Azure · xiangyan99 · Jan 13, 2022 · Jan 12, 2022 · Jan 13, 2022 · Jan 13, 2022
@@ -100,7 +100,7 @@ then you can retrieve the client/app id by following the instructions [here](htt
 
 #### Client Secret Argument
 
-The client secret is the secret string that the application uses to prove its identity when requesting a token; this can also can be referred to as an application password.
+The client secret is the secret string that the application uses to prove its identity when requesting a token; this can also be referred to as an application password.
 If you have already created a service principal you can follow the instructions [here](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret) to create a client secret for your application.
 
 ### Client Certificate Credential Issues
@@ -138,7 +138,7 @@ Azure Service | Managed Identity Configuration
 
 #### Failed To Read VS Code Credentials / Authenticate via Azure Tools plugin in VS Code
 
-THe `VS Code Credential` failed to read the credential details from the cache.
+The `VS Code Credential` failed to read the credential details from the cache.
 
 The Visual Studio Code authentication is handled by an integration with the Azure Account extension.
 To use this form of authentication, ensure that you have installed the Azure Account extension,

@@ -9,10 +9,6 @@
 import six
 from azure.identity._constants import DEVELOPER_SIGN_ON_CLIENT_ID, EnvironmentVariables
 
-if sys.version_info < (3, 5, 3):
-    collect_ignore_glob = ["*_async.py"]
-
-
 RECORD_IMDS = "--record-imds"
 
 

@@ -1,6 +1,5 @@
 ../../core/azure-core
-aiohttp>=3.0; python_version >= '3.5'
-mock;python_version<"3.3"
+aiohttp>=3.0
 typing_extensions>=3.7.2
 -e ../../../tools/azure-sdk-tools
 -e ../../../tools/azure-devtools
@@ -2,7 +2,7 @@
 # Copyright (c) Microsoft Corporation.
 # Licensed under the MIT License.
 # ------------------------------------
-ARG PYTHON_VERSION=2.7
+ARG PYTHON_VERSION=3.9
 
 # docker can't tell when the repo has changed and will therefore cache this layer
 FROM alpine/git as repo

@@ -130,7 +130,7 @@ Use the Azure Portal to attached the managed identity created above to the Web A
 The test are deployed as a container. The following command lines assume this working directory:
 > `azure-sdk-for-python/sdk/identity/azure-identity/tests`
 
-Two images are needed because the test must run on Python 2 and 3.
+We only need to test on Python 3.x
 
 ### Authenticate to ACR
 
@@ -142,7 +142,7 @@ az acr login -n $ACR_NAME
 
 ```sh
 export IMAGE_NAME=$(az acr show -n $ACR_NAME --query loginServer -o tsv)/webapp-managed-id-test  \
-        PYTHON_VERSION=2.7 
+        PYTHON_VERSION=3.x 
 ```
 
 ### Build the image
@@ -157,14 +157,8 @@ docker build --no-cache --build-arg PYTHON_TAG=$PYTHON_VERSION -t $IMAGE_NAME:$P
 docker push $IMAGE_NAME:$PYTHON_VERSION
 ```
 
-Then set `PYTHON_VERSION` to the latest 3.x and run the above `docker build`
-and `docker push` commands again. (It's safe--and faster--to omit
-`--no-cache` from `docker build` the second time.)
-
 ## Run tests
 
-Run these commands twice, once with `PYTHON_VERSION=2.7` and again with the latest 3.x.
-
 ### Deploy test code
 
 Configure the Web Apps to use the image. For example, for the app using system-assigned identity:

@@ -5,7 +5,7 @@
 1. A non-Azure Windows or Linux VM.
 2. Administrator privileges on the VM.
 3. An Azure Key Vault.
-4. Python 2.7 and 3.5+
+4. Python 3.6+
 
 ### Install Azure Arc on the VM
 
@@ -14,7 +14,7 @@
 1. Create an Azure Arc server resource on the [Azure Portal](https://portal.azure.com) (at the time of writing, the
 resource is named "Servers - Azure Arc").
 2. Choose to add an existing server using an interactive script.
-3. When creating the resource, fill in your desired subscription, resource group, and region for the VM. Choose the 
+3. When creating the resource, fill in your desired subscription, resource group, and region for the VM. Choose the
 operating system of your existing VM.
 4. No other configuration is necessary. You can go to the "Download and run script" tab and download the script shown.
 5. Once the script has been downloaded, run the script on your machine with administrator privileges.
@@ -31,11 +31,11 @@ sudo setfacl -m "g::r-x" /var/opt/azcmagent/tokens/
 
 ## Give the Azure Arc VM access to the key vault
 
-For the tests to pass, the VM will need secret management permissions in your key vault. 
+For the tests to pass, the VM will need secret management permissions in your key vault.
 
 1. Go to your key vault resource in the [Azure Portal](https://portal.azure.com).
-2. Go to the vault's "Access policies" page, and click "Add Access Policy". 
-3. Using the secret management template, select your Arc VM resource as the principal. 
+2. Go to the vault's "Access policies" page, and click "Add Access Policy".
+3. Using the secret management template, select your Arc VM resource as the principal.
 4. Click "Add".
 5. Don't forget to click "Save" at the top of the access policies page after the policy is added.
 
@@ -54,7 +54,7 @@ Install `requirements.txt`:
 ```
 pip install -r requirements.txt
 ```
-Run the managed identity tests, using the below command once with Python 2.7 and once with Python 3.5+:
+Run the managed identity tests, using the below command with Python Python 3.6+:
 ```
 pytest -k managed_identity_live
 ```

@@ -43,20 +43,11 @@ git clone https://github.com/azure/azure-sdk-for-python --single-branch --branch
 cd azure-sdk-for-python/sdk/identity/azure-identity
 ```
 
-
 ## Create virtual environments
-The Azure SDK supports Python 2.7 and 3.5.3+. Python 2 and 3 should be installed
-in your Cloud Shell. However, the Python 3 version may be less than 3.5.3. Check
-this with `python3 -V`. If the version is less than 3.5.3, run tests with Python
-2 only.
-
-### Python 2.7
-```sh
-virtualenv -p python2 ~/venv2
-```
+The Azure SDK supports Python 3.6+. Python 3 should be installed in your Cloud Shell.
 
 ### Python 3
-If your shell has at least Python 3.5.3 available, create a virtual environment
+If your shell has at least Python 3.6 available, create a virtual environment
 for it:
 ```sh
 virtualenv -p python3 ~/venv3

@@ -8,9 +8,6 @@
 from azure.identity._constants import EnvironmentVariables
 import pytest
 
-if sys.version_info < (3, 5, 3):
-    collect_ignore_glob = ["*_async.py"]
-
 AZURE_IDENTITY_TEST_VAULT_URL = "AZURE_IDENTITY_TEST_VAULT_URL"
 AZURE_IDENTITY_TEST_MANAGED_IDENTITY_CLIENT_ID = "AZURE_IDENTITY_TEST_MANAGED_IDENTITY_CLIENT_ID"
 

@@ -2,5 +2,5 @@
 ../..
 ../../../../keyvault/azure-keyvault-secrets
 pytest
-pytest-asyncio;python_version>="3.5"
-aiohttp>=3.0; python_version >= '3.5'
+pytest-asyncio
+aiohttp>=3.0
@@ -68,6 +68,8 @@ From your command prompt window, run:
 az acr create -g $RESOURCE_GROUP -n $ACR_NAME --admin-enabled --sku basic
 ```
 
+_Warning: ACR accounts with uppercase letters in their name may have authentication issues._
+
 ### Deploy a managed identity-enabled cluster
 
 At the time of writing, Service Fabric clusters must be deployed using the Azure Resource Manager in order to enable managed identity. Provided is a cluster ARM template that can be used to create a managed identity-enabled cluster once some required fields are completed. The template uses the cluster certificate provided by your key vault, creates a system-assigned identity, and enables the managed identity token service so deployed applications can access their identities.
@@ -159,7 +161,7 @@ az deployment group create --resource-group $RESOURCE_GROUP --template-file arm-
 
 ### Give the applications access to your key vault
 
-If the applications were accessed now, they would report an error. This is because their managed identities don't have permission to access secrets in the key vault you created. 
+If the applications were accessed now, they would report an error. This is because their managed identities don't have permission to access secrets in the key vault you created.
 
 To grant them access:
 
@@ -192,14 +194,14 @@ Verify in a browser:
 4. When you find an application entry, click the "+" sign by the name to expand it. There should be a "code" entry -- click on that to bring up a page that has a "Container Logs" tab.
 5. Go to the "Container Logs" tab to see the test output. The tests will re-run every so often, so you may have to watch the page for a short while to see the output. Verify that `test_managed_identity_live` shows `PASSED`.
 
-This shows that the `ManagedIdentityCredential` works for Python 2.7. To test on Python 3.5, you'll need to re-build the Docker images and re-deploy the applications so they can target the new images.
+This shows that the `ManagedIdentityCredential` works for Python 2.7. To test on Python 3.9, you'll need to re-build the Docker images and re-deploy the applications so they can target the new images.
 
 1. Remove each application from the cluster. In the Service Fabric Explorer, expand the Applications tab and sfmitestsystemType tab. Click on "fabric:/sfmitestsystem", and in the application page, use the "Actions" tab at the top right to delete the application.
 2. Now, remove the other application. Click on "fabric:/sfmitestuser" and use the "Actions" tab to delete the application.
-3. Re-build the docker images, targeting Python 3.5 with `--build-arg`. In your command prompt, run:
+3. Re-build the docker images, targeting Python 3.9 with `--build-arg`. In your command prompt, run:
 ```
-docker build --no-cache --build-arg PYTHON_VERSION=3.5 -t $ACR_NAME.azurecr.io/sfmitestsystem ..
-docker build --no-cache --build-arg PYTHON_VERSION=3.5 -t $ACR_NAME.azurecr.io/sfmitestuser ..
+docker build --no-cache --build-arg PYTHON_VERSION=3.9 -t $ACR_NAME.azurecr.io/sfmitestsystem ..
+docker build --no-cache --build-arg PYTHON_VERSION=3.9 -t $ACR_NAME.azurecr.io/sfmitestuser ..
 ```
 4. Publish the new images to your ACR:
 ```

@@ -117,16 +117,6 @@ echo -e `az vm run-command invoke \
 Do this for each VM, that is to say, once passing `--ids $VM_ID_SYSTEM_ASSIGNED` and again
 passing `--ids $VM_ID_USER_ASSIGNED`:
 
-## Python 2
-```sh
-echo -e `az vm run-command invoke \
-    --ids $VM_ID_SYSTEM_ASSIGNED \
-    --command-id RunShellScript \
-    --scripts "cd /sdk/sdk/identity/azure-identity/tests/managed-identity-live && \
-               export AZURE_IDENTITY_TEST_VAULT_URL=https://$KEY_VAULT_NAME.vault.azure.net && \
-               python2 -m pytest -v --log-level=DEBUG"`
-```
-
 ## Python 3
 ```sh
 echo -e `az vm run-command invoke \

@@ -93,7 +93,7 @@ az role assignment create --role "Managed Identity Operator" \
 
 # build images
 The test application must be packaged as a Docker image before deployment.
-Test runs must include Python 2 and 3, so two images are required.
+Test runs must include Python 3.6+.
 
 ### authenticate to ACR
 ```sh
@@ -113,7 +113,7 @@ cd azure-sdk-for-python/sdk/identity/azure-identity/tests
 ### build images and push them to the container registry
 Set environment variables:
 ```sh
-export REPOSITORY=$ACR_NAME.azurecr.io IMAGE_NAME=test-pod-identity PYTHON_VERSION=2.7
+export REPOSITORY=$ACR_NAME.azurecr.io IMAGE_NAME=test-pod-identity PYTHON_VERSION=3.9
 ```
 
 Build an image:
@@ -126,11 +126,6 @@ Push it to ACR:
 docker push $REPOSITORY/$IMAGE_NAME:$PYTHON_VERSION
 ```
 
-Then set `PYTHON_VERSION` to the latest 3.x (3.8 at time of writing) and run the
-above `docker build` and `docker push` commands again. (It's safe--and faster--
-to omit `--no-cache` from `docker build` the second time.)
-
-
 # run the test
 
 ### install kubectl
@@ -149,7 +144,7 @@ helm init --wait
 ```
 
 ### run the test script
-Twice. Once with `PYTHON_VERSION=2.7`, once with `PYTHON_VERSION=3.x`
+With `PYTHON_VERSION=3.x`
 (replacing x with the latest Python 3 minor version):
 ```sh
 python ./pod-identity/run-test.py \

@@ -2,7 +2,7 @@
 
 ## Test matrix
 
-- Python 2.7, 3.5.3, 3.8
+- Python 3.7, 3.9
 - Windows, Ubuntu 18.04, Redhat Enterprise Linux 8.1, Debian 10, Mac OS
 
 ## Test steps
@@ -22,4 +22,4 @@ pip install azure-identity -i https://pkgs.dev.azure.com/azure-sdk/public/_packa
 
 - Run run-test.py
 
-Expect: an access token is printed out.
+Expect: an access token is printed out.