Skip to main content

Microsoft App Configuration Provider Library for Python

Project description

Azure App Configuration Python Provider client library for Python

Azure App Configuration is a managed service that helps developers centralize their application configurations simply and securely. This provider adds additional functionality above the azure-sdk-for-python.

Using the provider enables loading sets of configurations from an Azure App Configuration store in a managed way.

Getting started

Get credentials

Use the Azure CLI snippet below to get the connection string from the Configuration Store.

az appconfig credential list --name <config-store-name>

Alternatively, get the connection string from the Azure Portal.

Creating a provider

You can create a client with a connection string:

from azure.appconfiguration.provider import load

config = load(connection_string="your-connection-string")

or with AAD:

from azure.appconfiguration.provider import load

config = load(endpoint="your-endpoint", credential=DefaultAzureCredential())

these providers will by default load all configurations with (No Label) from your configuration store into a dictionary of key/values.

Features

Currently the Azure App Configuration Provider enables:

  • Connecting to an App Configuration Store using a connection string or Azure Active Directory.
  • Selecting multiple sets of configurations using SettingSelector.
  • Dynamic Refresh
  • Trim prefixes off key names.
  • Resolving Key Vault References, requires AAD.
  • Secret Resolver, resolve Key Vault References locally without connecting to Key Vault.
  • Json Content Type

Future Features

List of features we are going to add to the Python Provider in the future.

  • Geo-Replication support
  • Feature Management
  • Configuration Placeholders

Examples

Selecting configurations

You can refine or expand the configurations loaded from your store by using SettingSelectors. Setting selectors provide a way to pass a key filter and label filter into the provider.

from azure.appconfiguration.provider import load, SettingSelector
from azure.identity import DefaultAzureCredential

selects = {SettingSelector(key_filter="*", label_filter="\0"), SettingSelector(key_filter="*", label_filter="dev")}
config = load(endpoint=endpoint, credential=DefaultAzureCredential(), selects=selects)

In this example all configuration with empty label and the dev label are loaded. Because the dev selector is listed last, any configurations from dev take priority over those with (No Label) when duplicates are found.

Dynamic Refresh

The provider can be configured to refresh configurations from the store on a set interval. This is done by providing a refresh_on to the provider, which is a list of key(s) that will be watched for changes, and when they do change a refresh can happen. refresh_interval is the period of time in seconds between refreshes. on_refresh_success is a callback that will be called only if a change is detected and no error happens. on_refresh_error is a callback that will be called when a refresh fails.

from azure.appconfiguration.provider import load, WatchKey
import os

connection_string = os.environ.get("APPCONFIGURATION_CONNECTION_STRING")

def my_callback_on_success():
    # Do something on success
    ...

def my_callback_on_fail(error):
    # Do something on fail
    ...

config = load(
    connection_string=connection_string,
    refresh_on=[WatchKey("Sentinel")],
    refresh_interval=60,
    on_refresh_success=my_callback_on_success,
    on_refresh_error=my_callback_on_fail,
    **kwargs,
)

In this example, the sentinel key will be checked for changes no sooner than every 60 seconds. In order to check for changes, the provider's refresh method needs to be called.

config.refresh()

Once the provider is refreshed, the configurations can be accessed as normal. And if any changes have been made it will be updated with the latest values. If the refresh_interval hasn't passed since the last refresh check, the provider will not check for changes.

For additional info check out Dynamic Refresh on MS Learn.

Trimming Keys

You can trim the prefix off of keys by providing a list of trimmed key prefixes to the provider. For example, if you have the key(s) like /application/message in your configuration store, you could trim /application/ from them.

from azure.appconfiguration.provider import load
from azure.identity import DefaultAzureCredential

trim_prefixes={"/application/"}
config = load(endpoint=endpoint, credential=DefaultAzureCredential(), trim_prefixes=trim_prefixes)
print(config["message"])

Resolving Key Vault References

Key Vault References can be resolved by providing credentials to your key vault to the provider using AzureAppConfigurationKeyVaultOptions.

With Credentials

You can provide AzureAppConfigurationKeyVaultOptions with a credential and all key vault references will be resolved with it. The provider will attempt to connect to any key vault referenced with the credential provided.

from azure.appconfiguration.provider import load, AzureAppConfigurationKeyVaultOptions
from azure.identity import DefaultAzureCredential

key_vault_options = AzureAppConfigurationKeyVaultOptions(credential=DefaultAzureCredential())
config = load(endpoint=endpoint, credential=DefaultAzureCredential(), key_vault_options=key_vault_options)

With Clients

You can provide AzureAppConfigurationKeyVaultOptions with a list of SecretClients.

from azure.appconfiguration.provider import load, AzureAppConfigurationKeyVaultOptions
from azure.identity import DefaultAzureCredential

key_vault_options = AzureAppConfigurationKeyVaultOptions(
    client_configs={key_vault_uri: {'credential': credential}})
config = load(endpoint=endpoint, credential=DefaultAzureCredential(), key_vault_options=key_vault_options)

Secret Resolver

If no Credentials or Clients are provided a secret resolver can be used. Secret resolver provides a way to return any value you want to a key vault reference.

from azure.appconfiguration.provider import load, AzureAppConfigurationKeyVaultOptions
from azure.identity import DefaultAzureCredential

def secret_resolver(uri):
    return "From Secret Resolver"

key_vault_options = AzureAppConfigurationKeyVaultOptions(
    secret_resolver=secret_resolver)
config = load(endpoint=endpoint, credential=DefaultAzureCredential(), key_vault_options=key_vault_options)

Key concepts

Troubleshooting

Next steps

Check out our Django and Flask examples to see how to use the provider in a web application.

Django

Flask

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Release History

1.1.0b3 (2023-12-19)

Features Added

  • Added on_refresh_success callback to load method. This callback is called when the refresh method successfully refreshes the configuration.
  • Added minimum up time. This is the minimum amount of time the provider will try to be up before throwing an error. This is to prevent quick restart loops.

Bugs Fixed

  • Fixes issue where the refresh timer only reset after a change was found.

Other Changes

  • Renamed the type SentinelKey to be WatchKey.

1.1.0b2 (2023-09-29)

Features Added

  • Added support for keyvault_credential, keyvault_client_configs, and secret_resolver as kwargs instead of using AzureAppConfigurationKeyVaultOptions.

Bugs Fixed

  • Fixes issue where user_agent was required to be set.
  • Fixes issue where correlation context info is wrong on refresh.

1.1.0b1 (2023-09-13)

Features Added

  • New API for Azure App Configuration Provider, refresh, which can be used to refresh the configuration from the Azure App Configuration service. refresh by default can check every 30 seconds for changes to specified sentinel keys. If a change is detected then all configurations are reloaded. Sentinel keys can be set by passing a list of SentinelKey's to refresh_on.
  • Added support for customer provided user agent prefix.

Other Changes

  • Updated to use AZURE_APP_CONFIGURATION_TRACING_DISABLED environment variable to disable tracing.
  • Changed the maximum number of retries to 2 from the default of 3 retries.
  • Changed the maximum back off time between retries to 1 minute from the default of 2 minutes.
  • Bumped minimum dependency on azure-core to >=1.25.0

1.0.0 (2023-03-09)

Breaking Changes

  • Renamed load_provider to load
  • Added AzureAppConfigurationKeyVaultOptions to take in a client_configs a Mapping of endpoints to client kwargs instead of taking in the whole client.
  • Removed AzureAppConfigurationKeyVaultOptions secret_clients, client_configs should be used instead.
  • Made key_filter and label_filter kwargs for Setting Selector
  • Renamed trimmed_key_prefixes to trim_prefixes

Other Changes

  • Made EMPTY_LABEL a constant. i.e. "\0"

1.0.0b2 (2023-02-15)

Features Added

  • Added Async Support
  • Added missing methods for Mapping API
  • Made load method properties unordered.

Breaking Changes

  • Changes how load works. Moves if from AzureAppConfigurationProvider.load to load_provider.
  • Removed custom Key Vault Error
  • Removed unneeded repr and copy methods.
  • All Feature Flags are added to there own key and have there prefix removed

Bugs Fixed

  • Fixed Issue where Key Vault Clients couldn't be set in some situations

Other Changes

  • Updated method docs
  • Fixed load doc that used selector instead of selects.
  • Fixed CLI link in Readme.

1.0.0b1 (2022-10-13)

New Azure App Configuration Provider

Provides additional support above the Azure App Configuration SDK. Enables:

  • Connecting to an Azure App Configuration store
  • Selecting multiple keys using Setting Selector
  • Resolve Key Vault References when supplied AzureAppConfigurationKeyVaultOptions

The Azure App Configuration Provider once loaded returns a dictionary of key/value pairs to use in configuration.

endpoint = "https://<your-store>.azconfig.io"
default_credential = DefaultAzureCredential()
config = AzureAppConfigurationProvider.load(
    endpoint=endpoint, credential=default_credential)
print(config["message"])

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

azure-appconfiguration-provider-1.1.0b3.tar.gz (30.8 kB view details)

Uploaded Source

Built Distribution

File details

Details for the file azure-appconfiguration-provider-1.1.0b3.tar.gz.

File metadata

File hashes

Hashes for azure-appconfiguration-provider-1.1.0b3.tar.gz
Algorithm Hash digest
SHA256 7765a9e98f8a2ead4a66ee65f6df1afd902850b9fdd7d2f3bebec58c4dd02c80
MD5 8815b3a4c076ff7389c3a7d84ffc6633
BLAKE2b-256 25f8fbcd3aba7323e59991f707cca51c41a74c5f4e042e7eb787f1ba8599b6cc

See more details on using hashes here.

File details

Details for the file azure_appconfiguration_provider-1.1.0b3-py3-none-any.whl.

File metadata

File hashes

Hashes for azure_appconfiguration_provider-1.1.0b3-py3-none-any.whl
Algorithm Hash digest
SHA256 de2291e51e4f8a5f56ca2b3d7b352f8d843d513b0680cd89094e21eada6e6697
MD5 401b3eec9a01c84cfac4b18cfc46aa8a
BLAKE2b-256 1e053b4dd9ae19f1f83f232e121c81d8db9e827c51896ecd82c572fadb38afe2

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page