From 1451766ce662fa391cd84db4aed8087a1a45d44f Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Wed, 12 Jan 2022 15:42:03 -0800 Subject: [PATCH 1/4] clean up tests/docs --- sdk/identity/azure-identity/Troubleshoot.md | 4 ++-- sdk/identity/azure-identity/conftest.py | 4 ---- sdk/identity/azure-identity/dev_requirements.txt | 3 +-- .../tests/managed-identity-live/Dockerfile | 2 +- .../tests/managed-identity-live/appservice.md | 10 ++-------- .../tests/managed-identity-live/azure_arc.md | 12 ++++++------ .../tests/managed-identity-live/cloudshell.md | 13 ++----------- .../tests/managed-identity-live/conftest.py | 3 --- .../tests/managed-identity-live/requirements.txt | 4 ++-- .../service-fabric/service_fabric.md | 12 +++++++----- .../tests/managed-identity-live/vm.md | 10 ---------- .../azure-identity/tests/pod-identity/readme.md | 11 +++-------- .../tests/test_certificate_credential.py | 2 +- .../tests/test_client_secret_credential.py | 2 +- .../azure-identity/tests/vscode-live/vscode.md | 4 ++-- 15 files changed, 30 insertions(+), 66 deletions(-) diff --git a/sdk/identity/azure-identity/Troubleshoot.md b/sdk/identity/azure-identity/Troubleshoot.md index 0b6b938a4168..23dd5d5f616c 100644 --- a/sdk/identity/azure-identity/Troubleshoot.md +++ b/sdk/identity/azure-identity/Troubleshoot.md @@ -100,7 +100,7 @@ then you can retrieve the client/app id by following the instructions [here](htt #### Client Secret Argument -The client secret is the secret string that the application uses to prove its identity when requesting a token; this can also can be referred to as an application password. +The client secret is the secret string that the application uses to prove its identity when requesting a token; this can also be referred to as an application password. If you have already created a service principal you can follow the instructions [here](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret) to create a client secret for your application. ### Client Certificate Credential Issues @@ -138,7 +138,7 @@ Azure Service | Managed Identity Configuration #### Failed To Read VS Code Credentials / Authenticate via Azure Tools plugin in VS Code -THe `VS Code Credential` failed to read the credential details from the cache. +The `VS Code Credential` failed to read the credential details from the cache. The Visual Studio Code authentication is handled by an integration with the Azure Account extension. To use this form of authentication, ensure that you have installed the Azure Account extension, diff --git a/sdk/identity/azure-identity/conftest.py b/sdk/identity/azure-identity/conftest.py index f4a2f5d3f700..1935b27ed3e9 100644 --- a/sdk/identity/azure-identity/conftest.py +++ b/sdk/identity/azure-identity/conftest.py @@ -9,10 +9,6 @@ import six from azure.identity._constants import DEVELOPER_SIGN_ON_CLIENT_ID, EnvironmentVariables -if sys.version_info < (3, 5, 3): - collect_ignore_glob = ["*_async.py"] - - RECORD_IMDS = "--record-imds" diff --git a/sdk/identity/azure-identity/dev_requirements.txt b/sdk/identity/azure-identity/dev_requirements.txt index 414d718794ab..56bb4a6b7a59 100644 --- a/sdk/identity/azure-identity/dev_requirements.txt +++ b/sdk/identity/azure-identity/dev_requirements.txt @@ -1,6 +1,5 @@ ../../core/azure-core -aiohttp>=3.0; python_version >= '3.5' -mock;python_version<"3.3" +aiohttp>=3.0 typing_extensions>=3.7.2 -e ../../../tools/azure-sdk-tools -e ../../../tools/azure-devtools \ No newline at end of file diff --git a/sdk/identity/azure-identity/tests/managed-identity-live/Dockerfile b/sdk/identity/azure-identity/tests/managed-identity-live/Dockerfile index 8cfd12d56a09..13631a3010db 100644 --- a/sdk/identity/azure-identity/tests/managed-identity-live/Dockerfile +++ b/sdk/identity/azure-identity/tests/managed-identity-live/Dockerfile @@ -2,7 +2,7 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # ------------------------------------ -ARG PYTHON_VERSION=2.7 +ARG PYTHON_VERSION=3.9 # docker can't tell when the repo has changed and will therefore cache this layer FROM alpine/git as repo diff --git a/sdk/identity/azure-identity/tests/managed-identity-live/appservice.md b/sdk/identity/azure-identity/tests/managed-identity-live/appservice.md index 9fb28b357056..29bbddf3374b 100644 --- a/sdk/identity/azure-identity/tests/managed-identity-live/appservice.md +++ b/sdk/identity/azure-identity/tests/managed-identity-live/appservice.md @@ -130,7 +130,7 @@ Use the Azure Portal to attached the managed identity created above to the Web A The test are deployed as a container. The following command lines assume this working directory: > `azure-sdk-for-python/sdk/identity/azure-identity/tests` -Two images are needed because the test must run on Python 2 and 3. +We only need to test on Python 3.x ### Authenticate to ACR @@ -142,7 +142,7 @@ az acr login -n $ACR_NAME ```sh export IMAGE_NAME=$(az acr show -n $ACR_NAME --query loginServer -o tsv)/webapp-managed-id-test \ - PYTHON_VERSION=2.7 + PYTHON_VERSION=3.x ``` ### Build the image @@ -157,14 +157,8 @@ docker build --no-cache --build-arg PYTHON_TAG=$PYTHON_VERSION -t $IMAGE_NAME:$P docker push $IMAGE_NAME:$PYTHON_VERSION ``` -Then set `PYTHON_VERSION` to the latest 3.x and run the above `docker build` -and `docker push` commands again. (It's safe--and faster--to omit -`--no-cache` from `docker build` the second time.) - ## Run tests -Run these commands twice, once with `PYTHON_VERSION=2.7` and again with the latest 3.x. - ### Deploy test code Configure the Web Apps to use the image. For example, for the app using system-assigned identity: diff --git a/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md b/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md index 261301e35947..2870c220151c 100644 --- a/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md +++ b/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md @@ -5,7 +5,7 @@ 1. A non-Azure Windows or Linux VM. 2. Administrator privileges on the VM. 3. An Azure Key Vault. -4. Python 2.7 and 3.5+ +4. Python 3.6+ ### Install Azure Arc on the VM @@ -14,7 +14,7 @@ 1. Create an Azure Arc server resource on the [Azure Portal](https://portal.azure.com) (at the time of writing, the resource is named "Servers - Azure Arc"). 2. Choose to add an existing server using an interactive script. -3. When creating the resource, fill in your desired subscription, resource group, and region for the VM. Choose the +3. When creating the resource, fill in your desired subscription, resource group, and region for the VM. Choose the operating system of your existing VM. 4. No other configuration is necessary. You can go to the "Download and run script" tab and download the script shown. 5. Once the script has been downloaded, run the script on your machine with administrator privileges. @@ -31,11 +31,11 @@ sudo setfacl -m "g::r-x" /var/opt/azcmagent/tokens/ ## Give the Azure Arc VM access to the key vault -For the tests to pass, the VM will need secret management permissions in your key vault. +For the tests to pass, the VM will need secret management permissions in your key vault. 1. Go to your key vault resource in the [Azure Portal](https://portal.azure.com). -2. Go to the vault's "Access policies" page, and click "Add Access Policy". -3. Using the secret management template, select your Arc VM resource as the principal. +2. Go to the vault's "Access policies" page, and click "Add Access Policy". +3. Using the secret management template, select your Arc VM resource as the principal. 4. Click "Add". 5. Don't forget to click "Save" at the top of the access policies page after the policy is added. @@ -54,7 +54,7 @@ Install `requirements.txt`: ``` pip install -r requirements.txt ``` -Run the managed identity tests, using the below command once with Python 2.7 and once with Python 3.5+: +Run the managed identity tests, using the below command with Python Python 3.6+: ``` pytest -k managed_identity_live ``` diff --git a/sdk/identity/azure-identity/tests/managed-identity-live/cloudshell.md b/sdk/identity/azure-identity/tests/managed-identity-live/cloudshell.md index 28a9a5f5b409..2b9a13e2e422 100644 --- a/sdk/identity/azure-identity/tests/managed-identity-live/cloudshell.md +++ b/sdk/identity/azure-identity/tests/managed-identity-live/cloudshell.md @@ -43,20 +43,11 @@ git clone https://github.com/azure/azure-sdk-for-python --single-branch --branch cd azure-sdk-for-python/sdk/identity/azure-identity ``` - ## Create virtual environments -The Azure SDK supports Python 2.7 and 3.5.3+. Python 2 and 3 should be installed -in your Cloud Shell. However, the Python 3 version may be less than 3.5.3. Check -this with `python3 -V`. If the version is less than 3.5.3, run tests with Python -2 only. - -### Python 2.7 -```sh -virtualenv -p python2 ~/venv2 -``` +The Azure SDK supports Python 3.6+. Python 3 should be installed in your Cloud Shell. ### Python 3 -If your shell has at least Python 3.5.3 available, create a virtual environment +If your shell has at least Python 3.6 available, create a virtual environment for it: ```sh virtualenv -p python3 ~/venv3 diff --git a/sdk/identity/azure-identity/tests/managed-identity-live/conftest.py b/sdk/identity/azure-identity/tests/managed-identity-live/conftest.py index b80895e32e42..de82ea958a02 100644 --- a/sdk/identity/azure-identity/tests/managed-identity-live/conftest.py +++ b/sdk/identity/azure-identity/tests/managed-identity-live/conftest.py @@ -8,9 +8,6 @@ from azure.identity._constants import EnvironmentVariables import pytest -if sys.version_info < (3, 5, 3): - collect_ignore_glob = ["*_async.py"] - AZURE_IDENTITY_TEST_VAULT_URL = "AZURE_IDENTITY_TEST_VAULT_URL" AZURE_IDENTITY_TEST_MANAGED_IDENTITY_CLIENT_ID = "AZURE_IDENTITY_TEST_MANAGED_IDENTITY_CLIENT_ID" diff --git a/sdk/identity/azure-identity/tests/managed-identity-live/requirements.txt b/sdk/identity/azure-identity/tests/managed-identity-live/requirements.txt index a068a810e6a9..cad1a862cc44 100644 --- a/sdk/identity/azure-identity/tests/managed-identity-live/requirements.txt +++ b/sdk/identity/azure-identity/tests/managed-identity-live/requirements.txt @@ -2,5 +2,5 @@ ../.. ../../../../keyvault/azure-keyvault-secrets pytest -pytest-asyncio;python_version>="3.5" -aiohttp>=3.0; python_version >= '3.5' +pytest-asyncio +aiohttp>=3.0 diff --git a/sdk/identity/azure-identity/tests/managed-identity-live/service-fabric/service_fabric.md b/sdk/identity/azure-identity/tests/managed-identity-live/service-fabric/service_fabric.md index 488c591bfb24..84498adc6eb2 100644 --- a/sdk/identity/azure-identity/tests/managed-identity-live/service-fabric/service_fabric.md +++ b/sdk/identity/azure-identity/tests/managed-identity-live/service-fabric/service_fabric.md @@ -68,6 +68,8 @@ From your command prompt window, run: az acr create -g $RESOURCE_GROUP -n $ACR_NAME --admin-enabled --sku basic ``` +_Warning: ACR accounts with uppercase letters in their name may have authentication issues._ + ### Deploy a managed identity-enabled cluster At the time of writing, Service Fabric clusters must be deployed using the Azure Resource Manager in order to enable managed identity. Provided is a cluster ARM template that can be used to create a managed identity-enabled cluster once some required fields are completed. The template uses the cluster certificate provided by your key vault, creates a system-assigned identity, and enables the managed identity token service so deployed applications can access their identities. @@ -159,7 +161,7 @@ az deployment group create --resource-group $RESOURCE_GROUP --template-file arm- ### Give the applications access to your key vault -If the applications were accessed now, they would report an error. This is because their managed identities don't have permission to access secrets in the key vault you created. +If the applications were accessed now, they would report an error. This is because their managed identities don't have permission to access secrets in the key vault you created. To grant them access: @@ -192,14 +194,14 @@ Verify in a browser: 4. When you find an application entry, click the "+" sign by the name to expand it. There should be a "code" entry -- click on that to bring up a page that has a "Container Logs" tab. 5. Go to the "Container Logs" tab to see the test output. The tests will re-run every so often, so you may have to watch the page for a short while to see the output. Verify that `test_managed_identity_live` shows `PASSED`. -This shows that the `ManagedIdentityCredential` works for Python 2.7. To test on Python 3.5, you'll need to re-build the Docker images and re-deploy the applications so they can target the new images. +This shows that the `ManagedIdentityCredential` works for Python 2.7. To test on Python 3.9, you'll need to re-build the Docker images and re-deploy the applications so they can target the new images. 1. Remove each application from the cluster. In the Service Fabric Explorer, expand the Applications tab and sfmitestsystemType tab. Click on "fabric:/sfmitestsystem", and in the application page, use the "Actions" tab at the top right to delete the application. 2. Now, remove the other application. Click on "fabric:/sfmitestuser" and use the "Actions" tab to delete the application. -3. Re-build the docker images, targeting Python 3.5 with `--build-arg`. In your command prompt, run: +3. Re-build the docker images, targeting Python 3.9 with `--build-arg`. In your command prompt, run: ``` -docker build --no-cache --build-arg PYTHON_VERSION=3.5 -t $ACR_NAME.azurecr.io/sfmitestsystem .. -docker build --no-cache --build-arg PYTHON_VERSION=3.5 -t $ACR_NAME.azurecr.io/sfmitestuser .. +docker build --no-cache --build-arg PYTHON_VERSION=3.9 -t $ACR_NAME.azurecr.io/sfmitestsystem .. +docker build --no-cache --build-arg PYTHON_VERSION=3.9 -t $ACR_NAME.azurecr.io/sfmitestuser .. ``` 4. Publish the new images to your ACR: ``` diff --git a/sdk/identity/azure-identity/tests/managed-identity-live/vm.md b/sdk/identity/azure-identity/tests/managed-identity-live/vm.md index 959bd61b2c8f..857d0ba199e2 100644 --- a/sdk/identity/azure-identity/tests/managed-identity-live/vm.md +++ b/sdk/identity/azure-identity/tests/managed-identity-live/vm.md @@ -117,16 +117,6 @@ echo -e `az vm run-command invoke \ Do this for each VM, that is to say, once passing `--ids $VM_ID_SYSTEM_ASSIGNED` and again passing `--ids $VM_ID_USER_ASSIGNED`: -## Python 2 -```sh -echo -e `az vm run-command invoke \ - --ids $VM_ID_SYSTEM_ASSIGNED \ - --command-id RunShellScript \ - --scripts "cd /sdk/sdk/identity/azure-identity/tests/managed-identity-live && \ - export AZURE_IDENTITY_TEST_VAULT_URL=https://$KEY_VAULT_NAME.vault.azure.net && \ - python2 -m pytest -v --log-level=DEBUG"` -``` - ## Python 3 ```sh echo -e `az vm run-command invoke \ diff --git a/sdk/identity/azure-identity/tests/pod-identity/readme.md b/sdk/identity/azure-identity/tests/pod-identity/readme.md index 272968efd80c..7c032b43b602 100644 --- a/sdk/identity/azure-identity/tests/pod-identity/readme.md +++ b/sdk/identity/azure-identity/tests/pod-identity/readme.md @@ -93,7 +93,7 @@ az role assignment create --role "Managed Identity Operator" \ # build images The test application must be packaged as a Docker image before deployment. -Test runs must include Python 2 and 3, so two images are required. +Test runs must include Python 3.6+. ### authenticate to ACR ```sh @@ -113,7 +113,7 @@ cd azure-sdk-for-python/sdk/identity/azure-identity/tests ### build images and push them to the container registry Set environment variables: ```sh -export REPOSITORY=$ACR_NAME.azurecr.io IMAGE_NAME=test-pod-identity PYTHON_VERSION=2.7 +export REPOSITORY=$ACR_NAME.azurecr.io IMAGE_NAME=test-pod-identity PYTHON_VERSION=3.9 ``` Build an image: @@ -126,11 +126,6 @@ Push it to ACR: docker push $REPOSITORY/$IMAGE_NAME:$PYTHON_VERSION ``` -Then set `PYTHON_VERSION` to the latest 3.x (3.8 at time of writing) and run the -above `docker build` and `docker push` commands again. (It's safe--and faster-- -to omit `--no-cache` from `docker build` the second time.) - - # run the test ### install kubectl @@ -149,7 +144,7 @@ helm init --wait ``` ### run the test script -Twice. Once with `PYTHON_VERSION=2.7`, once with `PYTHON_VERSION=3.x` +With `PYTHON_VERSION=3.x` (replacing x with the latest Python 3 minor version): ```sh python ./pod-identity/run-test.py \ diff --git a/sdk/identity/azure-identity/tests/test_certificate_credential.py b/sdk/identity/azure-identity/tests/test_certificate_credential.py index 9215882abb3a..0256f7b1f1db 100644 --- a/sdk/identity/azure-identity/tests/test_certificate_credential.py +++ b/sdk/identity/azure-identity/tests/test_certificate_credential.py @@ -160,7 +160,7 @@ def test_regional_authority(): assert mock_confidential_client.call_count == 1 _, kwargs = mock_confidential_client.call_args - assert kwargs["azure_region"] == region + assert kwargs["azure_region"] == str(region) def test_requires_certificate(): diff --git a/sdk/identity/azure-identity/tests/test_client_secret_credential.py b/sdk/identity/azure-identity/tests/test_client_secret_credential.py index aaf460056335..78917eed16c3 100644 --- a/sdk/identity/azure-identity/tests/test_client_secret_credential.py +++ b/sdk/identity/azure-identity/tests/test_client_secret_credential.py @@ -136,7 +136,7 @@ def test_regional_authority(): assert mock_confidential_client.call_count == 1 _, kwargs = mock_confidential_client.call_args - assert kwargs["azure_region"] == region + assert kwargs["azure_region"] == str(region) def test_token_cache(): diff --git a/sdk/identity/azure-identity/tests/vscode-live/vscode.md b/sdk/identity/azure-identity/tests/vscode-live/vscode.md index 8b17e9fce8cb..15e46eb9f4f4 100644 --- a/sdk/identity/azure-identity/tests/vscode-live/vscode.md +++ b/sdk/identity/azure-identity/tests/vscode-live/vscode.md @@ -2,7 +2,7 @@ ## Test matrix -- Python 2.7, 3.5.3, 3.8 +- Python 3.7, 3.9 - Windows, Ubuntu 18.04, Redhat Enterprise Linux 8.1, Debian 10, Mac OS ## Test steps @@ -22,4 +22,4 @@ pip install azure-identity -i https://pkgs.dev.azure.com/azure-sdk/public/_packa - Run run-test.py -Expect: an access token is printed out. \ No newline at end of file +Expect: an access token is printed out. From adb9e6540d362f35e5b8d5e8402babfddd15f822 Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Wed, 12 Jan 2022 16:27:53 -0800 Subject: [PATCH 2/4] update --- .../azure-identity/tests/test_certificate_credential.py | 2 +- .../azure-identity/tests/test_client_secret_credential.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk/identity/azure-identity/tests/test_certificate_credential.py b/sdk/identity/azure-identity/tests/test_certificate_credential.py index 0256f7b1f1db..9215882abb3a 100644 --- a/sdk/identity/azure-identity/tests/test_certificate_credential.py +++ b/sdk/identity/azure-identity/tests/test_certificate_credential.py @@ -160,7 +160,7 @@ def test_regional_authority(): assert mock_confidential_client.call_count == 1 _, kwargs = mock_confidential_client.call_args - assert kwargs["azure_region"] == str(region) + assert kwargs["azure_region"] == region def test_requires_certificate(): diff --git a/sdk/identity/azure-identity/tests/test_client_secret_credential.py b/sdk/identity/azure-identity/tests/test_client_secret_credential.py index 78917eed16c3..aaf460056335 100644 --- a/sdk/identity/azure-identity/tests/test_client_secret_credential.py +++ b/sdk/identity/azure-identity/tests/test_client_secret_credential.py @@ -136,7 +136,7 @@ def test_regional_authority(): assert mock_confidential_client.call_count == 1 _, kwargs = mock_confidential_client.call_args - assert kwargs["azure_region"] == str(region) + assert kwargs["azure_region"] == region def test_token_cache(): From 91f796a3e87fff4700e38e4fc8051ec0bd587c31 Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Thu, 13 Jan 2022 10:02:59 -0800 Subject: [PATCH 3/4] Update sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: McCoy Patiño <39780829+mccoyp@users.noreply.github.com> --- .../azure-identity/tests/managed-identity-live/azure_arc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md b/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md index 2870c220151c..3afd6e38b459 100644 --- a/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md +++ b/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md @@ -54,7 +54,7 @@ Install `requirements.txt`: ``` pip install -r requirements.txt ``` -Run the managed identity tests, using the below command with Python Python 3.6+: +Run the managed identity tests, using the below command with Python 3.6+: ``` pytest -k managed_identity_live ``` From 55ae7c81b2d1024f5560e3c6f5a55436fd9bc31e Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Thu, 13 Jan 2022 10:03:13 -0800 Subject: [PATCH 4/4] Update sdk/identity/azure-identity/tests/managed-identity-live/service-fabric/service_fabric.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: McCoy Patiño <39780829+mccoyp@users.noreply.github.com> --- .../managed-identity-live/service-fabric/service_fabric.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/identity/azure-identity/tests/managed-identity-live/service-fabric/service_fabric.md b/sdk/identity/azure-identity/tests/managed-identity-live/service-fabric/service_fabric.md index 84498adc6eb2..eec6bcfd0155 100644 --- a/sdk/identity/azure-identity/tests/managed-identity-live/service-fabric/service_fabric.md +++ b/sdk/identity/azure-identity/tests/managed-identity-live/service-fabric/service_fabric.md @@ -192,7 +192,7 @@ Verify in a browser: 2. In the Explorer, you should see the applications running under the Applications tab. Otherwise, you may need to double check your deployment process. 3. Under the Nodes tab, expand each node tab to see if it hosts an application ("fabric:/sfmitestsystem" or "fabric:/sfmitestuser"). 4. When you find an application entry, click the "+" sign by the name to expand it. There should be a "code" entry -- click on that to bring up a page that has a "Container Logs" tab. -5. Go to the "Container Logs" tab to see the test output. The tests will re-run every so often, so you may have to watch the page for a short while to see the output. Verify that `test_managed_identity_live` shows `PASSED`. +5. Go to the "Container Logs" tab to see the test output. The tests will re-run every so often, so you may have to watch the page for a short while to see the output. Verify that `test_managed_identity_live` and `test_managed_identity_live_async` show `PASSED`. This shows that the `ManagedIdentityCredential` works for Python 2.7. To test on Python 3.9, you'll need to re-build the Docker images and re-deploy the applications so they can target the new images.