[Azure.Identity] Add e2e testing instructions for Arc MI #15095
Conversation
mccoyp
requested review from
sadasant,
g2vinay,
catalinaperalta,
chlowell and
schaabs
| pytest test_managed_identity_live.py | ||
| pytest test_managed_identity_live_async.py |
There was a problem hiding this comment.
You can run both with a single command:
| pytest test_managed_identity_live.py | |
| pytest test_managed_identity_live_async.py | |
| pytest -k test_managed_identity_live |
And this should be done twice, once each for Python 2.7 and 3.x.
| 1. A non-Azure Windows or Linux VM. | ||
| 2. Administrator privileges on the VM. | ||
| 3. An Azure Key Vault. | ||
| 4. Python 3.5+ |
|
Once this is approved and merged, can you please also copy and paste these instructions in this issue (Azure/azure-sdk#1908) for the vendor team? |
| > **Note:** You must be in your VM to install Azure Arc. | ||
|
|
||
| 1. Create an Azure Arc server resource on the [Azure Portal](https://portal.azure.com). | ||
| 2. Choose to add an existing server using an interactive script. |
There was a problem hiding this comment.
Not sure if a user who isn't familiar with the Arc section of the portal will know where to find the add server section. Maybe add something saying that it comes after selecting "Add to your existing infrastructure"?
There was a problem hiding this comment.
I actually haven't seen a prompt like that from creating new "Servers - Azure Arc" resources. I only see a choice between "Add servers using interactive script" and "Add servers at scale" -- I'll be more specific about how to create the resource to reflect this
| ``` | ||
| sudo usermod -a -G himds <user> | ||
| sudo setfacl -m "g:himds:r-x" /var/opt/azcmagent/tokens/ | ||
| sudo setfacl -m "g::r-x" /var/opt/azcmagent/tokens/ | ||
| ``` |
There was a problem hiding this comment.
I had to restart after applying these changes, did you also have to do that? If so, I'd mention that a restart might be necessary after this.
There was a problem hiding this comment.
That's a good point; I do remember having to restart. I'll add that 👍
| ``` | ||
| Run the managed identity tests, using the below command once with Python 2.7 and once with Python 3.5+: | ||
| ``` | ||
| pytest -k managed_identity_live |
There was a problem hiding this comment.
Don't you need to add a Key Vault access policy for the identity first?
| ``` | ||
| 7. Arc setup should now be complete. Restart your VM to finalize your environment setup. | ||
| 8. After restarting, check your environment by searching for environment variables named `IDENTITY_ENDPOINT` and | ||
| `IMDS_ENDPOINT`. If they are not present, or don't resemble `http://localhost:40342/metadata/identity/oauth2/token` and |
There was a problem hiding this comment.
Just curious--this suggests Arc may set unusable values for the variables. Have we seen that happen?
There was a problem hiding this comment.
We haven't to my knowledge but I just wanted to make sure our bases are covered. I would imagine they would either show up correctly or not at all, assuming an Arc environment can't also be configured as another environment where IDENTITY_ENDPOINT would get set
Closes #14371.