From 683ef8c95787efac3b6c9116720fc8fdeb494625 Mon Sep 17 00:00:00 2001 From: Paul Van Eck Date: Fri, 28 Oct 2022 15:17:42 -0700 Subject: [PATCH 1/5] [Identity] Update manual testing docs This updates Azure Arc manual testing instructions and also adds a document for testing on Azure Container Instances. Dockerfiles and requirements.txt were both updated accordingly. Signed-off-by: Paul Van Eck --- .../tests/managed-identity-live/Dockerfile | 5 +- .../tests/managed-identity-live/azure_arc.md | 34 ++-- .../container_instances.md | 160 ++++++++++++++++++ .../managed-identity-live/requirements.txt | 2 + 4 files changed, 186 insertions(+), 15 deletions(-) create mode 100644 sdk/identity/azure-identity/tests/managed-identity-live/container_instances.md diff --git a/sdk/identity/azure-identity/tests/managed-identity-live/Dockerfile b/sdk/identity/azure-identity/tests/managed-identity-live/Dockerfile index 69daa0fd76acc..418c5b41bb56f 100644 --- a/sdk/identity/azure-identity/tests/managed-identity-live/Dockerfile +++ b/sdk/identity/azure-identity/tests/managed-identity-live/Dockerfile @@ -6,7 +6,7 @@ # internal users should provide MCR registry to build via 'docker build . --build-arg REGISTRY="mcr.microsoft.com/mirror/docker/library/"' # public OSS users should simply leave this argument blank or ignore its presence entirely ARG REGISTRY="" -ARG PYTHON_VERSION=3.9 +ARG PYTHON_VERSION=3.10 # docker can't tell when the repo has changed and will therefore cache this layer FROM ${REGISTRY}alpine:3.14 as repo @@ -15,10 +15,13 @@ RUN git clone https://github.com/Azure/azure-sdk-for-python --single-branch --de FROM ${REGISTRY}python:${PYTHON_VERSION}-slim +COPY --from=repo /azure-sdk-for-python/tools /tools COPY --from=repo /azure-sdk-for-python/sdk/identity /sdk/identity COPY --from=repo /azure-sdk-for-python/sdk/core/azure-core /sdk/core/azure-core COPY --from=repo /azure-sdk-for-python/sdk/keyvault/azure-keyvault-secrets /sdk/keyvault/azure-keyvault-secrets +ENV AZURE_TEST_RUN_LIVE=true +ENV AZURE_SKIP_LIVE_RECORDING=true WORKDIR /sdk/identity/azure-identity/tests/managed-identity-live RUN pip install --no-cache-dir -r requirements.txt diff --git a/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md b/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md index 3afd6e38b4595..9b46e27329abb 100644 --- a/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md +++ b/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md @@ -1,11 +1,11 @@ -# Testing azure-identity in Azure Arc +# Test Azure Identity in Azure Arc ## Prerequisite tools 1. A non-Azure Windows or Linux VM. 2. Administrator privileges on the VM. 3. An Azure Key Vault. -4. Python 3.6+ +4. Python 3.7+ ### Install Azure Arc on the VM @@ -25,8 +25,8 @@ sudo setfacl -m "g:himds:r-x" /var/opt/azcmagent/tokens/ sudo setfacl -m "g::r-x" /var/opt/azcmagent/tokens/ ``` 7. Arc setup should now be complete. Restart your VM to finalize your environment setup. -8. After restarting, check your environment by searching for environment variables named `IDENTITY_ENDPOINT` and -`IMDS_ENDPOINT`. If they are not present, or don't resemble `http://localhost:40342/metadata/identity/oauth2/token` and +8. After restarting, check your environment by searching for environment variables named `IDENTITY_ENDPOINT` and +`IMDS_ENDPOINT`. If they are not present, or don't resemble `http://localhost:40342/metadata/identity/oauth2/token` and `http://localhost:40342` respectively, you may need to wait a short while or try restarting the VM again. ## Give the Azure Arc VM access to the key vault @@ -34,28 +34,34 @@ sudo setfacl -m "g::r-x" /var/opt/azcmagent/tokens/ For the tests to pass, the VM will need secret management permissions in your key vault. 1. Go to your key vault resource in the [Azure Portal](https://portal.azure.com). -2. Go to the vault's "Access policies" page, and click "Add Access Policy". -3. Using the secret management template, select your Arc VM resource as the principal. -4. Click "Add". -5. Don't forget to click "Save" at the top of the access policies page after the policy is added. +2. Go to the vault's "Access policies" page, and click "Create". +3. Using the "Secret Management" template, select your Arc VM resource as the principal. +4. Click "Create". ## Run the azure-identity Tests on the Azure Arc VM > **Note:** The following steps are specific to Python. In a terminal window, run: -``` -git clone https://github.com/Azure/azure-sdk-for-python --single-branch --branch master --depth 1 +```sh +git clone https://github.com/Azure/azure-sdk-for-python --single-branch --branch main --depth 1 cd azure-sdk-for-python/sdk/identity/azure-identity/tests/managed-identity-live ``` -Set the environment variable `AZURE_IDENTITY_TEST_VAULT_URL` to the vault URI of your key vault. Install `requirements.txt`: -``` +```sh pip install -r requirements.txt ``` -Run the managed identity tests, using the below command with Python 3.6+: + +Set the following environment variables, being sure to update the URL value: ``` -pytest -k managed_identity_live +AZURE_IDENTITY_TEST_VAULT_URL= +AZURE_TEST_RUN_LIVE=true +AZURE_SKIP_LIVE_RECORDING=true ``` +Run the managed identity tests, using the below command with Python 3.7+: +```sh +pytest -sv -k managed_identity_live +``` + Expected output for each: `passed` for all tests run. diff --git a/sdk/identity/azure-identity/tests/managed-identity-live/container_instances.md b/sdk/identity/azure-identity/tests/managed-identity-live/container_instances.md new file mode 100644 index 0000000000000..6ae892be140dd --- /dev/null +++ b/sdk/identity/azure-identity/tests/managed-identity-live/container_instances.md @@ -0,0 +1,160 @@ +# Test Azure Identity in Azure Container Instances + +# Prerequisite tools +- Azure CLI + - https://docs.microsoft.com/cli/azure/install-azure-cli?view=azure-cli-latest +- Docker CLI + - https://hub.docker.com/search?q=&type=edition&offering=community + + +# Azure resources +This test requires instances of these Azure resources: +- Azure Key Vault +- Azure Managed Identity + - with secrets/set and secrets/delete permission for the Key Vault +- Azure Container Registry + +The rest of this section is a walkthrough of deploying these resources. + +## Set environment variables to simplify copy-pasting +- RESOURCE_GROUP + - name of an Azure resource group + - must be unique in the Azure subscription + - e.g. 'pod-identity-test' +- ACR_NAME + - name of an Azure Container Registry + - 5-50 alphanumeric characters + - must be globally unique +- MANAGED_IDENTITY_NAME + - 3-128 alphanumeric characters + - must be unique in the resource group +- KEY_VAULT_NAME + - 3-24 alphanumeric characters + - must begin with a letter + - must be globally unique + +## Create resource group +```sh +az group create -n $RESOURCE_GROUP --location westus2 +``` + +## Create a managed identity +### Create the managed identity +```sh +az identity create -g $RESOURCE_GROUP -n $MANAGED_IDENTITY_NAME +``` + +### Save its ARM URI for later +```sh +export MANAGED_IDENTITY_ID=$(az identity show -g $RESOURCE_GROUP -n $MANAGED_IDENTITY_NAME --query id -o tsv) +``` + +## Key Vault +### Create the Vault +```sh +az keyvault create -g $RESOURCE_GROUP -n $KEY_VAULT_NAME --sku standard +``` + +### Add an access policy for the managed identity +```sh +az keyvault set-policy -n $KEY_VAULT_NAME \ + --object-id $(az identity show -g $RESOURCE_GROUP -n $MANAGED_IDENTITY_NAME --query principalId -o tsv) \ + --secret-permissions set delete list +``` + +## Create Container Registry +```sh +az acr create -g $RESOURCE_GROUP -n $ACR_NAME --admin-enabled --sku basic +``` + +# Build container images +The test application must be packaged as a Docker image. + +## Authenticate to ACR +```sh +az acr login -n $ACR_NAME +``` + +## Acquire the test code +```sh +git clone https://github.com/Azure/azure-sdk-for-python/ --branch main --single-branch --depth 1 +``` + +The rest of this section assumes this working directory: +```sh +cd azure-sdk-for-python/sdk/identity/azure-identity/tests +``` + +## Build and push images to container registry +### Set environment variables +```sh +export REPOSITORY=$(az acr show -g $RESOURCE_GROUP -n $ACR_NAME --query loginServer -o tsv) \ + IMAGE_NAME=test-pod-identity \ + PYTHON_VERSION=3.10 +``` + +### Build image +```sh +docker build --no-cache --build-arg PYTHON_VERSION=$PYTHON_VERSION -t $REPOSITORY/$IMAGE_NAME:$PYTHON_VERSION ./managed-identity-live +``` + +### Push image +```sh +docker push $REPOSITORY/$IMAGE_NAME:$PYTHON_VERSION +``` + +Then set `PYTHON_VERSION` to the latest 3.x and run the above `docker build` +and `docker push` commands again. (It's safe--and faster--to omit +`--no-cache` from `docker build` the second time.) + +# Run tests + +Run these commands to run the tests in a container instance. + +## Set a name for the container group +```sh +export CONTAINER_NAME=managed-id-container-test-python${PYTHON_VERSION::1} +``` + +## Run the test +```sh +az container create -g $RESOURCE_GROUP -n $CONTAINER_NAME \ + --assign-identity $MANAGED_IDENTITY_ID \ + --restart-policy OnFailure \ + --registry-username $(az acr credential show -n $ACR_NAME --query username -o tsv) \ + --registry-password $(az acr credential show -n $ACR_NAME --query passwords[0].value -o tsv) \ + --image $REPOSITORY/$IMAGE_NAME:$PYTHON_VERSION \ + -e AZURE_IDENTITY_TEST_VAULT_URL=$(az keyvault show -g $RESOURCE_GROUP -n $KEY_VAULT_NAME --query properties.vaultUri -o tsv) +``` + +## Inspect output +```sh +az container logs -g $RESOURCE_GROUP -n $CONTAINER_NAME +``` + +Success looks like this: +``` +============================= test session starts ============================== +platform linux -- Python 3.10.8, pytest-7.2.0, pluggy-1.0.0 -- /usr/local/bin/python +cachedir: .pytest_cache +rootdir: /sdk/identity/azure-identity +plugins: asyncio-0.20.1, cov-4.0.0 +asyncio: mode=strict +collecting ... collected 4 items + +test_cloud_shell.py::test_cloud_shell_live SKIPPED (Cloud Shell MSI ...) [ 25%] +test_cloud_shell_async.py::test_cloud_shell_live SKIPPED (Cloud Shel...) [ 50%] +test_managed_identity_live.py::test_managed_identity_live PASSED [ 75%] +test_managed_identity_live_async.py::test_managed_identity_live PASSED [100%] + +=========================== short test summary info ============================ +SKIPPED [2] conftest.py:46: Cloud Shell MSI unavailable +========================= 2 passed, 2 skipped in 1.30s ========================= +``` +`test_managed_identity_live` must pass. Other test cases may be skipped. No test case may fail. + +# Delete Azure resources +Finally, delete the resources created above: +```sh +az group delete -n $RESOURCE_GROUP -y --no-wait +``` diff --git a/sdk/identity/azure-identity/tests/managed-identity-live/requirements.txt b/sdk/identity/azure-identity/tests/managed-identity-live/requirements.txt index cad1a862cc44e..2800336a22966 100644 --- a/sdk/identity/azure-identity/tests/managed-identity-live/requirements.txt +++ b/sdk/identity/azure-identity/tests/managed-identity-live/requirements.txt @@ -1,6 +1,8 @@ ../../../../core/azure-core ../.. ../../../../keyvault/azure-keyvault-secrets +../../../../../tools/azure-devtools +../../../../../tools/azure-sdk-tools pytest pytest-asyncio aiohttp>=3.0 From ed9f8932be2f4929594f5ed67f42eb5a32db61b4 Mon Sep 17 00:00:00 2001 From: Paul Van Eck Date: Sun, 30 Oct 2022 14:52:50 -0700 Subject: [PATCH 2/5] Update VM and Cloud Shell instructions Signed-off-by: Paul Van Eck --- .../tests/managed-identity-live/cloudshell.md | 42 +++++------ .../container_instances.md | 8 +-- .../service-fabric/service_fabric.md | 4 +- .../tests/managed-identity-live/vm.md | 70 +++++++++++-------- 4 files changed, 67 insertions(+), 57 deletions(-) diff --git a/sdk/identity/azure-identity/tests/managed-identity-live/cloudshell.md b/sdk/identity/azure-identity/tests/managed-identity-live/cloudshell.md index 2b9a13e2e4221..ff5ca92890eb0 100644 --- a/sdk/identity/azure-identity/tests/managed-identity-live/cloudshell.md +++ b/sdk/identity/azure-identity/tests/managed-identity-live/cloudshell.md @@ -1,11 +1,11 @@ -# Testing azure-identity in Azure Cloud Shell +# Test Azure Identity in Azure Cloud Shell # Open Azure Cloud Shell https://shell.azure.com/ # Create an Azure Key Vault -## set environment variables to simplify copy-pasting +## Set environment variables to simplify copy-pasting - RESOURCE_GROUP - name of an Azure resource group - must be unique in the Azure subscription @@ -15,12 +15,12 @@ https://shell.azure.com/ - must begin with a letter - must be globally unique -## create a resource group +## Create a resource group ```sh az group create -n $RESOURCE_GROUP --location westus2 ``` -## create the Key Vault +## Create the key vault ```sh az keyvault create -g $RESOURCE_GROUP -n $KEY_VAULT_NAME --sku standard ``` @@ -35,7 +35,7 @@ export AZURE_IDENTITY_TEST_VAULT_URL=$(az keyvault show -g $RESOURCE_GROUP -n $K ## Acquire the latest code This may take several minutes: ```sh -git clone https://github.com/azure/azure-sdk-for-python --single-branch --branch master --depth 1 +git clone https://github.com/azure/azure-sdk-for-python --single-branch --branch main --depth 1 ``` ## Change working directory @@ -43,40 +43,42 @@ git clone https://github.com/azure/azure-sdk-for-python --single-branch --branch cd azure-sdk-for-python/sdk/identity/azure-identity ``` -## Create virtual environments -The Azure SDK supports Python 3.6+. Python 3 should be installed in your Cloud Shell. - -### Python 3 -If your shell has at least Python 3.6 available, create a virtual environment -for it: +## Create virtual environment +The Azure SDK supports Python 3.7+. Python 3 should be installed in your Cloud Shell. ```sh -virtualenv -p python3 ~/venv3 +python -m venv ~/venv ``` -## For each virtual environment: - -### Activate +## Activate virtual environment For example: ```sh -source ~/venv2/bin/activate +source ~/venv/bin/activate ``` -### Install packages +## Install packages ```sh pip install -r dev_requirements.txt . ``` -### Run tests +## Set required environment variables +```sh +export AZURE_TEST_RUN_LIVE=true +export AZURE_SKIP_LIVE_RECORDING=true +``` + +## Run tests ```sh pytest ./tests -vrs -m cloudshell ``` -### Deactivate +# Clean up + +## Deactivate virtual environment ```sh deactivate ``` -# Delete Azure resources +## Delete Azure resources After running tests, delete the resources provisioned earlier: ```sh az group delete -n $RESOURCE_GROUP -y --no-wait diff --git a/sdk/identity/azure-identity/tests/managed-identity-live/container_instances.md b/sdk/identity/azure-identity/tests/managed-identity-live/container_instances.md index 6ae892be140dd..9ddc7fc4d6362 100644 --- a/sdk/identity/azure-identity/tests/managed-identity-live/container_instances.md +++ b/sdk/identity/azure-identity/tests/managed-identity-live/container_instances.md @@ -142,10 +142,10 @@ plugins: asyncio-0.20.1, cov-4.0.0 asyncio: mode=strict collecting ... collected 4 items -test_cloud_shell.py::test_cloud_shell_live SKIPPED (Cloud Shell MSI ...) [ 25%] -test_cloud_shell_async.py::test_cloud_shell_live SKIPPED (Cloud Shel...) [ 50%] -test_managed_identity_live.py::test_managed_identity_live PASSED [ 75%] -test_managed_identity_live_async.py::test_managed_identity_live PASSED [100%] +test_cloud_shell.py::test_cloud_shell_live SKIPPED (Cloud Shell MSI ...) [ 25%] +test_cloud_shell_async.py::test_cloud_shell_live SKIPPED (Cloud Shell...) [ 50%] +test_managed_identity_live.py::test_managed_identity_live PASSED [ 75%] +test_managed_identity_live_async.py::test_managed_identity_live PASSED [100%] =========================== short test summary info ============================ SKIPPED [2] conftest.py:46: Cloud Shell MSI unavailable diff --git a/sdk/identity/azure-identity/tests/managed-identity-live/service-fabric/service_fabric.md b/sdk/identity/azure-identity/tests/managed-identity-live/service-fabric/service_fabric.md index ee1de7724388b..ff3cd0d94c39a 100644 --- a/sdk/identity/azure-identity/tests/managed-identity-live/service-fabric/service_fabric.md +++ b/sdk/identity/azure-identity/tests/managed-identity-live/service-fabric/service_fabric.md @@ -19,7 +19,7 @@ The `arm-templates` directory contains Azure resource templates for creating the From a command prompt window, run ``` -git clone https://github.com/Azure/azure-sdk-for-python --single-branch --branch master --depth 1 +git clone https://github.com/Azure/azure-sdk-for-python --single-branch --branch main --depth 1 cd azure-sdk-for-python/sdk/identity/azure-identity/tests/managed-identity-live/service-fabric ``` @@ -148,7 +148,7 @@ Your Service Fabric cluster will target each application by referencing a `.sfpk ### Upload the application packages to a storage account -If using an existing cluster, ensure your resource group has a storage account connected to your cluster. If you deployed a cluster using the template provided, two storage accounts were created but only one needs to store the `.sfpkg` files for the applications (the one with the name corresponding to `applicationDiagnosticsStorageAccountName` in the template). +If using an existing cluster, ensure your resource group has a storage account connected to your cluster. If you deployed a cluster using the template provided, two storage accounts were created but only one needs to store the `.sfpkg` files for the applications (the one with the name corresponding to `applicationDiagnosticsStorageAccountName` in the template). Go to your resource group in the [Azure Portal](https://portal.azure.com) and click on the storage account. Go to the "Containers" page and create a new container named "apps" -- be sure the set the public access level to Blob. diff --git a/sdk/identity/azure-identity/tests/managed-identity-live/vm.md b/sdk/identity/azure-identity/tests/managed-identity-live/vm.md index 857d0ba199e20..9b88f6dc1510e 100644 --- a/sdk/identity/azure-identity/tests/managed-identity-live/vm.md +++ b/sdk/identity/azure-identity/tests/managed-identity-live/vm.md @@ -1,7 +1,9 @@ -# prerequisite tools -- Azure CLI +# Test Azure Identity in Azure VM -# Azure resources +## Prerequisite tools +- [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli?view=azure-cli-latest) + +## Azure resources This test requires instances of these Azure resources: - Azure Key Vault - Azure Managed Identity @@ -12,7 +14,9 @@ This test requires instances of these Azure resources: The rest of this section is a walkthrough of deploying these resources. -## Set environment variables to simplify copy-pasting +## Setup + +### Set environment variables to simplify copy-pasting - RESOURCE_GROUP - name of an Azure resource group - must be unique in the Azure subscription @@ -34,12 +38,12 @@ The rest of this section is a walkthrough of deploying these resources. - must begin with a letter - must be globally unique -## resource group +### Create resource group ```sh az group create -n $RESOURCE_GROUP --location westus2 ``` -## Managed identity +### Create managed identity Create the identity: ```sh az identity create \ @@ -48,16 +52,15 @@ az identity create \ -l westus2 ``` -## Virtual machines +### Create virtual machines With system-assigned identity: ```sh az vm create \ -n $VM_NAME_SYSTEM_ASSIGNED \ -g $RESOURCE_GROUP \ - --image UbuntuLTS \ + --image Canonical:0001-com-ubuntu-server-focal:20_04-lts-gen2:latest \ --assign-identity \ --size Standard_DS1_v2 \ - -l westus2 \ --generate-ssh-keys ``` @@ -66,19 +69,20 @@ With user-assigned identity: az vm create \ -n $VM_NAME_USER_ASSIGNED \ -g $RESOURCE_GROUP \ - --image UbuntuLTS \ + --image Canonical:0001-com-ubuntu-server-focal:20_04-lts-gen2:latest \ --assign-identity $(az identity show -g $RESOURCE_GROUP -n $MANAGED_IDENTITY_NAME -o tsv --query id) \ --size Standard_DS1_v2 \ - -l westus2 \ --generate-ssh-keys ``` -## Key Vault: +Note: If an error occurs like: `'Following SKUs have failed for Capacity Restrictions: Standard_DS1_v2' is currently not available in location 'westus2'`, try again with a different zone by specifying `--zone 2` or `--zone 3`. + +### Create a key vault: ```sh az keyvault create -g $RESOURCE_GROUP -n $KEY_VAULT_NAME --sku standard ``` -Allow the VM with system-assigned identity to access the Key Vault's secrets: +Allow the VM with system-assigned identity to access the key vault's secrets: ```sh az keyvault set-policy -n $KEY_VAULT_NAME \ --object-id $(az vm show -n $VM_NAME_SYSTEM_ASSIGNED -g $RESOURCE_GROUP --query identity.principalId -o tsv) \ @@ -92,58 +96,62 @@ az keyvault set-policy -n $KEY_VAULT_NAME \ --secret-permissions list ``` -# Install dependencies +## Install dependencies -## gather VM ids +### Gather VM IDs ```sh export VM_ID_SYSTEM_ASSIGNED=$(az vm show -g $RESOURCE_GROUP -n $VM_NAME_SYSTEM_ASSIGNED -o tsv --query id) \ VM_ID_USER_ASSIGNED=$(az vm show -g $RESOURCE_GROUP -n $VM_NAME_USER_ASSIGNED -o tsv --query id) && \ export VM_IDS="$VM_ID_SYSTEM_ASSIGNED $VM_ID_USER_ASSIGNED" ``` -## install prerequisites +### Install prerequisites ```sh echo -e `az vm run-command invoke \ --ids $VM_IDS \ --command-id RunShellScript \ - --scripts "sudo apt update && sudo apt install python-pip python3-pip -y --no-install-recommends && \ - git clone https://github.com/Azure/azure-sdk-for-python.git --depth 1 --single-branch --branch master /sdk && \ + --scripts "sudo apt update && sudo apt install python3-pip -y --no-install-recommends && \ + git clone https://github.com/Azure/azure-sdk-for-python.git --depth 1 --single-branch --branch main /sdk && \ cd /sdk/sdk/identity/azure-identity/tests/managed-identity-live && \ - pip install setuptools wheel && pip3 install setuptools wheel && \ - pip install -r requirements.txt && pip3 install -r requirements.txt"` + pip3 install setuptools wheel && \ + pip3 install -r requirements.txt"` ``` -# Run tests +## Run tests Do this for each VM, that is to say, once passing `--ids $VM_ID_SYSTEM_ASSIGNED` and again passing `--ids $VM_ID_USER_ASSIGNED`: -## Python 3 ```sh echo -e `az vm run-command invoke \ - --ids $VM_ID_SYSTEM_ASSIGNED \ + --ids $VM_ID_USER_ASSIGNED \ --command-id RunShellScript \ --scripts "cd /sdk/sdk/identity/azure-identity/tests/managed-identity-live && \ export AZURE_IDENTITY_TEST_VAULT_URL=https://$KEY_VAULT_NAME.vault.azure.net && \ + export AZURE_TEST_RUN_LIVE=true && \ + export AZURE_SKIP_LIVE_RECORDING=true && \ python3 -m pytest -v --log-level=DEBUG"` ``` Successful test output looks like this: ``` ============================= test session starts ============================== -platform linux -- Python 3.9.9, pytest-5.3.2, py-1.8.1, pluggy-0.13.1 -- /usr/bin/python3 +platform linux -- Python 3.8.10, pytest-7.2.0, pluggy-1.0.0 -- /usr/bin/python3 cachedir: .pytest_cache -rootdir: /azure-sdk-for-python, inifile: setup.cfg -plugins: asyncio-0.10.0 -collecting ... collected 2 items +rootdir: /sdk, configfile: setup.cfg +plugins: asyncio-0.20.1, cov-4.0.0 +asyncio: mode=strict +collecting ... collected 4 items -test_managed_identity_live.py::test_managed_identity_live PASSED -test_managed_identity_live_async.py::test_managed_identity_live PASSED +test_cloud_shell.py::test_cloud_shell_live SKIPPED (Cloud Shell MSI ...) [ 25%] +test_cloud_shell_async.py::test_cloud_shell_live SKIPPED (Cloud Shell...) [ 50%] +test_managed_identity_live.py::test_managed_identity_live PASSED [ 75%] +test_managed_identity_live_async.py::test_managed_identity_live PASSED [100%] -============================== 2 passed in 0.61s =============================== +========================= 2 passed, 2 skipped in 0.54s ========================= ``` `test_managed_identity_live` must pass. Other tests may be skipped. No test may fail. -# Delete Azure resources +## Delete Azure resources ```sh az group delete -n $RESOURCE_GROUP -y --no-wait ``` From 150dc41cab915dc490ebd49280b78451195454f9 Mon Sep 17 00:00:00 2001 From: Paul Van Eck Date: Sun, 30 Oct 2022 15:05:20 -0700 Subject: [PATCH 3/5] Pod identity doc updates Signed-off-by: Paul Van Eck --- sdk/identity/azure-identity/tests/pod-identity/readme.md | 4 ++-- .../tests/pod-identity/test-pod-identity/templates/job.yaml | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/sdk/identity/azure-identity/tests/pod-identity/readme.md b/sdk/identity/azure-identity/tests/pod-identity/readme.md index 7c032b43b6023..3708f2e7d050e 100644 --- a/sdk/identity/azure-identity/tests/pod-identity/readme.md +++ b/sdk/identity/azure-identity/tests/pod-identity/readme.md @@ -93,7 +93,7 @@ az role assignment create --role "Managed Identity Operator" \ # build images The test application must be packaged as a Docker image before deployment. -Test runs must include Python 3.6+. +Test runs must include Python 3.7+. ### authenticate to ACR ```sh @@ -102,7 +102,7 @@ az acr login -n $ACR_NAME ### acquire the test code ```sh -git clone https://github.com/Azure/azure-sdk-for-python/ --branch master --single-branch --depth 1 +git clone https://github.com/Azure/azure-sdk-for-python/ --branch main --single-branch --depth 1 ``` The rest of this section assumes this working directory: diff --git a/sdk/identity/azure-identity/tests/pod-identity/test-pod-identity/templates/job.yaml b/sdk/identity/azure-identity/tests/pod-identity/test-pod-identity/templates/job.yaml index c991f0a632c1a..922632cc5bac0 100644 --- a/sdk/identity/azure-identity/tests/pod-identity/test-pod-identity/templates/job.yaml +++ b/sdk/identity/azure-identity/tests/pod-identity/test-pod-identity/templates/job.yaml @@ -30,5 +30,9 @@ spec: env: - name: AZURE_IDENTITY_TEST_VAULT_URL value: "{{ .Values.vaultUrl }}" + - name: AZURE_TEST_RUN_LIVE + value: true + - name: AZURE_SKIP_LIVE_RECORDING + value: true - name: AZURE_IDENTITY_TEST_MANAGED_IDENTITY_CLIENT_ID value: {{ index .Values "aad-pod-identity" "azureIdentity" "clientID" | quote }} From 298b15ff7976789780aa3eb4de4f4be19d01990c Mon Sep 17 00:00:00 2001 From: Paul Van Eck Date: Sun, 30 Oct 2022 15:09:59 -0700 Subject: [PATCH 4/5] Add missing await keyword Signed-off-by: Paul Van Eck --- .../tests/managed-identity-live/test_cloud_shell_async.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/identity/azure-identity/tests/managed-identity-live/test_cloud_shell_async.py b/sdk/identity/azure-identity/tests/managed-identity-live/test_cloud_shell_async.py index 756346dd3f8a0..258c230e2411d 100644 --- a/sdk/identity/azure-identity/tests/managed-identity-live/test_cloud_shell_async.py +++ b/sdk/identity/azure-identity/tests/managed-identity-live/test_cloud_shell_async.py @@ -13,7 +13,7 @@ @pytest.mark.asyncio async def test_cloud_shell_live(cloud_shell): credential = ManagedIdentityCredential() - token = credential.get_token("https://vault.azure.net") + token = await credential.get_token("https://vault.azure.net") # Validate the token by sending a request to the Key Vault. The request is manual because azure-keyvault-secrets # can't authenticate in Cloud Shell; the MSI endpoint there doesn't support AADv2 scopes. From 84be5884f991b670da40b12c51782e22e03b8278 Mon Sep 17 00:00:00 2001 From: Paul Van Eck Date: Sun, 30 Oct 2022 15:12:02 -0700 Subject: [PATCH 5/5] Fix variable Signed-off-by: Paul Van Eck --- sdk/identity/azure-identity/tests/managed-identity-live/vm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/identity/azure-identity/tests/managed-identity-live/vm.md b/sdk/identity/azure-identity/tests/managed-identity-live/vm.md index 9b88f6dc1510e..cacf1ef29cc17 100644 --- a/sdk/identity/azure-identity/tests/managed-identity-live/vm.md +++ b/sdk/identity/azure-identity/tests/managed-identity-live/vm.md @@ -123,7 +123,7 @@ passing `--ids $VM_ID_USER_ASSIGNED`: ```sh echo -e `az vm run-command invoke \ - --ids $VM_ID_USER_ASSIGNED \ + --ids $VM_ID_SYSTEM_ASSIGNED \ --command-id RunShellScript \ --scripts "cd /sdk/sdk/identity/azure-identity/tests/managed-identity-live && \ export AZURE_IDENTITY_TEST_VAULT_URL=https://$KEY_VAULT_NAME.vault.azure.net && \