added logging

Author: Divyansh-db

databricks/sdk/credentials_provider.py

@@ -117,6 +117,11 @@ def inner(
         def wrapper(cfg: "Config") -> Optional[OAuthCredentialsProvider]:
             # Early environment detection - check before config validation
             if env_vars and not all(os.environ.get(var) for var in env_vars):
+                # Provide specific error message for Azure DevOps OIDC SYSTEM_ACCESSTOKEN
+                if name == "azdo-oidc" and "SYSTEM_ACCESSTOKEN" in env_vars and not os.environ.get("SYSTEM_ACCESSTOKEN"):
+                    logger.debug("Azure DevOps OIDC: SYSTEM_ACCESSTOKEN env var not found. If calling from Azure DevOps Pipeline, please set this env var following https://learn.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml#systemaccesstoken")
+                else:
+                    logger.debug(f"{name}: required environment variables not present, skipping")
                 return None
 
             for attr in require:
@@ -447,8 +452,11 @@ def azure_devops_oidc(cfg: "Config") -> Optional[CredentialsProvider]:
     # Try to get an idToken. If no supplier returns a token, we cannot use this authentication mode.
     id_token = supplier.get_oidc_token(audience)
     if not id_token:
+        logger.debug("Azure DevOps OIDC: no token available, skipping authentication method")
         return None
 
+    logger.info("Configured Azure DevOps OIDC authentication")
+
     def token_source_for(audience: str) -> oauth.TokenSource:
         id_token = supplier.get_oidc_token(audience)
         if not id_token:

databricks/sdk/oidc_token_supplier.py

@@ -1,8 +1,11 @@
+import logging
 import os
 from typing import Optional
 
 import requests
 
+logger = logging.getLogger("databricks.sdk")
+
 
 class GitHubOIDCTokenSupplier:
     """
@@ -50,6 +53,7 @@ def get_oidc_token(self, audience: str) -> Optional[str]:
         # Check for required variables
         if not all([access_token, collection_uri, project_id, plan_id, job_id, hub_name]):
             # not in Azure DevOps pipeline
+            logger.debug("Azure DevOps OIDC: not in Azure DevOps pipeline environment")
             return None
 
         try:
@@ -68,14 +72,17 @@ def get_oidc_token(self, audience: str) -> Optional[str]:
             # Azure DevOps OIDC endpoint requires POST request with empty body
             response = requests.post(endpoint, headers=headers)
             if not response.ok:
+                logger.debug(f"Azure DevOps OIDC: token request failed with status {response.status_code}")
                 return None
 
             # Azure DevOps returns the token in 'oidcToken' field
             response_json = response.json()
             if "oidcToken" not in response_json:
+                logger.debug("Azure DevOps OIDC: response missing 'oidcToken' field")
                 return None
 
+            logger.debug("Azure DevOps OIDC: successfully obtained token")
             return response_json["oidcToken"]
-        except Exception:
-            # If any error occurs, return None to fall back to other auth methods
+        except Exception as e:
+            logger.debug(f"Azure DevOps OIDC: failed to get token: {e}")
             return None