def get_dataset_storage_account_key(self) -> Optional[str]:
"""
Gets the storage account key for the storage account that holds the dataset.
"""
secrets_handler = SecretsHandling(project_root=self.project_root)
return secrets_handler.get_secret_from_environment(
fixed_paths.DATASETS_ACCOUNT_KEY, allow_missing=True)
def get_azure_auth(
azure_config: AzureConfig
) -> Union[DefaultAzureCredential, ClientSecretCredential]:
"""
Returns the authentication object for the azure.identity library,
based on either the chosen Service Principal (if set, and if the password was found), or the
interactive browser authentication if not all Service Principal information is available.
:param azure_config: The object containing all Azure-related information.
:return: An azure.identity authentication object.
"""
secrets_handler = SecretsHandling(project_root=azure_config.project_root)
application_key = secrets_handler.get_secret_from_environment(
fixed_paths.SERVICE_PRINCIPAL_KEY, allow_missing=True)
if not azure_config.tenant_id:
raise ValueError(
"No tenant_id field was found. Please complete the Azure setup.")
if application_key and azure_config.application_id:
return ClientSecretCredential(tenant_id=azure_config.tenant_id,
client_id=azure_config.application_id,
client_secret=application_key)
logging.warning(
"Unable to retrieve the key for the Service Principal authentication "
f"(expected in environment variable '{fixed_paths.SERVICE_PRINCIPAL_KEY}' or YAML). "
f"Switching to interactive login.")
return DefaultAzureCredential()
def test_get_secrets() -> None:
"""
Test that secrets can always be retrieved correctly from the environment.
When running on the local dev box, the secrets would be read from a secrets file in the repository root directory
and be written to the environment, retrieved later.
When running in Azure, the secrets would be set as environment variables directly
in the build definition.
"""
print("Environment variables:")
for env_variable, value in os.environ.items():
print("{}: {}".format(env_variable, value))
secrets_handler = SecretsHandling(
project_root=fixed_paths.repository_root_directory())
secrets = secrets_handler.get_secrets_from_environment_or_file(
SECRETS_IN_ENVIRONMENT)
for name in SECRETS_IN_ENVIRONMENT:
assert name in secrets, "No value found for {}".format(name)
assert secrets[name] is not None, "Value for {} is empty".format(name)
# Variable names should automatically be converted to uppercase when using get_secret:
assert secrets_handler.get_secret_from_environment(
name=name.lower()) is not None
no_such_variable = "no_such_variable"
with pytest.raises(ValueError):
secrets_handler.get_secret_from_environment(name=no_such_variable)
assert secrets_handler.get_secret_from_environment(
name=no_such_variable, allow_missing=True) is None
def get_service_principal_auth(self) -> Optional[Union[InteractiveLoginAuthentication,
ServicePrincipalAuthentication]]:
"""
Creates a service principal authentication object with the application ID stored in the present object.
The application key is read from the environment.
:return: A ServicePrincipalAuthentication object that has the application ID and key or None if the key
is not present
"""
secrets_handler = SecretsHandling(project_root=self.project_root)
application_key = secrets_handler.get_secret_from_environment(fixed_paths.SERVICE_PRINCIPAL_KEY, allow_missing=True)
if not application_key:
logging.warning("Unable to retrieve the key for the Service Principal authentication "
f"(expected in environment variable '{fixed_paths.SERVICE_PRINCIPAL_KEY}' or YAML). "
f"Switching to interactive login.")
return InteractiveLoginAuthentication()
return ServicePrincipalAuthentication(
tenant_id=self.tenant_id,
service_principal_id=self.application_id,
service_principal_password=application_key)