From acc5863c58dc42eb90f95cfcf749de9f074f2145 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?McCoy=20Pati=C3=B1o?= <mcpatino@microsoft.com>
Date: Fri, 6 Nov 2020 18:14:33 -0800
Subject: [PATCH 1/4] Add e2e testing instructions for Arc

---
 .../tests/managed-identity-live/azure_arc.md  | 51 +++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md

diff --git a/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md b/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md
new file mode 100644
index 000000000000..5277def1cdfd
--- /dev/null
+++ b/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md
@@ -0,0 +1,51 @@
+# Testing azure-identity in Azure Arc
+
+## Prerequisite tools
+
+1. A non-Azure Windows or Linux VM.
+2. Administrator privileges on the VM.
+3. An Azure Key Vault.
+4. Python 3.5+
+
+### Install Azure Arc on the VM
+
+> **Note:** You must be in your VM to install Azure Arc.
+
+1. Create an Azure Arc server resource on the [Azure Portal](https://portal.azure.com).
+2. Choose to add an existing server using an interactive script.
+3. When creating the resource, fill in your desired subscription, resource group, and region for the VM. Choose the 
+operating system of your existing VM.
+4. No other configuration is necessary. You can go to the "Download and run script" tab and download the script shown.
+5. Once the script has been downloaded, run the script on your machine with administrator privileges.
+6. Installation should be complete. Restart your VM to complete your environment setup.
+7. After restarting, check your environment by searching for environment variables named `IDENTITY_ENDPOINT` and 
+`IMDS_ENDPOINT`. If they are not present, or don't resemble `http://localhost:40342/metadata/identity/oauth2/token` or 
+`http://localhost:40342` respectively, you may need to wait a short while or try restarting the VM again.
+8. If using a Linux VM, run the following commands (using your user name for `<user>`) to gain necessary privileges:
+```
+sudo usermod -a -G himds <user>
+sudo setfacl -m "g:himds:r-x" /var/opt/azcmagent/tokens/
+sudo setfacl -m "g::r-x" /var/opt/azcmagent/tokens/
+```
+
+## Run the azure-identity Tests on the Azure Arc VM
+
+> **Note:** The following steps are specific to Python.
+
+In a terminal window, run:
+```
+git clone https://github.com/Azure/azure-sdk-for-python --single-branch --branch master --depth 1
+cd azure-sdk-for-python/sdk/identity/azure-identity/tests/managed-identity-live
+```
+Set the environment variable `AZURE_IDENTITY_TEST_VAULT_URL` to the vault URI of your key vault.
+
+Install `requirements.txt`:
+```
+pip install -r requirements.txt
+```
+Run the managed identity tests:
+```
+pytest test_managed_identity_live.py
+pytest test_managed_identity_live_async.py
+```
+Expected output for each: `1 passed in <x>s`.
\ No newline at end of file

From 48f949d83be80db2b3925c88a7a3e002423fbb7b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?McCoy=20Pati=C3=B1o?=
 <39780829+mccoyp@users.noreply.github.com>
Date: Mon, 9 Nov 2020 12:37:58 -0800
Subject: [PATCH 2/4] Update with steps for Python 2.7

---
 .../tests/managed-identity-live/azure_arc.md             | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md b/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md
index 5277def1cdfd..c9c424fb475c 100644
--- a/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md
+++ b/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md
@@ -5,7 +5,7 @@
 1. A non-Azure Windows or Linux VM.
 2. Administrator privileges on the VM.
 3. An Azure Key Vault.
-4. Python 3.5+
+4. Python 2.7 and 3.5+
 
 ### Install Azure Arc on the VM
 
@@ -43,9 +43,8 @@ Install `requirements.txt`:
 ```
 pip install -r requirements.txt
 ```
-Run the managed identity tests:
+Run the managed identity tests, using the below command once with Python 2.7 and once with Python 3.5+:
 ```
-pytest test_managed_identity_live.py
-pytest test_managed_identity_live_async.py
+pytest -k managed_identity_live
 ```
-Expected output for each: `1 passed in <x>s`.
\ No newline at end of file
+Expected output for each: `passed` for all tests run.

From d3f513d998654124d70a910226d2a469f1de0b2c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?McCoy=20Pati=C3=B1o?=
 <39780829+mccoyp@users.noreply.github.com>
Date: Mon, 9 Nov 2020 14:57:20 -0800
Subject: [PATCH 3/4] Server and privilege setup clarification

---
 .../tests/managed-identity-live/azure_arc.md        | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md b/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md
index c9c424fb475c..50497d21ca6a 100644
--- a/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md
+++ b/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md
@@ -11,22 +11,23 @@
 
 > **Note:** You must be in your VM to install Azure Arc.
 
-1. Create an Azure Arc server resource on the [Azure Portal](https://portal.azure.com).
+1. Create an Azure Arc server resource on the [Azure Portal](https://portal.azure.com) (at the time of writing, the
+resource is named "Servers - Azure Arc").
 2. Choose to add an existing server using an interactive script.
 3. When creating the resource, fill in your desired subscription, resource group, and region for the VM. Choose the 
 operating system of your existing VM.
 4. No other configuration is necessary. You can go to the "Download and run script" tab and download the script shown.
 5. Once the script has been downloaded, run the script on your machine with administrator privileges.
-6. Installation should be complete. Restart your VM to complete your environment setup.
-7. After restarting, check your environment by searching for environment variables named `IDENTITY_ENDPOINT` and 
-`IMDS_ENDPOINT`. If they are not present, or don't resemble `http://localhost:40342/metadata/identity/oauth2/token` or 
-`http://localhost:40342` respectively, you may need to wait a short while or try restarting the VM again.
-8. If using a Linux VM, run the following commands (using your user name for `<user>`) to gain necessary privileges:
+6. If using a Linux VM, run the following commands (using your user name for `<user>`) to gain necessary privileges:
 ```
 sudo usermod -a -G himds <user>
 sudo setfacl -m "g:himds:r-x" /var/opt/azcmagent/tokens/
 sudo setfacl -m "g::r-x" /var/opt/azcmagent/tokens/
 ```
+7. Arc setup should now be complete. Restart your VM to finalize your environment setup.
+8. After restarting, check your environment by searching for environment variables named `IDENTITY_ENDPOINT` and 
+`IMDS_ENDPOINT`. If they are not present, or don't resemble `http://localhost:40342/metadata/identity/oauth2/token` and 
+`http://localhost:40342` respectively, you may need to wait a short while or try restarting the VM again.
 
 ## Run the azure-identity Tests on the Azure Arc VM
 

From 325dc37845cc68a6cee81ec4bc9228122850e53d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?McCoy=20Pati=C3=B1o?=
 <39780829+mccoyp@users.noreply.github.com>
Date: Mon, 9 Nov 2020 15:30:27 -0800
Subject: [PATCH 4/4] Add secret management permission instructions

---
 .../tests/managed-identity-live/azure_arc.md           | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md b/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md
index 50497d21ca6a..261301e35947 100644
--- a/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md
+++ b/sdk/identity/azure-identity/tests/managed-identity-live/azure_arc.md
@@ -29,6 +29,16 @@ sudo setfacl -m "g::r-x" /var/opt/azcmagent/tokens/
 `IMDS_ENDPOINT`. If they are not present, or don't resemble `http://localhost:40342/metadata/identity/oauth2/token` and 
 `http://localhost:40342` respectively, you may need to wait a short while or try restarting the VM again.
 
+## Give the Azure Arc VM access to the key vault
+
+For the tests to pass, the VM will need secret management permissions in your key vault. 
+
+1. Go to your key vault resource in the [Azure Portal](https://portal.azure.com).
+2. Go to the vault's "Access policies" page, and click "Add Access Policy". 
+3. Using the secret management template, select your Arc VM resource as the principal. 
+4. Click "Add".
+5. Don't forget to click "Save" at the top of the access policies page after the policy is added.
+
 ## Run the azure-identity Tests on the Azure Arc VM
 
 > **Note:** The following steps are specific to Python.