Switch to python-native authentification via azure-identity

[temporaer]

trafficstars

This PR removes the dotnet dependency in favor or a python-native solution based on azure-identity.

The dotnet dependency is a binary operating system package which cannot be installed with pip, and often complicates installation of python packages from devops feeds.

Joint work with @javuc1.

[FSund]

Any progress on this? The dotnet (SDK!) dependency is causing some issues for us.

[pettermoe95]

The dotnet sdk is annoying to deal with during build processes. Got an issue building a docker image because of this dependency, and it would be very nice to accept this change for azure-identity imo.

[jslorrma]

Is this PR still considered and will it be merged at some point?

We are using ADO Artifacts in our organization and we are struggling a lot with consistently setting up artifacts-keyring over different environments (Win 10/11, Unix, OSX, WSL, ...), because of it's dotnet dependency in UNIX senvironments. So a python-native solution, that at least as fallback, could work without artifacts-credprovider would be highly beneficial.

Currently we are patching installations in WSL environments for instance, to call the CredentialProvider.Microsoft.exe instead of the CredentialProvider.Microsoft.dll with dotnet exec, to make it work. The dotnet exec ... here is not working and just fails, without any error.

[jslorrma]

For everyone stumbling upon this PR in search of a Python-native implementation of the artifacts-keyring package, please note that inspired by this PR (kudos to @temporaer and @javuc1) and noting that this PR has been open since February 2023 without being merged, we decided to create our own artifacts keyring backend plugin and to open-source it.

For those interested, the package can be found here: Github

[zooba]

the package can be found here: keyrings.artifacts (LINK REMOVED)

Please don't put packages on Test PyPI and then invite others to install them. That's not at all secure - it's worse than insecure. Test PyPI is literally only for making sure your upload command works. NEVER install anything from there.

I'm not part of the team that owns this package, so I can't do much to speed things up. Last I spoke to them though they were very keen to only have a single implementation that interacts with authentication, and had chosen their .NET one.

[temporaer]

@zooba, I'm not sure whether the owning team monitors this, but if they do, please consider that it's a currently a huge pain to use artifacts keyring outside the seemingly narrow use cases they seem to be targeting. Given that this is Microsoft's only way to securely distribute private python packages, I wish the team would listen and adopt a Linux/python friendly solution using the standard SDK rather than messing with huge binary dependencies that need manual installation and break on every other system.

[jslorrma]

the package can be found here: keyrings.artifacts (LINK REMOVED)

Please don't put packages on Test PyPI and then invite others to install them. That's not at all secure - it's worse than insecure. Test PyPI is literally only for making sure your upload command works. NEVER install anything from there.

Thanks for your advice. I never meant to put the test.pypi link, but the pypi one. Anyhow, I'll remove it and just leave the one to the GitHub repo

[embetten]

We are working on supporting python MSAL without the dotnet runtime by shipping a self-contained version of the artifacts-credprovider as we do not want to be maintaining multiple implementations of the MSAL wrapper.

We appreciate your patience until that work is completed. Closing this PR.