icechunk.credentials#

Credential types and factory functions for S3, GCS, and Azure.

icechunk.credentials #

Classes:

Name	Description
`AzureCredentials`	Credentials for an azure storage backend
`AzureRefreshableCredential`	A refreshable credential for Azure storage with optional expiration.
`AzureStaticCredentials`	Credentials for an azure storage backend
`GcsBearerCredential`	Credentials for a google cloud storage backend
`GcsCredentials`	Credentials for a google cloud storage backend
`GcsStaticCredentials`	Credentials for a google cloud storage backend
`S3Credentials`	Credentials for an S3 storage backend
`S3StaticCredentials`	Credentials for an S3 storage backend

Functions:

Name	Description
`azure_credentials`	Create credentials Azure Blob Storage object store.
`azure_from_env_credentials`	Instruct Azure Blob Storage object store to fetch credentials from the operative system environment.
`azure_refreshable_credentials`	Create refreshable credentials for Azure Blob Storage object store.
`azure_static_credentials`	Create static credentials Azure Blob Storage object store.
`containers_credentials`	Build a map of credentials for virtual chunk containers.
`gcs_anonymous_credentials`	Create anonymous credentials for Google Cloud Storage object store.
`gcs_credentials`	Create credentials Google Cloud Storage object store.
`gcs_from_env_credentials`	Instruct Google Cloud Storage object store to fetch credentials from the operative system environment.
`gcs_refreshable_credentials`	Create refreshable credentials for Google Cloud Storage object store.
`gcs_static_credentials`	Create static credentials Google Cloud Storage object store.
`s3_anonymous_credentials`	Create no-signature credentials for S3 and S3 compatible object stores.
`s3_credentials`	Create credentials for S3 and S3 compatible object stores.
`s3_from_env_credentials`	Instruct S3 and S3 compatible object stores to gather credentials from the operative system environment.
`s3_refreshable_credentials`	Create refreshable credentials for S3 and S3 compatible object stores.
`s3_static_credentials`	Create static credentials for S3 and S3 compatible object stores.

AzureCredentials #

Credentials for an azure storage backend

This can be used to authenticate with an azure storage backend.

Classes:

Name	Description
`FromEnv`	Uses credentials from environment variables
`Refreshable`	Allows for an outside authority to pass in a function that can be used to provide credentials.
`Static`	Uses azure credentials without expiration

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class AzureCredentials:
    """Credentials for an azure storage backend

    This can be used to authenticate with an azure storage backend.
    """
    class FromEnv:
        """Uses credentials from environment variables"""
        def __new__(cls) -> AzureCredentials.FromEnv: ...

    class Static:
        """Uses azure credentials without expiration"""
        def __new__(
            cls, credentials: _AnyAzureStaticCredential
        ) -> AzureCredentials.Static: ...

    class Refreshable:
        """Allows for an outside authority to pass in a function that can be used to provide credentials.

        This is useful for credentials that have an expiration time, or are otherwise not known ahead of time.
        """
        def __new__(
            cls,
            pickled_function: bytes,
            current: AzureRefreshableCredential | None = None,
        ) -> AzureCredentials.Refreshable: ...

FromEnv #

Uses credentials from environment variables

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class FromEnv:
    """Uses credentials from environment variables"""
    def __new__(cls) -> AzureCredentials.FromEnv: ...

Refreshable #

Allows for an outside authority to pass in a function that can be used to provide credentials.

This is useful for credentials that have an expiration time, or are otherwise not known ahead of time.

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class Refreshable:
    """Allows for an outside authority to pass in a function that can be used to provide credentials.

    This is useful for credentials that have an expiration time, or are otherwise not known ahead of time.
    """
    def __new__(
        cls,
        pickled_function: bytes,
        current: AzureRefreshableCredential | None = None,
    ) -> AzureCredentials.Refreshable: ...

Static #

Uses azure credentials without expiration

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class Static:
    """Uses azure credentials without expiration"""
    def __new__(
        cls, credentials: _AnyAzureStaticCredential
    ) -> AzureCredentials.Static: ...

AzureRefreshableCredential #

A refreshable credential for Azure storage with optional expiration.

Classes:

Name	Description
`AccessKey`	Refreshable access key credential.
`BearerToken`	Refreshable bearer token credential.
`SasToken`	Refreshable SAS token credential.

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class AzureRefreshableCredential:
    """A refreshable credential for Azure storage with optional expiration."""

    class AccessKey:
        """Refreshable access key credential."""
        def __new__(
            cls, key: str, *, expires_after: datetime.datetime | None = None
        ) -> AzureRefreshableCredential.AccessKey: ...

    class SasToken:
        """Refreshable SAS token credential."""
        def __new__(
            cls, token: str, *, expires_after: datetime.datetime | None = None
        ) -> AzureRefreshableCredential.SasToken: ...

    class BearerToken:
        """Refreshable bearer token credential."""
        def __new__(
            cls, bearer: str, *, expires_after: datetime.datetime | None = None
        ) -> AzureRefreshableCredential.BearerToken: ...

AccessKey #

Refreshable access key credential.

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class AccessKey:
    """Refreshable access key credential."""
    def __new__(
        cls, key: str, *, expires_after: datetime.datetime | None = None
    ) -> AzureRefreshableCredential.AccessKey: ...

BearerToken #

Refreshable bearer token credential.

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class BearerToken:
    """Refreshable bearer token credential."""
    def __new__(
        cls, bearer: str, *, expires_after: datetime.datetime | None = None
    ) -> AzureRefreshableCredential.BearerToken: ...

SasToken #

Refreshable SAS token credential.

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class SasToken:
    """Refreshable SAS token credential."""
    def __new__(
        cls, token: str, *, expires_after: datetime.datetime | None = None
    ) -> AzureRefreshableCredential.SasToken: ...

AzureStaticCredentials #

Credentials for an azure storage backend

Classes:

Name	Description
`AccessKey`	Credentials for an azure storage backend using an access key
`BearerToken`	Credentials for an azure storage backend using a bearer token
`SasToken`	Credentials for an azure storage backend using a shared access signature token

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class AzureStaticCredentials:
    """Credentials for an azure storage backend"""
    class AccessKey:
        """Credentials for an azure storage backend using an access key"""
        def __new__(cls, key: str) -> AzureStaticCredentials.AccessKey:
            """Create access key credentials.

            Parameters
            ----------
            key: str
                The access key to use for authentication.
            """
            ...

    class SasToken:
        """Credentials for an azure storage backend using a shared access signature token"""
        def __new__(cls, token: str) -> AzureStaticCredentials.SasToken:
            """Create SAS token credentials.

            Parameters
            ----------
            token: str
                The shared access signature token to use for authentication.
            """
            ...

    class BearerToken:
        """Credentials for an azure storage backend using a bearer token"""
        def __new__(cls, token: str) -> AzureStaticCredentials.BearerToken:
            """Create bearer token credentials.

            Parameters
            ----------
            token: str
                The bearer token to use for authentication.
            """
            ...

AccessKey #

Credentials for an azure storage backend using an access key

Methods:

Name	Description
`__new__`	Create access key credentials.

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class AccessKey:
    """Credentials for an azure storage backend using an access key"""
    def __new__(cls, key: str) -> AzureStaticCredentials.AccessKey:
        """Create access key credentials.

        Parameters
        ----------
        key: str
            The access key to use for authentication.
        """
        ...

new #

__new__(key)

Create access key credentials.

Parameters:

Name	Type	Description	Default
`key`	`str`	The access key to use for authentication.	required

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

def __new__(cls, key: str) -> AzureStaticCredentials.AccessKey:
    """Create access key credentials.

    Parameters
    ----------
    key: str
        The access key to use for authentication.
    """
    ...

BearerToken #

Credentials for an azure storage backend using a bearer token

Methods:

Name	Description
`__new__`	Create bearer token credentials.

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class BearerToken:
    """Credentials for an azure storage backend using a bearer token"""
    def __new__(cls, token: str) -> AzureStaticCredentials.BearerToken:
        """Create bearer token credentials.

        Parameters
        ----------
        token: str
            The bearer token to use for authentication.
        """
        ...

new #

__new__(token)

Create bearer token credentials.

Parameters:

Name	Type	Description	Default
`token`	`str`	The bearer token to use for authentication.	required

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

def __new__(cls, token: str) -> AzureStaticCredentials.BearerToken:
    """Create bearer token credentials.

    Parameters
    ----------
    token: str
        The bearer token to use for authentication.
    """
    ...

SasToken #

Credentials for an azure storage backend using a shared access signature token

Methods:

Name	Description
`__new__`	Create SAS token credentials.

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class SasToken:
    """Credentials for an azure storage backend using a shared access signature token"""
    def __new__(cls, token: str) -> AzureStaticCredentials.SasToken:
        """Create SAS token credentials.

        Parameters
        ----------
        token: str
            The shared access signature token to use for authentication.
        """
        ...

new #

__new__(token)

Create SAS token credentials.

Parameters:

Name	Type	Description	Default
`token`	`str`	The shared access signature token to use for authentication.	required

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

def __new__(cls, token: str) -> AzureStaticCredentials.SasToken:
    """Create SAS token credentials.

    Parameters
    ----------
    token: str
        The shared access signature token to use for authentication.
    """
    ...

GcsBearerCredential #

Credentials for a google cloud storage backend

This is a bearer token that has an expiration time.

Methods:

Name	Description
`__new__`	Create a GcsBearerCredential object

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class GcsBearerCredential:
    """Credentials for a google cloud storage backend

    This is a bearer token that has an expiration time.
    """

    def __new__(
        cls, bearer: str, *, expires_after: datetime.datetime | None = None
    ) -> GcsBearerCredential:
        """Create a GcsBearerCredential object

        Parameters
        ----------
        bearer: str
            The bearer token to use for authentication.
        expires_after: datetime.datetime | None
            The expiration time of the bearer token.
        """

    @property
    def bearer(self) -> str: ...
    @property
    def expires_after(self) -> datetime.datetime | None: ...

new #

__new__(bearer, *, expires_after=None)

Create a GcsBearerCredential object

Parameters:

Name	Type	Description	Default
`bearer`	`str`	The bearer token to use for authentication.	required
`expires_after`	`datetime \| None`	The expiration time of the bearer token.	`None`

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

def __new__(
    cls, bearer: str, *, expires_after: datetime.datetime | None = None
) -> GcsBearerCredential:
    """Create a GcsBearerCredential object

    Parameters
    ----------
    bearer: str
        The bearer token to use for authentication.
    expires_after: datetime.datetime | None
        The expiration time of the bearer token.
    """

GcsCredentials #

Credentials for a google cloud storage backend

This can be used to authenticate with a google cloud storage backend.

Classes:

Name	Description
`Anonymous`	Uses anonymous credentials
`FromEnv`	Uses credentials from environment variables
`Refreshable`	Allows for an outside authority to pass in a function that can be used to provide credentials.
`Static`	Uses gcs credentials without expiration

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class GcsCredentials:
    """Credentials for a google cloud storage backend

    This can be used to authenticate with a google cloud storage backend.
    """
    class Anonymous:
        """Uses anonymous credentials"""
        def __new__(cls) -> GcsCredentials.Anonymous: ...

    class FromEnv:
        """Uses credentials from environment variables"""
        def __new__(cls) -> GcsCredentials.FromEnv: ...

    class Static:
        """Uses gcs credentials without expiration"""
        def __new__(
            cls, credentials: _AnyGcsStaticCredential
        ) -> GcsCredentials.Static: ...

    class Refreshable:
        """Allows for an outside authority to pass in a function that can be used to provide credentials.

        This is useful for credentials that have an expiration time, or are otherwise not known ahead of time.
        """
        def __new__(
            cls, pickled_function: bytes, current: GcsBearerCredential | None = None
        ) -> GcsCredentials.Refreshable: ...

Anonymous #

Uses anonymous credentials

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class Anonymous:
    """Uses anonymous credentials"""
    def __new__(cls) -> GcsCredentials.Anonymous: ...

FromEnv #

Uses credentials from environment variables

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class FromEnv:
    """Uses credentials from environment variables"""
    def __new__(cls) -> GcsCredentials.FromEnv: ...

Refreshable #

Allows for an outside authority to pass in a function that can be used to provide credentials.

This is useful for credentials that have an expiration time, or are otherwise not known ahead of time.

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class Refreshable:
    """Allows for an outside authority to pass in a function that can be used to provide credentials.

    This is useful for credentials that have an expiration time, or are otherwise not known ahead of time.
    """
    def __new__(
        cls, pickled_function: bytes, current: GcsBearerCredential | None = None
    ) -> GcsCredentials.Refreshable: ...

Static #

Uses gcs credentials without expiration

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class Static:
    """Uses gcs credentials without expiration"""
    def __new__(
        cls, credentials: _AnyGcsStaticCredential
    ) -> GcsCredentials.Static: ...

GcsStaticCredentials #

Credentials for a google cloud storage backend

Classes:

Name	Description
`ApplicationCredentials`	Credentials for a google cloud storage backend using application default credentials
`BearerToken`	Credentials for a google cloud storage backend using a bearer token
`ServiceAccount`	Credentials for a google cloud storage backend using a service account json file
`ServiceAccountKey`	Credentials for a google cloud storage backend using a serialized service account key

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class GcsStaticCredentials:
    """Credentials for a google cloud storage backend"""
    class ServiceAccount:
        """Credentials for a google cloud storage backend using a service account json file"""
        def __new__(cls, path: str) -> GcsStaticCredentials.ServiceAccount:
            """Create service account credentials.

            Parameters
            ----------
            path: str
                The path to the service account json file.
            """
            ...

    class ServiceAccountKey:
        """Credentials for a google cloud storage backend using a serialized service account key"""
        def __new__(cls, key: str) -> GcsStaticCredentials.ServiceAccountKey:
            """Create service account key credentials.

            Parameters
            ----------
            key: str
                The serialized service account key.
            """
            ...

    class ApplicationCredentials:
        """Credentials for a google cloud storage backend using application default credentials"""
        def __new__(cls, path: str) -> GcsStaticCredentials.ApplicationCredentials:
            """Create application default credentials.

            Parameters
            ----------
            path: str
                The path to the application default credentials (ADC) file.
            """
            ...

    class BearerToken:
        """Credentials for a google cloud storage backend using a bearer token"""
        def __new__(cls, token: str) -> GcsStaticCredentials.BearerToken:
            """Create bearer token credentials.

            Parameters
            ----------
            token: str
                The bearer token to use for authentication.
            """
            ...

ApplicationCredentials #

Credentials for a google cloud storage backend using application default credentials

Methods:

Name	Description
`__new__`	Create application default credentials.

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class ApplicationCredentials:
    """Credentials for a google cloud storage backend using application default credentials"""
    def __new__(cls, path: str) -> GcsStaticCredentials.ApplicationCredentials:
        """Create application default credentials.

        Parameters
        ----------
        path: str
            The path to the application default credentials (ADC) file.
        """
        ...

new #

__new__(path)

Create application default credentials.

Parameters:

Name	Type	Description	Default
`path`	`str`	The path to the application default credentials (ADC) file.	required

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

def __new__(cls, path: str) -> GcsStaticCredentials.ApplicationCredentials:
    """Create application default credentials.

    Parameters
    ----------
    path: str
        The path to the application default credentials (ADC) file.
    """
    ...

BearerToken #

Credentials for a google cloud storage backend using a bearer token

Methods:

Name	Description
`__new__`	Create bearer token credentials.

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class BearerToken:
    """Credentials for a google cloud storage backend using a bearer token"""
    def __new__(cls, token: str) -> GcsStaticCredentials.BearerToken:
        """Create bearer token credentials.

        Parameters
        ----------
        token: str
            The bearer token to use for authentication.
        """
        ...

new #

__new__(token)

Create bearer token credentials.

Parameters:

Name	Type	Description	Default
`token`	`str`	The bearer token to use for authentication.	required

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

def __new__(cls, token: str) -> GcsStaticCredentials.BearerToken:
    """Create bearer token credentials.

    Parameters
    ----------
    token: str
        The bearer token to use for authentication.
    """
    ...

ServiceAccount #

Credentials for a google cloud storage backend using a service account json file

Methods:

Name	Description
`__new__`	Create service account credentials.

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class ServiceAccount:
    """Credentials for a google cloud storage backend using a service account json file"""
    def __new__(cls, path: str) -> GcsStaticCredentials.ServiceAccount:
        """Create service account credentials.

        Parameters
        ----------
        path: str
            The path to the service account json file.
        """
        ...

new #

__new__(path)

Create service account credentials.

Parameters:

Name	Type	Description	Default
`path`	`str`	The path to the service account json file.	required

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

def __new__(cls, path: str) -> GcsStaticCredentials.ServiceAccount:
    """Create service account credentials.

    Parameters
    ----------
    path: str
        The path to the service account json file.
    """
    ...

ServiceAccountKey #

Credentials for a google cloud storage backend using a serialized service account key

Methods:

Name	Description
`__new__`	Create service account key credentials.

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class ServiceAccountKey:
    """Credentials for a google cloud storage backend using a serialized service account key"""
    def __new__(cls, key: str) -> GcsStaticCredentials.ServiceAccountKey:
        """Create service account key credentials.

        Parameters
        ----------
        key: str
            The serialized service account key.
        """
        ...

new #

__new__(key)

Create service account key credentials.

Parameters:

Name	Type	Description	Default
`key`	`str`	The serialized service account key.	required

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

def __new__(cls, key: str) -> GcsStaticCredentials.ServiceAccountKey:
    """Create service account key credentials.

    Parameters
    ----------
    key: str
        The serialized service account key.
    """
    ...

S3Credentials #

Credentials for an S3 storage backend

Classes:

Name	Description
`Anonymous`	Does not sign requests, useful for public buckets
`FromEnv`	Uses credentials from environment variables
`Refreshable`	Allows for an outside authority to pass in a function that can be used to provide credentials.
`Static`	Uses s3 credentials without expiration

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class S3Credentials:
    """Credentials for an S3 storage backend"""
    class FromEnv:
        """Uses credentials from environment variables"""
        def __new__(cls) -> S3Credentials.FromEnv: ...

    class Anonymous:
        """Does not sign requests, useful for public buckets"""
        def __new__(cls) -> S3Credentials.Anonymous: ...

    class Static:
        """Uses s3 credentials without expiration"""
        def __new__(cls, credentials: S3StaticCredentials) -> S3Credentials.Static:
            """Create static S3 credentials.

            Parameters
            ----------
            credentials: S3StaticCredentials
                The credentials to use for authentication.
            """
            ...

    class Refreshable:
        """Allows for an outside authority to pass in a function that can be used to provide credentials.

        This is useful for credentials that have an expiration time, or are otherwise not known ahead of time.
        """
        def __new__(
            cls, pickled_function: bytes, current: S3StaticCredentials | None = None
        ) -> S3Credentials.Refreshable:
            """Create refreshable S3 credentials.

            Parameters
            ----------
            pickled_function: bytes
                The pickled function to use to provide credentials.
            current: S3StaticCredentials
                The initial credentials. They will be returned the first time credentials
                are requested and then deleted.
            """
            ...

Anonymous #

Does not sign requests, useful for public buckets

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class Anonymous:
    """Does not sign requests, useful for public buckets"""
    def __new__(cls) -> S3Credentials.Anonymous: ...

FromEnv #

Uses credentials from environment variables

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class FromEnv:
    """Uses credentials from environment variables"""
    def __new__(cls) -> S3Credentials.FromEnv: ...

Refreshable #

Allows for an outside authority to pass in a function that can be used to provide credentials.

This is useful for credentials that have an expiration time, or are otherwise not known ahead of time.

Methods:

Name	Description
`__new__`	Create refreshable S3 credentials.

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class Refreshable:
    """Allows for an outside authority to pass in a function that can be used to provide credentials.

    This is useful for credentials that have an expiration time, or are otherwise not known ahead of time.
    """
    def __new__(
        cls, pickled_function: bytes, current: S3StaticCredentials | None = None
    ) -> S3Credentials.Refreshable:
        """Create refreshable S3 credentials.

        Parameters
        ----------
        pickled_function: bytes
            The pickled function to use to provide credentials.
        current: S3StaticCredentials
            The initial credentials. They will be returned the first time credentials
            are requested and then deleted.
        """
        ...

new #

__new__(pickled_function, current=None)

Create refreshable S3 credentials.

Parameters:

Name	Type	Description	Default
`pickled_function`	`bytes`	The pickled function to use to provide credentials.	required
`current`	`S3StaticCredentials \| None`	The initial credentials. They will be returned the first time credentials are requested and then deleted.	`None`

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

def __new__(
    cls, pickled_function: bytes, current: S3StaticCredentials | None = None
) -> S3Credentials.Refreshable:
    """Create refreshable S3 credentials.

    Parameters
    ----------
    pickled_function: bytes
        The pickled function to use to provide credentials.
    current: S3StaticCredentials
        The initial credentials. They will be returned the first time credentials
        are requested and then deleted.
    """
    ...

Static #

Uses s3 credentials without expiration

Methods:

Name	Description
`__new__`	Create static S3 credentials.

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class Static:
    """Uses s3 credentials without expiration"""
    def __new__(cls, credentials: S3StaticCredentials) -> S3Credentials.Static:
        """Create static S3 credentials.

        Parameters
        ----------
        credentials: S3StaticCredentials
            The credentials to use for authentication.
        """
        ...

new #

__new__(credentials)

Create static S3 credentials.

Parameters:

Name	Type	Description	Default
`credentials`	`S3StaticCredentials`	The credentials to use for authentication.	required

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

def __new__(cls, credentials: S3StaticCredentials) -> S3Credentials.Static:
    """Create static S3 credentials.

    Parameters
    ----------
    credentials: S3StaticCredentials
        The credentials to use for authentication.
    """
    ...

S3StaticCredentials #

Credentials for an S3 storage backend

Attributes: access_key_id: str The access key ID to use for authentication. secret_access_key: str The secret access key to use for authentication. session_token: str | None The session token to use for authentication. expires_after: datetime.datetime | None Optional, the expiration time of the credentials.

Methods:

Name	Description
`__new__`	Create a new `S3StaticCredentials` object

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

class S3StaticCredentials:
    """Credentials for an S3 storage backend

    Attributes:
        access_key_id: str
            The access key ID to use for authentication.
        secret_access_key: str
            The secret access key to use for authentication.
        session_token: str | None
            The session token to use for authentication.
        expires_after: datetime.datetime | None
            Optional, the expiration time of the credentials.
    """

    access_key_id: str
    secret_access_key: str
    session_token: str | None
    expires_after: datetime.datetime | None

    def __new__(
        cls,
        access_key_id: str,
        secret_access_key: str,
        session_token: str | None = None,
        expires_after: datetime.datetime | None = None,
    ) -> S3StaticCredentials:
        """
        Create a new `S3StaticCredentials` object

        Parameters
        ----------
        access_key_id: str
            The access key ID to use for authentication.
        secret_access_key: str
            The secret access key to use for authentication.
        session_token: str | None
            Optional, the session token to use for authentication.
        expires_after: datetime.datetime | None
            Optional, the expiration time of the credentials.
        """
        ...

new #

__new__(
    access_key_id,
    secret_access_key,
    session_token=None,
    expires_after=None,
)

Create a new S3StaticCredentials object

Parameters:

Name	Type	Description	Default
`access_key_id`	`str`	The access key ID to use for authentication.	required
`secret_access_key`	`str`	The secret access key to use for authentication.	required
`session_token`	`str \| None`	Optional, the session token to use for authentication.	`None`
`expires_after`	`datetime \| None`	Optional, the expiration time of the credentials.	`None`

Source code in icechunk-python/python/icechunk/_icechunk_python.pyi

def __new__(
    cls,
    access_key_id: str,
    secret_access_key: str,
    session_token: str | None = None,
    expires_after: datetime.datetime | None = None,
) -> S3StaticCredentials:
    """
    Create a new `S3StaticCredentials` object

    Parameters
    ----------
    access_key_id: str
        The access key ID to use for authentication.
    secret_access_key: str
        The secret access key to use for authentication.
    session_token: str | None
        Optional, the session token to use for authentication.
    expires_after: datetime.datetime | None
        Optional, the expiration time of the credentials.
    """
    ...

azure_credentials #

azure_credentials(
    *,
    access_key=None,
    sas_token=None,
    bearer_token=None,
    from_env=None,
    get_credentials=None,
    scatter_initial_credentials=False,
)

Create credentials Azure Blob Storage object store.

If all arguments are None, credentials are fetched from the operative system environment.

Source code in icechunk-python/python/icechunk/credentials.py

def azure_credentials(
    *,
    access_key: str | None = None,
    sas_token: str | None = None,
    bearer_token: str | None = None,
    from_env: bool | None = None,
    get_credentials: Callable[[], AzureRefreshableCredential] | None = None,
    scatter_initial_credentials: bool = False,
) -> AnyAzureCredential:
    """Create credentials Azure Blob Storage object store.

    If all arguments are None, credentials are fetched from the operative system environment.
    """
    if get_credentials is not None:
        return azure_refreshable_credentials(
            get_credentials,
            scatter_initial_credentials=scatter_initial_credentials,
        )

    if (from_env is None or from_env) and (
        access_key is None and sas_token is None and bearer_token is None
    ):
        return azure_from_env_credentials()

    if (access_key is not None or sas_token is not None or bearer_token is not None) and (
        from_env is None or not from_env
    ):
        return AzureCredentials.Static(
            azure_static_credentials(
                access_key=access_key,
                sas_token=sas_token,
                bearer_token=bearer_token,
            )
        )

    raise ValueError("Conflicting arguments to azure_credentials function")

azure_from_env_credentials #

azure_from_env_credentials()

Instruct Azure Blob Storage object store to fetch credentials from the operative system environment.

Source code in icechunk-python/python/icechunk/credentials.py

def azure_from_env_credentials() -> AzureCredentials.FromEnv:
    """Instruct Azure Blob Storage object store to fetch credentials from the operative system environment."""
    return AzureCredentials.FromEnv()

azure_refreshable_credentials #

azure_refreshable_credentials(
    get_credentials, scatter_initial_credentials=False
)

Create refreshable credentials for Azure Blob Storage object store.

Parameters:

Name	Type	Description	Default
`get_credentials`	`Callable[[], AzureRefreshableCredential]`	Use this function to get and refresh the credentials. The function must be picklable.	required
`scatter_initial_credentials`	`bool`	Immediately call and store the value returned by get_credentials. This is useful if the repo or session will be pickled to generate many copies. Passing scatter_initial_credentials=True will ensure all those copies don't need to call get_credentials immediately. After the initial set of credentials has expired, the cached value is no longer used. Notice that credentials obtained are stored, and they can be sent over the network if you pickle the session/repo.	`False`

Source code in icechunk-python/python/icechunk/credentials.py

def azure_refreshable_credentials(
    get_credentials: Callable[[], AzureRefreshableCredential],
    scatter_initial_credentials: bool = False,
) -> AzureCredentials.Refreshable:
    """Create refreshable credentials for Azure Blob Storage object store.

    Parameters
    ----------
    get_credentials: Callable[[], AzureRefreshableCredential]
        Use this function to get and refresh the credentials. The function must be picklable.
    scatter_initial_credentials: bool, optional
        Immediately call and store the value returned by get_credentials. This is useful if the
        repo or session will be pickled to generate many copies. Passing scatter_initial_credentials=True will
        ensure all those copies don't need to call get_credentials immediately. After the initial
        set of credentials has expired, the cached value is no longer used. Notice that credentials
        obtained are stored, and they can be sent over the network if you pickle the session/repo.
    """

    current = get_credentials() if scatter_initial_credentials else None
    return AzureCredentials.Refreshable(pickle.dumps(get_credentials), current)

azure_static_credentials #

azure_static_credentials(
    *, access_key=None, sas_token=None, bearer_token=None
)

Create static credentials Azure Blob Storage object store.

Source code in icechunk-python/python/icechunk/credentials.py

def azure_static_credentials(
    *,
    access_key: str | None = None,
    sas_token: str | None = None,
    bearer_token: str | None = None,
) -> AnyAzureStaticCredential:
    """Create static credentials Azure Blob Storage object store."""
    if [access_key, sas_token, bearer_token].count(None) != 2:
        raise ValueError("Conflicting arguments to azure_static_credentials function")
    if access_key is not None:
        return AzureStaticCredentials.AccessKey(access_key)
    if sas_token is not None:
        return AzureStaticCredentials.SasToken(sas_token)
    if bearer_token is not None:
        return AzureStaticCredentials.BearerToken(bearer_token)
    raise ValueError(
        "No valid static credential provided for Azure Blob Storage object store"
    )

containers_credentials #

containers_credentials(m)

Build a map of credentials for virtual chunk containers.

Parameters:

Name	Type	Description	Default
`m`	`Mapping[str, AnyS3Credential \| AnyGcsCredential \| AnyAzureCredential \| None]`	A mapping from container url prefixes to credentials.	required

Examples:

import icechunk as ic

config = ic.RepositoryConfig.default()
config.inline_chunk_threshold_bytes = 512

virtual_store_config = ic.s3_store(
    region="us-east-1",
    endpoint_url="http://localhost:4200",
    allow_http=True,
    s3_compatible=True,
    force_path_style=True,
)
container = ic.VirtualChunkContainer("s3://somebucket", virtual_store_config)
config.set_virtual_chunk_container(container)
credentials = ic.containers_credentials(
    {"s3://somebucket": ic.s3_credentials(access_key_id="ACCESS_KEY", secret_access_key="SECRET"}
)

repo = ic.Repository.create(
    storage=ic.local_filesystem_storage(store_path),
    config=config,
    authorize_virtual_chunk_access=credentials,
)

Source code in icechunk-python/python/icechunk/credentials.py

def containers_credentials(
    m: Mapping[str, AnyS3Credential | AnyGcsCredential | AnyAzureCredential | None],
) -> dict[str, AnyCredential | None]:
    """Build a map of credentials for virtual chunk containers.

    Parameters
    ----------
    m: Mapping[str, AnyS3Credential | AnyGcsCredential | AnyAzureCredential ]
        A mapping from container url prefixes to credentials.

    Examples
    --------
    ```python
    import icechunk as ic

    config = ic.RepositoryConfig.default()
    config.inline_chunk_threshold_bytes = 512

    virtual_store_config = ic.s3_store(
        region="us-east-1",
        endpoint_url="http://localhost:4200",
        allow_http=True,
        s3_compatible=True,
        force_path_style=True,
    )
    container = ic.VirtualChunkContainer("s3://somebucket", virtual_store_config)
    config.set_virtual_chunk_container(container)
    credentials = ic.containers_credentials(
        {"s3://somebucket": ic.s3_credentials(access_key_id="ACCESS_KEY", secret_access_key="SECRET"}
    )

    repo = ic.Repository.create(
        storage=ic.local_filesystem_storage(store_path),
        config=config,
        authorize_virtual_chunk_access=credentials,
    )
    ```

    """
    res: dict[str, AnyCredential | None] = {}
    for name, cred in m.items():
        if cred is None:
            res[name] = None
        elif isinstance(cred, AnyS3Credential):
            res[name] = Credentials.S3(cred)
        elif (
            isinstance(cred, GcsCredentials.FromEnv)
            or isinstance(cred, GcsCredentials.Static)
            or isinstance(cred, GcsCredentials.Refreshable)
            or isinstance(cred, GcsCredentials.Anonymous)
        ):
            res[name] = Credentials.Gcs(cast(GcsCredentials, cred))
        elif (
            isinstance(cred, AzureCredentials.FromEnv)
            or isinstance(cred, AzureCredentials.Static)
            or isinstance(cred, AzureCredentials.Refreshable)
        ):
            res[name] = Credentials.Azure(cast(AzureCredentials, cred))
        else:
            raise ValueError(f"Unknown credential type {type(cred)}")
    return res

gcs_anonymous_credentials #

gcs_anonymous_credentials()

Create anonymous credentials for Google Cloud Storage object store.

Source code in icechunk-python/python/icechunk/credentials.py

def gcs_anonymous_credentials() -> GcsCredentials.Anonymous:
    """Create anonymous credentials for Google Cloud Storage object store."""
    return GcsCredentials.Anonymous()

gcs_credentials #

gcs_credentials(
    *,
    service_account_file=None,
    service_account_key=None,
    application_credentials=None,
    bearer_token=None,
    from_env=None,
    anonymous=None,
    get_credentials=None,
    scatter_initial_credentials=False,
)

Create credentials Google Cloud Storage object store.

If all arguments are None, credentials are fetched from the operative system environment.

Source code in icechunk-python/python/icechunk/credentials.py

def gcs_credentials(
    *,
    service_account_file: str | None = None,
    service_account_key: str | None = None,
    application_credentials: str | None = None,
    bearer_token: str | None = None,
    from_env: bool | None = None,
    anonymous: bool | None = None,
    get_credentials: Callable[[], GcsBearerCredential] | None = None,
    scatter_initial_credentials: bool = False,
) -> AnyGcsCredential:
    """Create credentials Google Cloud Storage object store.

    If all arguments are None, credentials are fetched from the operative system environment.
    """
    if anonymous is not None and anonymous:
        return gcs_anonymous_credentials()

    if (from_env is None or from_env) and (
        service_account_file is None
        and service_account_key is None
        and application_credentials is None
        and bearer_token is None
    ):
        return gcs_from_env_credentials()

    if (
        service_account_file is not None
        or service_account_key is not None
        or application_credentials is not None
        or bearer_token is not None
    ) and (from_env is None or not from_env):
        return GcsCredentials.Static(
            gcs_static_credentials(
                service_account_file=service_account_file,
                service_account_key=service_account_key,
                application_credentials=application_credentials,
                bearer_token=bearer_token,
            )
        )

    if get_credentials is not None:
        return gcs_refreshable_credentials(
            get_credentials, scatter_initial_credentials=scatter_initial_credentials
        )

    raise ValueError("Conflicting arguments to gcs_credentials function")

gcs_from_env_credentials #

gcs_from_env_credentials()

Instruct Google Cloud Storage object store to fetch credentials from the operative system environment.

Source code in icechunk-python/python/icechunk/credentials.py

def gcs_from_env_credentials() -> GcsCredentials.FromEnv:
    """Instruct Google Cloud Storage object store to fetch credentials from the operative system environment."""
    return GcsCredentials.FromEnv()

gcs_refreshable_credentials #

gcs_refreshable_credentials(
    get_credentials, scatter_initial_credentials=False
)

Create refreshable credentials for Google Cloud Storage object store.

Parameters:

Name	Type	Description	Default
`get_credentials`	`Callable[[], GcsBearerCredential]`	Use this function to get and refresh the credentials. The function must be pickable.	required
`scatter_initial_credentials`	`bool`	Immediately call and store the value returned by get_credentials. This is useful if the repo or session will be pickled to generate many copies. Passing scatter_initial_credentials=True will ensure all those copies don't need to call get_credentials immediately. After the initial set of credentials has expired, the cached value is no longer used. Notice that credentials obtained are stored, and they can be sent over the network if you pickle the session/repo.	`False`

Source code in icechunk-python/python/icechunk/credentials.py

def gcs_refreshable_credentials(
    get_credentials: Callable[[], GcsBearerCredential],
    scatter_initial_credentials: bool = False,
) -> GcsCredentials.Refreshable:
    """Create refreshable credentials for Google Cloud Storage object store.

    Parameters
    ----------
    get_credentials: Callable[[], S3StaticCredentials]
        Use this function to get and refresh the credentials. The function must be pickable.
    scatter_initial_credentials: bool, optional
        Immediately call and store the value returned by get_credentials. This is useful if the
        repo or session will be pickled to generate many copies. Passing scatter_initial_credentials=True will
        ensure all those copies don't need to call get_credentials immediately. After the initial
        set of credentials has expired, the cached value is no longer used. Notice that credentials
        obtained are stored, and they can be sent over the network if you pickle the session/repo.
    """

    current = get_credentials() if scatter_initial_credentials else None
    return GcsCredentials.Refreshable(pickle.dumps(get_credentials), current)

gcs_static_credentials #

gcs_static_credentials(
    *,
    service_account_file=None,
    service_account_key=None,
    application_credentials=None,
    bearer_token=None,
)

Create static credentials Google Cloud Storage object store.

Source code in icechunk-python/python/icechunk/credentials.py

def gcs_static_credentials(
    *,
    service_account_file: str | None = None,
    service_account_key: str | None = None,
    application_credentials: str | None = None,
    bearer_token: str | None = None,
) -> AnyGcsStaticCredential:
    """Create static credentials Google Cloud Storage object store."""
    if service_account_file is not None:
        return GcsStaticCredentials.ServiceAccount(service_account_file)
    if service_account_key is not None:
        return GcsStaticCredentials.ServiceAccountKey(service_account_key)
    if application_credentials is not None:
        return GcsStaticCredentials.ApplicationCredentials(application_credentials)
    if bearer_token is not None:
        return GcsStaticCredentials.BearerToken(bearer_token)
    raise ValueError("Conflicting arguments to gcs_static_credentials function")

s3_anonymous_credentials #

s3_anonymous_credentials()

Create no-signature credentials for S3 and S3 compatible object stores.

Source code in icechunk-python/python/icechunk/credentials.py

def s3_anonymous_credentials() -> S3Credentials.Anonymous:
    """Create no-signature credentials for S3 and S3 compatible object stores."""
    return S3Credentials.Anonymous()

s3_credentials #

s3_credentials(
    *,
    access_key_id=None,
    secret_access_key=None,
    session_token=None,
    expires_after=None,
    anonymous=None,
    from_env=None,
    get_credentials=None,
    scatter_initial_credentials=False,
)

Create credentials for S3 and S3 compatible object stores.

If all arguments are None, credentials are fetched from the environment.

Parameters:

Name	Type	Description	Default
`access_key_id`	`str \| None`	S3 credential access key	`None`
`secret_access_key`	`str \| None`	S3 credential secret access key	`None`
`session_token`	`str \| None`	Optional S3 credential session token	`None`
`expires_after`	`datetime \| None`	Optional expiration for the object store credentials	`None`
`anonymous`	`bool \| None`	If set to True requests to the object store will not be signed	`None`
`from_env`	`bool \| None`	Fetch credentials from the operative system environment	`None`
`get_credentials`	`Callable[[], S3StaticCredentials] \| None`	Use this function to get and refresh object store credentials	`None`
`scatter_initial_credentials`	`bool`	Immediately call and store the value returned by get_credentials. This is useful if the repo or session will be pickled to generate many copies. Passing scatter_initial_credentials=True will ensure all those copies don't need to call get_credentials immediately. After the initial set of credentials has expired, the cached value is no longer used. Notice that credentials obtained are stored, and they can be sent over the network if you pickle the session/repo.	`False`

Source code in icechunk-python/python/icechunk/credentials.py

def s3_credentials(
    *,
    access_key_id: str | None = None,
    secret_access_key: str | None = None,
    session_token: str | None = None,
    expires_after: datetime | None = None,
    anonymous: bool | None = None,
    from_env: bool | None = None,
    get_credentials: Callable[[], S3StaticCredentials] | None = None,
    scatter_initial_credentials: bool = False,
) -> AnyS3Credential:
    """Create credentials for S3 and S3 compatible object stores.

    If all arguments are None, credentials are fetched from the environment.

    Parameters
    ----------
    access_key_id: str | None
        S3 credential access key
    secret_access_key: str | None
        S3 credential secret access key
    session_token: str | None
        Optional S3 credential session token
    expires_after: datetime | None
        Optional expiration for the object store credentials
    anonymous: bool | None
        If set to True requests to the object store will not be signed
    from_env: bool | None
        Fetch credentials from the operative system environment
    get_credentials: Callable[[], S3StaticCredentials] | None
        Use this function to get and refresh object store credentials
    scatter_initial_credentials: bool, optional
        Immediately call and store the value returned by get_credentials. This is useful if the
        repo or session will be pickled to generate many copies. Passing scatter_initial_credentials=True will
        ensure all those copies don't need to call get_credentials immediately. After the initial
        set of credentials has expired, the cached value is no longer used. Notice that credentials
        obtained are stored, and they can be sent over the network if you pickle the session/repo.
    """
    if (
        (from_env is None or from_env)
        and access_key_id is None
        and secret_access_key is None
        and session_token is None
        and expires_after is None
        and not anonymous
        and get_credentials is None
    ):
        return s3_from_env_credentials()

    if (
        anonymous
        and access_key_id is None
        and secret_access_key is None
        and session_token is None
        and expires_after is None
        and not from_env
        and get_credentials is None
    ):
        return s3_anonymous_credentials()

    if (
        get_credentials is not None
        and access_key_id is None
        and secret_access_key is None
        and session_token is None
        and expires_after is None
        and not from_env
        and not anonymous
    ):
        return s3_refreshable_credentials(
            get_credentials, scatter_initial_credentials=scatter_initial_credentials
        )

    if (
        access_key_id
        and secret_access_key
        and not from_env
        and not anonymous
        and get_credentials is None
    ):
        return s3_static_credentials(
            access_key_id=access_key_id,
            secret_access_key=secret_access_key,
            session_token=session_token,
            expires_after=expires_after,
        )

    raise ValueError("Conflicting arguments to s3_credentials function")

s3_from_env_credentials #

s3_from_env_credentials()

Instruct S3 and S3 compatible object stores to gather credentials from the operative system environment.

Source code in icechunk-python/python/icechunk/credentials.py

def s3_from_env_credentials() -> S3Credentials.FromEnv:
    """Instruct S3 and S3 compatible object stores to gather credentials from the operative system environment."""
    return S3Credentials.FromEnv()

s3_refreshable_credentials #

s3_refreshable_credentials(
    get_credentials, scatter_initial_credentials=False
)

Create refreshable credentials for S3 and S3 compatible object stores.

Parameters:

Name	Type	Description	Default
`get_credentials`	`Callable[[], S3StaticCredentials]`	Use this function to get and refresh the credentials. The function must be pickable.	required
`scatter_initial_credentials`	`bool`	Immediately call and store the value returned by get_credentials. This is useful if the repo or session will be pickled to generate many copies. Passing scatter_initial_credentials=True will ensure all those copies don't need to call get_credentials immediately. After the initial set of credentials has expired, the cached value is no longer used. Notice that credentials obtained are stored, and they can be sent over the network if you pickle the session/repo.	`False`

Source code in icechunk-python/python/icechunk/credentials.py

def s3_refreshable_credentials(
    get_credentials: Callable[[], S3StaticCredentials],
    scatter_initial_credentials: bool = False,
) -> S3Credentials.Refreshable:
    """Create refreshable credentials for S3 and S3 compatible object stores.

    Parameters
    ----------
    get_credentials: Callable[[], S3StaticCredentials]
        Use this function to get and refresh the credentials. The function must be pickable.
    scatter_initial_credentials: bool, optional
        Immediately call and store the value returned by get_credentials. This is useful if the
        repo or session will be pickled to generate many copies. Passing scatter_initial_credentials=True will
        ensure all those copies don't need to call get_credentials immediately. After the initial
        set of credentials has expired, the cached value is no longer used. Notice that credentials
        obtained are stored, and they can be sent over the network if you pickle the session/repo.
    """
    current = get_credentials() if scatter_initial_credentials else None
    return S3Credentials.Refreshable(pickle.dumps(get_credentials), current)

s3_static_credentials #

s3_static_credentials(
    *,
    access_key_id,
    secret_access_key,
    session_token=None,
    expires_after=None,
)

Create static credentials for S3 and S3 compatible object stores.

Parameters:

Name	Type	Description	Default
`access_key_id`	`str`	S3 credential access key	required
`secret_access_key`	`str`	S3 credential secret access key	required
`session_token`	`str \| None`	Optional S3 credential session token	`None`
`expires_after`	`datetime \| None`	Optional expiration for the object store credentials	`None`

Source code in icechunk-python/python/icechunk/credentials.py

def s3_static_credentials(
    *,
    access_key_id: str,
    secret_access_key: str,
    session_token: str | None = None,
    expires_after: datetime | None = None,
) -> S3Credentials.Static:
    """Create static credentials for S3 and S3 compatible object stores.

    Parameters
    ----------
    access_key_id: str | None
        S3 credential access key
    secret_access_key: str | None
        S3 credential secret access key
    session_token: str | None
        Optional S3 credential session token
    expires_after: datetime | None
        Optional expiration for the object store credentials
    """
    return S3Credentials.Static(
        S3StaticCredentials(
            access_key_id=access_key_id,
            secret_access_key=secret_access_key,
            session_token=session_token,
            expires_after=expires_after,
        )
    )

icechunk.credentials#