Telemetry: unwrap TokenFederationProvider to report inner auth mech/flow#781
Merged
samikshya-db merged 3 commits intomainfrom Apr 28, 2026
Merged
Telemetry: unwrap TokenFederationProvider to report inner auth mech/flow#781samikshya-db merged 3 commits intomainfrom
samikshya-db merged 3 commits intomainfrom
Conversation
…tion TokenFederationProvider wraps an underlying auth provider (PAT, OAuth, M2M) and only adds a token-exchange step. The telemetry helpers previously fell through to AuthMech.OTHER with no flow, hiding the actual auth method. Unwrap and recurse on external_provider so federated PAT reports PAT, federated M2M reports CLIENT_CREDENTIALS, etc. Co-authored-by: Isaac
Build real TokenFederationProvider instances (instead of MagicMocks) so attribute renames on external_provider break the test rather than passing silently. Add a payload-serialization assertion confirming the federated PAT case emits "auth_mech": "PAT" in the JSON event, and a None-inner- provider edge case. Co-authored-by: Isaac
Sets the mocked Session's auth_provider to a real TokenFederationProvider wrapping AccessTokenAuthProvider, then asserts the captured DriverConnectionParameters reports auth_mech=PAT. This catches regressions in the wiring at client.py:383-384 (e.g., wrong provider passed to TelemetryHelper) that the helper-only tests would miss. Co-authored-by: Isaac
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
TokenFederationProviderwraps an inner auth provider (PAT, OAuth, M2M /ExternalAuthProvider) and only layers a token-exchange step on top.TelemetryHelper.get_auth_mechanism/get_auth_flowpreviously had no branch for it, so federated connections fell through toAuthMech.OTHERwith no flow — hiding the actual auth method.TokenFederationProviderin both helpers and recurse onexternal_provider. Federated PAT now reportsPAT, federated M2M reportsOTHER+CLIENT_CREDENTIALS, federated OAuth reportsOAUTH+ the appropriate flow.Test plan
poetry run pytest tests/unit/test_telemetry.py::TestTelemetryHelper -v(4 passed, including newtest_token_federation_unwraps_to_inner_provider)This pull request and its description were written by Isaac.