Open
FIX: Strip stale auth fields from pycore_context after token acquisition in bulkcopy#488bewithgaurav wants to merge 4 commits intomainfrom
bewithgaurav wants to merge 4 commits intomainfrom
Conversation
bulkcopy() acquires a fresh Azure AD token and sets access_token in the pycore_context dict, but left authentication/user_name/password from the original connection string. py-core's validator rejects access_token combined with those fields (ODBC parity). Pop authentication, user_name, and password after setting access_token.
📊 Code Coverage Report
Diff CoverageDiff: main...HEAD, staged and unstaged changesNo lines with coverage information in this diff. 📋 Files Needing Attention📉 Files with overall lowest coverage (click to expand)mssql_python.pybind.logger_bridge.cpp: 59.2%
mssql_python.pybind.ddbc_bindings.h: 67.8%
mssql_python.pybind.ddbc_bindings.cpp: 70.4%
mssql_python.row.py: 70.5%
mssql_python.pybind.logger_bridge.hpp: 70.8%
mssql_python.pybind.connection.connection.cpp: 75.3%
mssql_python.__init__.py: 77.1%
mssql_python.ddbc_bindings.py: 79.6%
mssql_python.pybind.connection.connection_pool.cpp: 79.6%
mssql_python.connection.py: 85.2%🔗 Quick Links
|
… bewithgaurav/fix-bulkcopy-entra-auth-cleanup
Contributor
There was a problem hiding this comment.
Pull request overview
Fixes cursor.bulkcopy() Azure AD authentication by ensuring that, after acquiring an access token, the py-core connection context does not retain stale connection-string credential fields that py-core rejects.
Changes:
- Strip
authentication,user_name, andpasswordfrompycore_contextafter settingaccess_tokeninCursor.bulkcopy(). - Add a focused unit test validating credential field cleanup when
_auth_typetriggers token acquisition (and verifying SQL-auth passthrough when_auth_typeis unset).
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
mssql_python/cursor.py |
Removes stale auth/credential keys from pycore_context when access_token is used for bulkcopy’s py-core connection. |
tests/test_020_bulkcopy_auth_cleanup.py |
Adds regression tests to assert the py-core context only contains token credentials for AAD bulkcopy. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Work Item / Issue Reference
Summary
Problem
cursor.bulkcopy()acquires a fresh Azure AD token and setspycore_context["access_token"], but leaves the originalauthentication,user_name, andpasswordkeys from the parsed connection string. py-core's validator rejectsaccess_tokencombined with those fields (ODBC parity).Affects:
ActiveDirectoryDefault,ActiveDirectoryInteractive,ActiveDirectoryDeviceCode.Fix
Pop
authentication,user_name, andpasswordfrompycore_contextafter settingaccess_token— the token is the sole credential for the py-core connection.Companion PR
mssql-rs PR replaces a panic with a proper error for the case where no token factory is registered (ADIntegrated, ADPassword).