Merge branch 'main' into jahnvi/ghissue_203

Author: jahnvi480

OneBranchPipelines/stress-test-pipeline.yml

@@ -0,0 +1,87 @@
+"""
+Benchmark: Credential Instance Caching for Azure AD Authentication
+
+Measures the performance difference between:
+  1. Creating a new DefaultAzureCredential + get_token() each call (old behavior)
+  2. Reusing a cached DefaultAzureCredential instance (new behavior)
+
+Prerequisites:
+  - pip install azure-identity azure-core
+  - az login  (for AzureCliCredential to work)
+
+Usage:
+  python benchmarks/bench_credential_cache.py
+"""
+
+from __future__ import annotations
+
+import time
+import statistics
+
+
+def bench_no_cache(n: int) -> list[float]:
+    """Simulate the OLD behavior: new credential per call."""
+    from azure.identity import DefaultAzureCredential
+
+    times = []
+    for _ in range(n):
+        start = time.perf_counter()
+        cred = DefaultAzureCredential()
+        cred.get_token("https://database.windows.net/.default")
+        times.append(time.perf_counter() - start)
+    return times
+
+
+def bench_with_cache(n: int) -> list[float]:
+    """Simulate the NEW behavior: reuse a single credential instance."""
+    from azure.identity import DefaultAzureCredential
+
+    cred = DefaultAzureCredential()
+    times = []
+    for _ in range(n):
+        start = time.perf_counter()
+        cred.get_token("https://database.windows.net/.default")
+        times.append(time.perf_counter() - start)
+    return times
+
+
+def report(label: str, times: list[float]) -> None:
+    print(f"\n{'=' * 50}")
+    print(f"  {label}")
+    print(f"{'=' * 50}")
+    print(f"  Calls:   {len(times)}")
+    print(f"  Total:   {sum(times):.3f}s")
+    print(f"  Mean:    {statistics.mean(times) * 1000:.1f}ms")
+    print(f"  Median:  {statistics.median(times) * 1000:.1f}ms")
+    print(f"  Stdev:   {statistics.stdev(times) * 1000:.1f}ms" if len(times) > 1 else "")
+    print(f"  Min:     {min(times) * 1000:.1f}ms")
+    print(f"  Max:     {max(times) * 1000:.1f}ms")
+
+
+def main() -> None:
+    N = 10  # number of calls to benchmark
+
+    print("Credential Instance Cache Benchmark")
+    print(f"Running {N} sequential token acquisitions for each scenario...\n")
+
+    try:
+        print(">>> Without cache (new credential each call)...")
+        no_cache_times = bench_no_cache(N)
+        report("WITHOUT credential cache (old behavior)", no_cache_times)
+
+        print("\n>>> With cache (reuse credential instance)...")
+        cache_times = bench_with_cache(N)
+        report("WITH credential cache (new behavior)", cache_times)
+
+        speedup = statistics.mean(no_cache_times) / statistics.mean(cache_times)
+        saved = (statistics.mean(no_cache_times) - statistics.mean(cache_times)) * 1000
+        print(f"\n{'=' * 50}")
+        print(f"  SPEEDUP: {speedup:.1f}x  ({saved:.0f}ms saved per call)")
+        print(f"{'=' * 50}")
+    except Exception as e:
+        print(f"\nBenchmark failed: {e}")
+        print("Make sure you are logged in via 'az login' and have azure-identity installed.")
+
+
+if __name__ == "__main__":
+    main()

benchmarks/bench_credential_cache.py

@@ -293,6 +293,221 @@ def _cleanup_connections():
     SQL_IC_MIXED,
 )
 
+__all__ = [
+    # Exception classes
+    "Warning",
+    "Error",
+    "InterfaceError",
+    "DatabaseError",
+    "DataError",
+    "OperationalError",
+    "IntegrityError",
+    "InternalError",
+    "ProgrammingError",
+    "NotSupportedError",
+    "ConnectionStringParseError",
+    # Type objects and functions
+    "Date",
+    "Time",
+    "Timestamp",
+    "DateFromTicks",
+    "TimeFromTicks",
+    "TimestampFromTicks",
+    "Binary",
+    "STRING",
+    "BINARY",
+    "NUMBER",
+    "DATETIME",
+    "ROWID",
+    # Connection and cursor classes
+    "connect",
+    "Connection",
+    "Cursor",
+    "Row",
+    # Settings
+    "Settings",
+    "get_settings",
+    # Logging
+    "logger",
+    "setup_logging",
+    "driver_logger",
+    # Decimal functions
+    "setDecimalSeparator",
+    "getDecimalSeparator",
+    # Pooling
+    "pooling",
+    "PoolingManager",
+    # Constants - Enum classes
+    "AuthType",
+    "SQLTypes",
+    "get_info_constants",
+    # SQL Type constants
+    "SQL_CHAR",
+    "SQL_VARCHAR",
+    "SQL_LONGVARCHAR",
+    "SQL_WCHAR",
+    "SQL_WVARCHAR",
+    "SQL_WLONGVARCHAR",
+    "SQL_DECIMAL",
+    "SQL_NUMERIC",
+    "SQL_BIT",
+    "SQL_TINYINT",
+    "SQL_SMALLINT",
+    "SQL_INTEGER",
+    "SQL_BIGINT",
+    "SQL_REAL",
+    "SQL_FLOAT",
+    "SQL_DOUBLE",
+    "SQL_BINARY",
+    "SQL_VARBINARY",
+    "SQL_LONGVARBINARY",
+    "SQL_DATE",
+    "SQL_TIME",
+    "SQL_TIMESTAMP",
+    "SQL_TYPE_DATE",
+    "SQL_TYPE_TIME",
+    "SQL_TYPE_TIMESTAMP",
+    "SQL_GUID",
+    "SQL_XML",
+    # Connection attribute constants
+    "SQL_ATTR_ACCESS_MODE",
+    "SQL_ATTR_CONNECTION_TIMEOUT",
+    "SQL_ATTR_CURRENT_CATALOG",
+    "SQL_ATTR_LOGIN_TIMEOUT",
+    "SQL_ATTR_PACKET_SIZE",
+    "SQL_ATTR_TXN_ISOLATION",
+    # Transaction isolation levels
+    "SQL_TXN_READ_UNCOMMITTED",
+    "SQL_TXN_READ_COMMITTED",
+    "SQL_TXN_REPEATABLE_READ",
+    "SQL_TXN_SERIALIZABLE",
+    # Access modes
+    "SQL_MODE_READ_WRITE",
+    "SQL_MODE_READ_ONLY",
+    # Special constants
+    "SQL_WMETADATA",
+    # GetInfo constants
+    "SQL_DRIVER_NAME",
+    "SQL_DRIVER_VER",
+    "SQL_DRIVER_ODBC_VER",
+    "SQL_DRIVER_HLIB",
+    "SQL_DRIVER_HENV",
+    "SQL_DRIVER_HDBC",
+    "SQL_DATA_SOURCE_NAME",
+    "SQL_DATABASE_NAME",
+    "SQL_SERVER_NAME",
+    "SQL_USER_NAME",
+    "SQL_SQL_CONFORMANCE",
+    "SQL_KEYWORDS",
+    "SQL_IDENTIFIER_CASE",
+    "SQL_IDENTIFIER_QUOTE_CHAR",
+    "SQL_SPECIAL_CHARACTERS",
+    "SQL_SQL92_ENTRY_SQL",
+    "SQL_SQL92_INTERMEDIATE_SQL",
+    "SQL_SQL92_FULL_SQL",
+    "SQL_SUBQUERIES",
+    "SQL_EXPRESSIONS_IN_ORDERBY",
+    "SQL_CORRELATION_NAME",
+    "SQL_SEARCH_PATTERN_ESCAPE",
+    "SQL_CATALOG_TERM",
+    "SQL_CATALOG_NAME_SEPARATOR",
+    "SQL_SCHEMA_TERM",
+    "SQL_TABLE_TERM",
+    "SQL_PROCEDURES",
+    "SQL_ACCESSIBLE_TABLES",
+    "SQL_ACCESSIBLE_PROCEDURES",
+    "SQL_CATALOG_NAME",
+    "SQL_CATALOG_USAGE",
+    "SQL_SCHEMA_USAGE",
+    "SQL_COLUMN_ALIAS",
+    "SQL_DESCRIBE_PARAMETER",
+    "SQL_TXN_CAPABLE",
+    "SQL_TXN_ISOLATION_OPTION",
+    "SQL_DEFAULT_TXN_ISOLATION",
+    "SQL_MULTIPLE_ACTIVE_TXN",
+    "SQL_TXN_ISOLATION_LEVEL",
+    "SQL_NUMERIC_FUNCTIONS",
+    "SQL_STRING_FUNCTIONS",
+    "SQL_DATETIME_FUNCTIONS",
+    "SQL_SYSTEM_FUNCTIONS",
+    "SQL_CONVERT_FUNCTIONS",
+    "SQL_LIKE_ESCAPE_CLAUSE",
+    "SQL_MAX_COLUMN_NAME_LEN",
+    "SQL_MAX_TABLE_NAME_LEN",
+    "SQL_MAX_SCHEMA_NAME_LEN",
+    "SQL_MAX_CATALOG_NAME_LEN",
+    "SQL_MAX_IDENTIFIER_LEN",
+    "SQL_MAX_STATEMENT_LEN",
+    "SQL_MAX_CHAR_LITERAL_LEN",
+    "SQL_MAX_BINARY_LITERAL_LEN",
+    "SQL_MAX_COLUMNS_IN_TABLE",
+    "SQL_MAX_COLUMNS_IN_SELECT",
+    "SQL_MAX_COLUMNS_IN_GROUP_BY",
+    "SQL_MAX_COLUMNS_IN_ORDER_BY",
+    "SQL_MAX_COLUMNS_IN_INDEX",
+    "SQL_MAX_TABLES_IN_SELECT",
+    "SQL_MAX_CONCURRENT_ACTIVITIES",
+    "SQL_MAX_DRIVER_CONNECTIONS",
+    "SQL_MAX_ROW_SIZE",
+    "SQL_MAX_USER_NAME_LEN",
+    "SQL_ACTIVE_CONNECTIONS",
+    "SQL_ACTIVE_STATEMENTS",
+    "SQL_DATA_SOURCE_READ_ONLY",
+    "SQL_NEED_LONG_DATA_LEN",
+    "SQL_GETDATA_EXTENSIONS",
+    "SQL_CURSOR_COMMIT_BEHAVIOR",
+    "SQL_CURSOR_ROLLBACK_BEHAVIOR",
+    "SQL_CURSOR_SENSITIVITY",
+    "SQL_BOOKMARK_PERSISTENCE",
+    "SQL_DYNAMIC_CURSOR_ATTRIBUTES1",
+    "SQL_DYNAMIC_CURSOR_ATTRIBUTES2",
+    "SQL_FORWARD_ONLY_CURSOR_ATTRIBUTES1",
+    "SQL_FORWARD_ONLY_CURSOR_ATTRIBUTES2",
+    "SQL_STATIC_CURSOR_ATTRIBUTES1",
+    "SQL_STATIC_CURSOR_ATTRIBUTES2",
+    "SQL_KEYSET_CURSOR_ATTRIBUTES1",
+    "SQL_KEYSET_CURSOR_ATTRIBUTES2",
+    "SQL_SCROLL_OPTIONS",
+    "SQL_SCROLL_CONCURRENCY",
+    "SQL_FETCH_DIRECTION",
+    "SQL_ROWSET_SIZE",
+    "SQL_CONCURRENCY",
+    "SQL_ROW_NUMBER",
+    "SQL_STATIC_SENSITIVITY",
+    "SQL_BATCH_SUPPORT",
+    "SQL_BATCH_ROW_COUNT",
+    "SQL_PARAM_ARRAY_ROW_COUNTS",
+    "SQL_PARAM_ARRAY_SELECTS",
+    "SQL_PROCEDURE_TERM",
+    "SQL_POSITIONED_STATEMENTS",
+    "SQL_GROUP_BY",
+    "SQL_OJ_CAPABILITIES",
+    "SQL_ORDER_BY_COLUMNS_IN_SELECT",
+    "SQL_OUTER_JOINS",
+    "SQL_QUOTED_IDENTIFIER_CASE",
+    "SQL_CONCAT_NULL_BEHAVIOR",
+    "SQL_NULL_COLLATION",
+    "SQL_ALTER_TABLE",
+    "SQL_UNION",
+    "SQL_DDL_INDEX",
+    "SQL_MULT_RESULT_SETS",
+    "SQL_OWNER_USAGE",
+    "SQL_QUALIFIER_USAGE",
+    "SQL_TIMEDATE_ADD_INTERVALS",
+    "SQL_TIMEDATE_DIFF_INTERVALS",
+    "SQL_IC_UPPER",
+    "SQL_IC_LOWER",
+    "SQL_IC_SENSITIVE",
+    "SQL_IC_MIXED",
+    # API level globals
+    "apilevel",
+    "paramstyle",
+    "threadsafety",
+    # Module properties
+    "lowercase",
+    "native_uuid",
+]
+
 
 def pooling(max_size: int = 100, idle_timeout: int = 600, enabled: bool = True) -> None:
     """

mssql_python/__init__.py

@@ -6,11 +6,19 @@
 
 import platform
 import struct
+import threading
 from typing import Tuple, Dict, Optional, List
 
 from mssql_python.logging import logger
 from mssql_python.constants import AuthType, ConstantsDDBC
 
+# Module-level credential instance cache.
+# Reusing credential objects allows the Azure Identity SDK's built-in
+# in-memory token cache to work, avoiding redundant token acquisitions.
+# See: https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/identity/azure-identity/TOKEN_CACHING.md
+_credential_cache: Dict[str, object] = {}
+_credential_cache_lock = threading.Lock()
+
 
 class AADAuth:
     """Handles Azure Active Directory authentication"""
@@ -36,12 +44,11 @@ def get_token(auth_type: str) -> bytes:
 
     @staticmethod
     def get_raw_token(auth_type: str) -> str:
-        """Acquire a fresh raw JWT for the mssql-py-core connection (bulk copy).
+        """Acquire a raw JWT for the mssql-py-core connection (bulk copy).
 
-        This deliberately does NOT cache the credential or token — each call
-        creates a new Azure Identity credential instance and requests a token.
-        A fresh acquisition avoids expired-token errors when bulkcopy() is
-        called long after the original DDBC connect().
+        Uses the cached credential instance so the Azure Identity SDK's
+        built-in token cache can serve a valid token without a round-trip
+        when the previous token has not yet expired.
         """
         _, raw_token = AADAuth._acquire_token(auth_type)
         return raw_token
@@ -83,7 +90,19 @@ def _acquire_token(auth_type: str) -> Tuple[bytes, str]:
         )
 
         try:
-            credential = credential_class()
+            with _credential_cache_lock:
+                if auth_type not in _credential_cache:
+                    logger.debug(
+                        "get_token: Creating new credential instance for auth_type=%s",
+                        auth_type,
+                    )
+                    _credential_cache[auth_type] = credential_class()
+                else:
+                    logger.debug(
+                        "get_token: Reusing cached credential instance for auth_type=%s",
+                        auth_type,
+                    )
+                credential = _credential_cache[auth_type]
             raw_token = credential.get_token("https://database.windows.net/.default").token
             logger.info(
                 "get_token: Azure AD token acquired successfully - token_length=%d chars",

mssql_python/auth.py

@@ -2852,6 +2852,10 @@ def bulkcopy(
                     f"for auth_type '{self.connection._auth_type}': {e}"
                 ) from e
             pycore_context["access_token"] = raw_token
+            # Token replaces credential fields — py-core's validator rejects
+            # access_token combined with authentication/user_name/password.
+            for key in ("authentication", "user_name", "password"):
+                pycore_context.pop(key, None)
             logger.debug(
                 "Bulk copy: acquired fresh Azure AD token for auth_type=%s",
                 self.connection._auth_type,