use env vars as default value (Azure#29632)

* use env vars as default value

* updates

* update

* update

Author: xiangyan99

sdk/identity/azure-identity/azure/identity/_credentials/workload_identity.py

@@ -2,10 +2,13 @@
 # Copyright (c) Microsoft Corporation.
 # Licensed under the MIT License.
 # ------------------------------------
+import os
 import time
 from typing import Any
+from typing import Optional
 
 from .client_assertion import ClientAssertionCredential
+from .._constants import EnvironmentVariables
 
 
 class TokenFileMixin:
@@ -33,18 +36,37 @@ class WorkloadIdentityCredential(ClientAssertionCredential, TokenFileMixin):
     See the `workload identity overview <https://learn.microsoft.com/azure/aks/workload-identity-overview>`_
     for more information.
 
-    :param str tenant_id: ID of the application's Azure Active Directory tenant. Also called its "directory" ID.
-    :param str client_id: The client ID of an Azure AD app registration.
-    :param str file: The path to a file containing a Kubernetes service account token that authenticates the identity.
+    :keyword str tenant_id: ID of the application's Azure Active Directory tenant. Also called its "directory" ID.
+    :keyword str client_id: The client ID of an Azure AD app registration.
+    :keyword str file: The path to a file containing a Kubernetes service account token that authenticates the identity.
     """
 
     def __init__(
             self,
-            tenant_id: str,
-            client_id: str,
-            file: str,
+            *,
+            tenant_id: Optional[str] = None,
+            client_id: Optional[str] = None,
+            file: Optional[str] = None,
             **kwargs: Any
     ) -> None:
+        tenant_id = tenant_id or os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)
+        client_id = client_id or os.environ.get(EnvironmentVariables.AZURE_CLIENT_ID)
+        file = file or os.environ.get(EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE)
+        if not tenant_id:
+            raise ValueError(
+                "'tenant_id' is required. Please pass it in or set the "
+                f"{EnvironmentVariables.AZURE_TENANT_ID} environment variable"
+            )
+        if not client_id:
+            raise ValueError(
+                "'client_id' is required. Please pass it in or set the "
+                f"{EnvironmentVariables.AZURE_CLIENT_ID} environment variable"
+            )
+        if not file:
+            raise ValueError(
+                "'file' is required. Please pass it in or set the "
+                f"{EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE} environment variable"
+            )
         super(WorkloadIdentityCredential, self).__init__(
             tenant_id=tenant_id,
             client_id=client_id,

sdk/identity/azure-identity/azure/identity/aio/_credentials/workload_identity.py

@@ -2,21 +2,48 @@
 # Copyright (c) Microsoft Corporation.
 # Licensed under the MIT License.
 # ------------------------------------
-from typing import Any
+import os
+from typing import Any, Optional
 from .client_assertion import ClientAssertionCredential
 from ..._credentials.workload_identity import TokenFileMixin
+from ..._constants import EnvironmentVariables
 
 
 class WorkloadIdentityCredential(ClientAssertionCredential, TokenFileMixin):
     """WorkloadIdentityCredential supports Azure workload identity on Kubernetes.
     See the `workload identity overview <https://learn.microsoft.com/azure/aks/workload-identity-overview>`_
     for more information.
 
-    :param str tenant_id: ID of the application's Azure Active Directory tenant. Also called its "directory" ID.
-    :param str client_id: The client ID of an Azure AD app registration.
-    :param str file: The path to a file containing a Kubernetes service account token that authenticates the identity.
+    :keyword str tenant_id: ID of the application's Azure Active Directory tenant. Also called its "directory" ID.
+    :keyword str client_id: The client ID of an Azure AD app registration.
+    :keyword str file: The path to a file containing a Kubernetes service account token that authenticates the identity.
     """
-    def __init__(self, tenant_id: str, client_id: str, file: str, **kwargs: Any) -> None:
+    def __init__(
+            self,
+            *,
+            tenant_id: Optional[str] = None,
+            client_id: Optional[str] = None,
+            file: Optional[str] = None,
+            **kwargs: Any
+    ) -> None:
+        tenant_id = tenant_id or os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)
+        client_id = client_id or os.environ.get(EnvironmentVariables.AZURE_CLIENT_ID)
+        file = file or os.environ.get(EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE)
+        if not tenant_id:
+            raise ValueError(
+                "'tenant_id' is required. Please pass it in or set the "
+                f"{EnvironmentVariables.AZURE_TENANT_ID} environment variable"
+            )
+        if not client_id:
+            raise ValueError(
+                "'client_id' is required. Please pass it in or set the "
+                f"{EnvironmentVariables.AZURE_CLIENT_ID} environment variable"
+            )
+        if not file:
+            raise ValueError(
+                "'file' is required. Please pass it in or set the "
+                f"{EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE} environment variable"
+            )
         super().__init__(
             tenant_id=tenant_id,
             client_id=client_id,