Skip to content

Fix traced HttpResponseError for identity-based datastores#44650

Draft
Copilot wants to merge 3 commits intomainfrom
copilot/fix-http-response-error-tracing
Draft

Fix traced HttpResponseError for identity-based datastores#44650
Copilot wants to merge 3 commits intomainfrom
copilot/fix-http-response-error-tracing

Conversation

Copy link
Contributor

Copilot AI commented Jan 14, 2026
edited
Loading

get_datastore_info() unconditionally calls _list_secrets(), which raises HttpResponseError for identity-based datastores. While caught and handled, OpenTelemetry captures these exceptions as error traces in Application Insights.

Changes:

  • Check credential type before calling _list_secrets() to avoid exception for identity-based datastores
  • Add import for NoneCredentialConfiguration
  • Preserve existing try/except fallback for credential-based datastores

Before:

try:
    credential = operations._list_secrets(name=name, expirable_secret=True)
    datastore_info["credential"] = credential.sas_token
except HttpResponseError:  # Always raised for identity-based auth, captured by tracing
    datastore_info["credential"] = operations._credential

After:

if isinstance(datastore.credentials, NoneCredentialConfiguration):
    datastore_info["credential"] = operations._credential  # No API call, no exception
else:
    try:
        credential = operations._list_secrets(name=name, expirable_secret=True)
        datastore_info["credential"] = credential.sas_token
    except HttpResponseError:
        datastore_info["credential"] = operations._credential

Unit tests added for identity-based, SAS token, and account key credentials.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • pypi.org
    • Triggering command: /home/REDACTED/work/azure-sdk-for-python/azure-sdk-for-python/.venv/bin/pip pip install pytest-mock -q ests/finetuning_job/e2e_tests/test_maap_finetuning_job.py ests/finetuning_job/unittests/test_azure_openai_finetuning_job_schema.py ests/finetuning_job/unittests/test_finetuning_job_convesion.py ests/finetuning_job/unittests/test_custom_model_finetuning_job_schema.py ests/finetuning_job/conftest.py ests/environment/e2etests/test_environment.py ests/environment/unittests/test_env_entity.py ests/environment/unittests/test_environment_operations.py ests�� ests/environment/unittests/test_environment_operations_registry.py ests/model/e2etests/test_model.py (dns block)
  • scanning-api.github.com
    • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

This section details on the original issue you should resolve

<issue_title>azure-ai-ml get_datastore_info() raises traced HttpResponseError for identity-based datastores</issue_title>
<issue_description>### what
When using download_artifact_from_aml_uri() with a datastore configured for identity-based access (no stored credentials), the SDK internally raises an HttpResponseError that gets caught and handled correctly, but the exception is still captured by OpenTelemetry tracing. This causes noisy error traces in Application Insights even though the operation succeeds.

To Reproduce

Configure an Azure ML datastore with identity-based access (no account key or SAS token stored)
Enable OpenTelemetry tracing (e.g., via azure-monitor-opentelemetry)
Download an artifact using download_artifact_from_aml_uri()

from azure.ai.ml import MLClient
import azure.ai.ml._artifacts._artifact_utilities as artifact_utils

ml_client = MLClient(DefaultAzureCredential(), subscription_id, resource_group, workspace)
artifact_utils.download_artifact_from_aml_uri(
    uri="azureml://subscriptions/.../datastores/mystore/paths/data.csv",
    destination="/tmp/output",
    datastore_operation=ml_client.datastores
)

Expected behavior

The download succeeds (which it does), but no exception should appear in traces since this is expected behavior for identity-based datastores.

Actual behavior

The download succeeds, but an exception trace is recorded:

azure.core.exceptions.HttpResponseError: (UserError) No secrets for credentials of type None.
Code: UserError
Message: No secrets for credentials of type None.

Root cause

In _artifact_utilities.py, get_datastore_info() uses a try/except pattern:

try:
    credential = operations._list_secrets(name=name, expirable_secret=True)
    datastore_info["credential"] = credential.sas_token
except HttpResponseError:
    datastore_info["credential"] = operations._credential

Maybe consider one of:

  • Check datastore.credentials type before calling _list_secrets() to avoid the exception entirely
  • Return an empty/null credential from _list_secrets() instead of raising for identity-based datastores

Environment

azure-ai-ml version: 1.30.0
Python version: 3.12
OS: Linux (Azure Container Apps)
Tracing: azure-monitor-opentelemetry</issue_description>

Comments on the Issue (you are @copilot in this section)

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@mohammadsheraj mohammadsheraj marked this pull request as ready for review January 14, 2026 02:46
Copilot AI review requested due to automatic review settings January 14, 2026 02:46
Copilot AI reviewed Jan 14, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

@mohammadsheraj mohammadsheraj marked this pull request as draft January 14, 2026 02:49
Copilot AI and others added 2 commits January 14, 2026 02:53
@mohammadsheraj
Fix HttpResponseError tracing for identity-based datastores
0ff245a 
- Check if datastore uses NoneCredentialConfiguration before calling _list_secrets()
- Avoid unnecessary exception that gets captured by OpenTelemetry tracing
- Add unit tests for get_datastore_info with different credential types

Co-authored-by: mohammadsheraj <[email protected]>
@mohammadsheraj
Fix trailing whitespace in test file
74c1ee1 
Co-authored-by: mohammadsheraj <[email protected]>
Copilot AI changed the title [WIP] Fix HttpResponseError tracing for identity-based datastores Fix traced HttpResponseError for identity-based datastores Jan 14, 2026
Copilot AI requested a review from mohammadsheraj January 14, 2026 02:57
@happywhaler
Copy link

happywhaler commented Jan 19, 2026

hey @mohammadsheraj thanks for picking this up! will copilot get back to complete this PR? 😇

@mohammadsheraj
Copy link

mohammadsheraj commented Jan 19, 2026

hey @mohammadsheraj thanks for picking this up! will copilot get back to complete this PR? 😇

Adding the current DRI @PratibhaShrivastav18

@happywhaler
Copy link

happywhaler commented Jan 25, 2026

so close 😢

@mohammadsheraj mohammadsheraj removed their assignment Jan 25, 2026
@mohammadsheraj
Copy link

mohammadsheraj commented Jan 25, 2026

Sorry I did not mean to close the issue. Reopened.

@happywhaler
Copy link

happywhaler commented Jan 28, 2026

look almost there. thank you for pushing this :) sorry for nagging

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mohammadsheraj mohammadsheraj Awaiting requested review from mohammadsheraj

@achauhan-scc achauhan-scc Awaiting requested review from achauhan-scc achauhan-scc will be requested when the pull request is marked ready for review achauhan-scc is a code owner

@arunsu arunsu Awaiting requested review from arunsu arunsu will be requested when the pull request is marked ready for review arunsu is a code owner

@jayesh-tanna jayesh-tanna Awaiting requested review from jayesh-tanna jayesh-tanna will be requested when the pull request is marked ready for review jayesh-tanna is a code owner

@JustinFirsching JustinFirsching Awaiting requested review from JustinFirsching JustinFirsching will be requested when the pull request is marked ready for review JustinFirsching is a code owner

@kingernupur kingernupur Awaiting requested review from kingernupur kingernupur will be requested when the pull request is marked ready for review kingernupur is a code owner

@nick863 nick863 Awaiting requested review from nick863 nick863 will be requested when the pull request is marked ready for review nick863 is a code owner

@NonStatic2014 NonStatic2014 Awaiting requested review from NonStatic2014 NonStatic2014 will be requested when the pull request is marked ready for review NonStatic2014 is a code owner

@novaturient95 novaturient95 Awaiting requested review from novaturient95 novaturient95 will be requested when the pull request is marked ready for review novaturient95 is a code owner

@raduk raduk Awaiting requested review from raduk raduk will be requested when the pull request is marked ready for review raduk is a code owner

@rtanase rtanase Awaiting requested review from rtanase rtanase will be requested when the pull request is marked ready for review rtanase is a code owner

@sharma-riti sharma-riti Awaiting requested review from sharma-riti sharma-riti will be requested when the pull request is marked ready for review sharma-riti is a code owner

@vivram vivram Awaiting requested review from vivram vivram will be requested when the pull request is marked ready for review vivram is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

azure-ai-ml get_datastore_info() raises traced HttpResponseError for identity-based datastores

4 participants

@happywhaler @mohammadsheraj