Avoid using network at import time

AzureAD / microsoft-authentication-library-for-python

Microsoft Authentication Library (MSAL) for Python makes it easy to authenticate to Microsoft Entra ID. General docs are available here https://learn.microsoft.com/entra/msal/python/ Stable APIs are documented here https://msal-python.readthedocs.io. Questions can be asked on www.stackoverflow.com with tag "msal" + "python".

https://stackoverflow.com/questions/tagged/azure-ad-msal+python

Other

754 stars 191 forks source link

Avoid using network at import time #715

Open hauntsaninja opened 3 days ago

hauntsaninja commented 3 days ago

The latest version of msal can open sockets at import time as part of DNS resolution This is from https://github.com/AzureAD/microsoft-authentication-library-for-python/commit/95ccef07ca9f806ab51e9a04e40826c9c8e897bb#diff-24c0727ff4626c6c535d05c13b61fa4b4a47d6fc4496ec0ceadc734191de19cbR128 cc @rayluo

rayluo commented 1 day ago

Hi @hauntsaninja , can you share your code snippet to reproduce the issue? I tried the snippet below but did not see any network traffic.

from http.client import HTTPConnection
import logging

HTTPConnection.debuglevel = 1
logging.basicConfig()
logging.getLogger().setLevel(logging.DEBUG)

import msal

hauntsaninja commented 1 day ago

One easy way to check is to use strace (on Linux):

λ strace -e trace=connect python -c 'import msal'                                  
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
+++ exited with 0 +++

Source is the socket.getfqdn here (class variable assignments run at import time): https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/c1ead1caece73b81f7cb168ca22f8741504ec5bd/msal/managed_identity.py#L147