[data] handle azure UC user delegation SAS #59393
Conversation
Handle azure_user_delegation_sas responses from Databricks UC credential vending and surface keys in error messages for easier troubleshooting. Signed-off-by: soffer-anyscale <stephen.offer@anyscale.com>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds support for Azure Unity Catalog user delegation SAS tokens, which is a valuable enhancement for Azure users. The implementation correctly extracts the SAS token and storage account information from the Databricks UC response. Additionally, the improvement to the credential error message is a great addition for debuggability. I have one minor suggestion to improve code consistency.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Raise when azure_user_delegation_sas lacks a token and set storage account env vars with direct assignment. Signed-off-by: soffer-anyscale <stephen.offer@anyscale.com>
| azure.get("sas_token") | ||
| or azure.get("sas") | ||
| or azure.get("token") | ||
| or azure.get("sasToken") |
There was a problem hiding this comment.
Why is this varying?
There was a problem hiding this comment.
To support multiple versions of Azure UC, which apparently had changed the response key.
There was a problem hiding this comment.
We need to add release test for this
There was a problem hiding this comment.
| azure.get("sas_token") | ||
| or azure.get("sas") | ||
| or azure.get("token") | ||
| or azure.get("sasToken") |
There was a problem hiding this comment.
We need to add release test for this
| azure.get("sas_token") | ||
| or azure.get("sas") | ||
| or azure.get("token") | ||
| or azure.get("sasToken") |
There was a problem hiding this comment.
## Description Add support for Databricks UC Azure responses that return `azure_user_delegation_sas`, extracting the SAS token and storage account for Ray Data reads. Improve the credential error message to list available keys, aiding troubleshooting when UC returns unexpected fields. ## Related issues Related to Azure Databricks Unity Catalog credential vending; no tracked GitHub issue provided. ## Additional information Uses Databricks UC credential vending docs for Azure: https://docs.databricks.com/en/data-governance/unity-catalog/credential-vending.html No API changes; behavior now matches AWS/Azure parity for `ray.data.read_unity_catalog`. --------- Signed-off-by: soffer-anyscale <stephen.offer@anyscale.com>
Description
Add support for Databricks UC Azure responses that return
azure_user_delegation_sas, extracting the SAS token and storage account for Ray Data reads.Improve the credential error message to list available keys, aiding troubleshooting when UC returns unexpected fields.
Related issues
Related to Azure Databricks Unity Catalog credential vending; no tracked GitHub issue provided.
Additional information
Uses Databricks UC credential vending docs for Azure: https://docs.databricks.com/en/data-governance/unity-catalog/credential-vending.html
No API changes; behavior now matches AWS/Azure parity for
ray.data.read_unity_catalog.