Updated value of `anon` to be `False` by anjaliratnam-msft · Pull Request #540 · fsspec/adlfs

anjaliratnam-msft · 2026-03-02T17:41:18Z

We are updating the default value of anon to be False which means that anonymous authentication will not be used unless anon=True is explicitly passed in when instantiating AzureBlobFileSystem. DefaultAzureCredentials will now become the default authentication method. This resolves #348.

kyleknap

Looks good! I just had some smaller feedback.

adlfs/spec.py

CHANGELOG.md

README.md

adlfs/spec.py

adlfs/tests/test_spec.py

nateprewitt

A few thoughts/nits but this looks good overall! I think it's important we make it clearer how to get back to the old behavior since users may not be invoking adlfs directly.

adlfs/spec.py

CHANGELOG.md

adlfs/tests/test_spec.py

README.md

kyleknap

This is looking good. I just had some smaller follow up comments/suggestions.

README.md

adlfs/spec.py

adlfs/tests/test_spec.py

anjaliratnam-msft · 2026-04-02T18:20:37Z

For the edge case of adding the SAS token to the account host, I tried it and it gives a ClientAuthenticationError, so I don't think it will be an issue.

kyleknap · 2026-04-08T23:30:35Z

@anjaliratnam-msft I tried adding the SAS token as a query string to account_host as well. I was getting auth errors but that was because the default credentials were getting injected as well and ends up with conflicting auth. When setting it to anon=True, it made the auth work correctly and ended up using the SAS token in the URL.

Looking more into this, while it seems possible that SAS token could be provided to the account_host, I don't think it makes sense to add logic to not inject a default credential for this usage. The intention of the account_host is to provide an escape hatch if <account-name>.blob.core.windows.net is not the host you want to use; it is not intended for full account URLs that can include auth like the SDK supports. This is especially true given there is already a designated sas_token parameter.

If setting anon=True or moving the SAS token to the proper sas_token parameter does not suffice as a workaround, we can consider adding explicit support even though it would require parsing the URL's query string to attempt to detect whether there is a SAS token present, which could be brittle as well.

kyleknap

Looks good to me! Thanks for all of the hard work here! 🚢

anjaliratnam-msft requested review from kyleknap and nateprewitt March 2, 2026 18:53

kyleknap reviewed Mar 7, 2026

View reviewed changes

nateprewitt suggested changes Mar 24, 2026

View reviewed changes

anjaliratnam-msft added 7 commits March 25, 2026 16:55

changed anon default to false

af522f1

fixed tests

0f4212d

linting fixes

d41354c

test fixes

57d5a00

updates

cf9c937

updates

56fea02

updates

85f2ba8

anjaliratnam-msft force-pushed the update-anon-default branch from ec9a4c7 to 85f2ba8 Compare March 25, 2026 23:56

linting fix

63771f9

kyleknap reviewed Mar 26, 2026

View reviewed changes

updates

677d9b7

anjaliratnam-msft added 2 commits April 8, 2026 15:11

updates

33cf627

updates

1286835

kyleknap approved these changes Apr 8, 2026

View reviewed changes

kyleknap merged commit 9da1566 into fsspec:main Apr 8, 2026
8 checks passed

Conversation

anjaliratnam-msft commented Mar 2, 2026

Uh oh!

kyleknap left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

nateprewitt left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

kyleknap left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

anjaliratnam-msft commented Apr 2, 2026

Uh oh!

kyleknap commented Apr 8, 2026

Uh oh!

kyleknap left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants