[Azure.Identity] Add e2e testing instructions for Arc MI #15095
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| # Testing azure-identity in Azure Arc | ||
|
|
||
| ## Prerequisite tools | ||
|
|
||
| 1. A non-Azure Windows or Linux VM. | ||
| 2. Administrator privileges on the VM. | ||
| 3. An Azure Key Vault. | ||
| 4. Python 2.7 and 3.5+ | ||
|
|
||
| ### Install Azure Arc on the VM | ||
|
|
||
| > **Note:** You must be in your VM to install Azure Arc. | ||
|
|
||
| 1. Create an Azure Arc server resource on the [Azure Portal](https://portal.azure.com). | ||
| 2. Choose to add an existing server using an interactive script. | ||
| 3. When creating the resource, fill in your desired subscription, resource group, and region for the VM. Choose the | ||
| operating system of your existing VM. | ||
| 4. No other configuration is necessary. You can go to the "Download and run script" tab and download the script shown. | ||
| 5. Once the script has been downloaded, run the script on your machine with administrator privileges. | ||
| 6. Installation should be complete. Restart your VM to complete your environment setup. | ||
| 7. After restarting, check your environment by searching for environment variables named `IDENTITY_ENDPOINT` and | ||
| `IMDS_ENDPOINT`. If they are not present, or don't resemble `http://localhost:40342/metadata/identity/oauth2/token` or | ||
| `http://localhost:40342` respectively, you may need to wait a short while or try restarting the VM again. | ||
| 8. If using a Linux VM, run the following commands (using your user name for `<user>`) to gain necessary privileges: | ||
| ``` | ||
| sudo usermod -a -G himds <user> | ||
| sudo setfacl -m "g:himds:r-x" /var/opt/azcmagent/tokens/ | ||
| sudo setfacl -m "g::r-x" /var/opt/azcmagent/tokens/ | ||
| ``` | ||
|
Comment on lines
+22
to
+26
There was a problem hiding this comment. I had to restart after applying these changes, did you also have to do that? If so, I'd mention that a restart might be necessary after this. There was a problem hiding this comment. That's a good point; I do remember having to restart. I'll add that 👍 |
||
|
|
||
| ## Run the azure-identity Tests on the Azure Arc VM | ||
|
|
||
| > **Note:** The following steps are specific to Python. | ||
|
|
||
| In a terminal window, run: | ||
| ``` | ||
| git clone https://github.com/Azure/azure-sdk-for-python --single-branch --branch master --depth 1 | ||
| cd azure-sdk-for-python/sdk/identity/azure-identity/tests/managed-identity-live | ||
| ``` | ||
| Set the environment variable `AZURE_IDENTITY_TEST_VAULT_URL` to the vault URI of your key vault. | ||
|
|
||
| Install `requirements.txt`: | ||
| ``` | ||
| pip install -r requirements.txt | ||
| ``` | ||
| Run the managed identity tests, using the below command once with Python 2.7 and once with Python 3.5+: | ||
| ``` | ||
| pytest -k managed_identity_live | ||
|
There was a problem hiding this comment. Don't you need to add a Key Vault access policy for the identity first? |
||
| ``` | ||
| Expected output for each: `passed` for all tests run. | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure if a user who isn't familiar with the Arc section of the portal will know where to find the add server section. Maybe add something saying that it comes after selecting "Add to your existing infrastructure"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I actually haven't seen a prompt like that from creating new "Servers - Azure Arc" resources. I only see a choice between "Add servers using interactive script" and "Add servers at scale" -- I'll be more specific about how to create the resource to reflect this