From 68d84b4506af4fb360599729caa4901602d954ac Mon Sep 17 00:00:00 2001 From: Simon Kurtz <84809797+simonkurtz-MSFT@users.noreply.github.com> Date: Fri, 5 Dec 2025 17:03:48 -0500 Subject: [PATCH] Add App Gateway Private Endpoint to APIM infrastructure (#99) --- .github/copilot-instructions.md | 29 +- .gitignore | 5 + .vscode/settings.json | 123 +-- README.md | 63 +- TROUBLESHOOTING.md | 23 + ...nagement & Container Apps Architecture.svg | 1 + .../src/appgw-pe-apim-aca-architecture.puml | 24 + assets/diagrams/src/base.puml | 3 +- .../afd-apim-pe/create_infrastructure.py | 20 +- .../apim-aca/create_infrastructure.py | 18 +- ...nagement & Container Apps Architecture.svg | 1 + infrastructure/appgw-apim-pe/README.md | 35 + infrastructure/appgw-apim-pe/clean-up.ipynb | 49 ++ infrastructure/appgw-apim-pe/create.ipynb | 77 ++ .../appgw-apim-pe/create_infrastructure.py | 85 ++ infrastructure/appgw-apim-pe/main.bicep | 659 ++++++++++++++++ .../simple-apim/create_infrastructure.py | 12 +- requirements.txt | 10 +- samples/authX-pro/create.ipynb | 33 +- samples/authX/create.ipynb | 40 +- samples/azure-maps/create.ipynb | 57 +- samples/general/create.ipynb | 33 +- samples/load-balancing/create.ipynb | 27 +- samples/oauth-3rd-party/create.ipynb | 30 +- samples/secure-blob-access/create.ipynb | 34 +- setup/setup_python_path.py | 156 ++-- setup/verify_local_setup.py | 58 +- shared/azure-roles.json | 9 +- shared/jupyter/verify-az-account.ipynb | 21 +- shared/python/apimrequests.py | 144 ++-- shared/python/apimtesting.py | 28 +- shared/python/apimtypes.py | 46 +- shared/python/authfactory.py | 13 +- shared/python/charts.py | 2 +- shared/python/infrastructures.py | 656 +++++++++++++--- shared/python/users.py | 2 +- shared/python/utils.py | 643 +++++++++------ tests/python/.pylintrc | 24 + tests/python/run_pylint.ps1 | 97 +++ tests/python/run_pylint.sh | 73 ++ tests/python/test_apimrequests.py | 130 ++-- tests/python/test_apimtesting.py | 112 ++- tests/python/test_apimtypes.py | 121 ++- tests/python/test_authfactory.py | 38 +- tests/python/test_charts.py | 87 +-- tests/python/test_infrastructures.py | 249 +++--- tests/python/test_users.py | 45 +- tests/python/test_utils.py | 736 +++++++++--------- 48 files changed, 3381 insertions(+), 1600 deletions(-) create mode 100644 assets/diagrams/out/appgw-pe-apim-aca-architecture/Azure Application Gateway, API Management & Container Apps Architecture.svg create mode 100644 assets/diagrams/src/appgw-pe-apim-aca-architecture.puml create mode 100644 infrastructure/appgw-apim-pe/Azure Application Gateway, API Management & Container Apps Architecture.svg create mode 100644 infrastructure/appgw-apim-pe/README.md create mode 100644 infrastructure/appgw-apim-pe/clean-up.ipynb create mode 100644 infrastructure/appgw-apim-pe/create.ipynb create mode 100644 infrastructure/appgw-apim-pe/create_infrastructure.py create mode 100644 infrastructure/appgw-apim-pe/main.bicep create mode 100644 tests/python/run_pylint.ps1 create mode 100644 tests/python/run_pylint.sh diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md index 8a84631..f040646 100644 --- a/.github/copilot-instructions.md +++ b/.github/copilot-instructions.md @@ -6,7 +6,7 @@ applyTo: "**" ## Purpose -This instructions file is designed to guide GitHub Copilot's behavior specifically for this repository. It is intended to provide clear, general, and maintainable guidelines for code generation, style, and collaboration. +This instructions file is designed to guide GitHub Copilot's behavior specifically for this repository. It is intended to provide clear, general, and maintainable guidelines for code generation, style, and collaboration. **In case of any conflict, instructions from other individualized or project-specific files (such as `my-copilot.instructions.md`) take precedence over this file.** @@ -24,7 +24,7 @@ In case of any conflicting instructions, the following hierarchy shall apply. If 1. Individualized instructions (e.g. a developer's or an organization's instruction file(s)), if present 2. This repository's `.github/.copilot-instructions.md` 3. General best practices and guidelines from sources such as [Microsoft Learn](https://learn.microsoft.com/docs/) - This includes the [Microsoft Cloud Adoption Framework](https://learn.microsoft.com/azure/cloud-adoption-framework/). + This includes the [Microsoft Cloud Adoption Framework](https://learn.microsoft.com/azure/cloud-adoption-framework/). 4. Official [GitHub Copilot best practices documentation](https://docs.github.com/enterprise-cloud@latest/copilot/using-github-copilot/coding-agent/best-practices-for-using-copilot-to-work-on-tasks) ## Copilot Personality Behavior @@ -58,11 +58,11 @@ In case of any conflicting instructions, the following hierarchy shall apply. If - `/`: Root directory containing the main files and folders. Bicep configuration is stored in `bicepconfig.json`. - The following folders are all at the root level: - `assets/`: PlantUML diagrams and images. Static assets such as these should be placed here. Any diagrams should be placed in the /diagrams/src subfolder. - - `infrastructure/`: Contains Jupyter notebooks for setting up various API Management infrastructures. When modifying samples, these notebooks should not need to be modified. + - `infrastructure/`: Contains Jupyter notebooks for setting up various API Management infrastructures. When modifying samples, these notebooks should not need to be modified. - `samples/`: Various policy and scenario samples that can be applied to the infrastructures. - `setup/`: General setup scripts and configurations for the repository and dev environment setup. - `shared/`: Shared resources, such as Bicep modules, Python libraries, and other reusable components. - - `tests/`: Contains unit tests for Python code and Bicep modules. This folder should contain all tests for all code in the repository. + - `tests/`: Contains unit tests for Python code and Bicep modules. This folder should contain all tests for all code in the repository. ## Formatting and Style @@ -109,14 +109,14 @@ param resourceSuffix string = uniqueString(subscription().id, resourceGroup().id - Overall layout of a Bicep file should be: - Visible sections of code with the following format should be used: - + ```bicep // ------------------------------ //
// ------------------------------ ``` - -
should be indented three spaces and be in all caps. + -
should be indented three spaces and be in all caps. - Section headers should have only two blank lines before and only one blank line after. - Top-to-bottom, the following comma-separated section headers should be inserted unless the section is empty: - Parameters @@ -128,11 +128,12 @@ param resourceSuffix string = uniqueString(subscription().id, resourceGroup().id ### Python Instructions - Prefer Python 3.12+ syntax and features unless otherwise specified. +- Respect the repository's `.pylintrc` file for linting rules. The file is found in the `tests/python/` folder. - When inserting a comment to describe a method, insert a blank line after the comment section. - Never leave a blank line at the very top of a Python file. The file must start immediately with the module docstring or code. Always remove any leading blank line at the top. - Do not have imports such as `from shared.python import Foo`. The /shared/python directory is covered by a root `.env` file. Just use `import Foo` or `from Foo import Bar` as appropriate. - After the module docstring, all import statements must come before any section headers (e.g., CONSTANTS, VARIABLES, etc.). Section headers should only appear after the imports. Here is a more explicit example: - + ```python """ Module docstring. @@ -140,7 +141,7 @@ param resourceSuffix string = uniqueString(subscription().id, resourceGroup().id import ... ... - + # ------------------------------ # CONSTANTS @@ -150,14 +151,14 @@ param resourceSuffix string = uniqueString(subscription().id, resourceGroup().id - Overall layout of a Python file should be: - Visible sections of code with the following format should be used: - + ```python # ------------------------------ #
# ------------------------------ ``` - -
should be indented three spaces and be in all caps. + -
should be indented three spaces and be in all caps. - Section headers should have only two blank lines before and only one blank line after. - Top-to-bottom, the following comma-separated section headers should be inserted unless the section is empty: - Constants @@ -173,7 +174,7 @@ param resourceSuffix string = uniqueString(subscription().id, resourceGroup().id - Private Methods - Public Methods -- Python Docstring/Class Formatting Rule: +- Python Docstring/Class Formatting Rule: - Always insert a single blank line after a class docstring and before any class attributes or methods. - Never place class attributes or decorators on the same line as the docstring. Example: @@ -186,7 +187,7 @@ param resourceSuffix string = uniqueString(subscription().id, resourceGroup().id attribute: str ... ``` - + ### Jupyter Notebook Instructions - Use these [configuration settings](https://github.com/microsoft/vscode-jupyter/blob/dd568fde/package.nls.json) as a reference for the VS Code Jupyter extension configuration. @@ -195,10 +196,10 @@ param resourceSuffix string = uniqueString(subscription().id, resourceGroup().id - Ensure you verify that all include links are correct and up to date. This link provides a starting point: https://github.com/plantuml-stdlib/Azure-PlantUML/blob/master/AzureSymbols.md - Keep diagrams simple. For Azure, include major components, not individual aspects of components. For example, there is no need for individual policies in WAFs or APIs in API Management, Smart Detector Alert Rules, etc. -- Less is more. Don't be too verbose in the diagrams. +- Less is more. Don't be too verbose in the diagrams. - Never include subscription IDs, resource group names, or any other sensitive information in the diagrams. That data is not relevant. - Don't use the "legend" command if the information is relatively obvious. ### API Management Policy XML Instructions -- Policies should use camelCase for all variable names. \ No newline at end of file +- Policies should use camelCase for all variable names. diff --git a/.gitignore b/.gitignore index 43a7de2..5c3aa20 100644 --- a/.gitignore +++ b/.gitignore @@ -28,6 +28,11 @@ labs-in-progress/ .coverage tests/python/htmlcov/ +# Pylint reports +tests/python/pylint/reports/ +tests/python/$JsonReport +tests/python/$TextReport + shared/bicep/modules/**/*.json main.json diff --git a/.vscode/settings.json b/.vscode/settings.json index 206883e..4b70171 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,107 +1,28 @@ { - "plantuml.diagramsRoot": "assets/diagrams/src", - "plantuml.exportFormat": "svg", - "plantuml.exportOutDir": "assets/diagrams/out", - "plantuml.java": "C:\\Program Files\\OpenJDK\\jdk-22.0.2\\bin\\java.exe", - "plantuml.render": "Local", - "python.analysis.autoIndent": true, - "python.analysis.completeFunctionParens": true, - "python.analysis.diagnosticSeverityOverrides": { - "reportDuplicateImport": "warning", - "reportUndefinedVariable": "information", - "reportUnusedVariable": "information" + "jupyter.defaultKernel": "apim-samples", + "jupyter.kernels.changeKernelIdForNotebookEnabled": false, + "jupyter.preferredKernelIdForNotebook": { + "*.ipynb": "apim-samples" }, - "python.analysis.extraPaths": [ - "${workspaceFolder}/shared/python" - ], - "python.defaultInterpreterPath": "/workspaces/Apim-Samples/.venv/bin/python", - "python.pythonPath": "/workspaces/Apim-Samples/.venv/bin/python", - "python.envFile": "${workspaceFolder}/.env", - "python.terminal.activateEnvironment": true, - "python.terminal.activateEnvInCurrentTerminal": true, - "jupyter.askForKernelRestart": false, - "jupyter.interactiveWindow.textEditor.executeSelection": true, - "jupyter.notebookFileRoot": "${workspaceFolder}", - "jupyter.kernels.excludePythonEnvironments": [ - "**/anaconda3/**", - "**/conda/**", - "**/miniconda3/**", - "**/python3.*", - "*/site-packages/*", - "/bin/python", - "/bin/python3", - "/opt/python/*/bin/python*", - "/usr/bin/python", - "/usr/bin/python3", - "/usr/local/bin/python", - "/usr/local/bin/python3", - "python", - "python3" - ], "jupyter.kernels.trusted": [ - "/workspaces/Apim-Samples/.venv/bin/python" + "./.venv/Scripts/python.exe" ], - "terminal.integrated.env.windows": { - "PATH": "${env:PATH}" - }, - "terminal.integrated.showExitAlert": false, - "terminal.integrated.focusAfterRun": "terminal", - "terminal.integrated.defaultProfile.linux": "bash", - "workbench.panel.defaultLocation": "bottom", - "workbench.startupEditor": "none", - "workbench.panel.defaultPanelHeight": 350, - "workbench.view.alwaysShowHeaderActions": true, - "terminal.integrated.tabs.enabled": true, - "terminal.integrated.tabs.location": "left", - "xml.validation.enabled": false, - "xml.validation.namespaces.enabled": "never", - "xml.validation.schema.enabled": "never", - "xml.validation.disallowDocTypeDecl": false, - "xml.validation.resolveExternalEntities": false, - "xml.format.enabled": false, - "xml.format.emptyElements": "ignore", - "xml.format.enforceQuoteStyle": "preferred", - "xml.format.preserveEmptyContent": true, - "xml.format.preserveSpace": [ - "xsl:text", - "xsl:comment", - "xsl:processing-instruction", - "literal", - "xsl:preserve-space", - "fragment", - "condition" + "jupyter.kernels.excludePythonEnvironments": [ + "apim-samples" ], - "xml.format.splitAttributes": "preserve", - "xml.format.joinCDATALines": false, - "xml.format.joinCommentLines": false, - "xml.format.joinContentLines": false, - "xml.format.spaceBeforeEmptyCloseTag": true, - "xml.format.xsiSchemaLocationSplit": "onPair", - "xml.completion.autoCloseTags": true, - "xml.codeLens.enabled": false, - "xml.preferences.includeSchemaAssociations": "never", - "xml.trace.server": "off", - "files.associations": { - "*.xml": "xml", - "**/apim-policies/*.xml": "xml", - "**/samples/**/*.xml": "xml", - "pf-*.xml": "xml", - "hr_*.xml": "xml" - }, - "html.validate": false, - "azureApiManagement.policies.validateSyntax": true, - "azureApiManagement.policies.showCodeLens": true, - "[xml]": { - "editor.quickSuggestions": { - "other": true, - "comments": false, - "strings": true - }, - "editor.autoClosingBrackets": "always", - "editor.autoClosingQuotes": "always", - "editor.suggest.insertMode": "replace", - "editor.formatOnSave": false, - "editor.formatOnPaste": false, - "editor.formatOnType": false - } + "files.trimTrailingWhitespace": true, + "files.insertFinalNewline": true, + "files.trimFinalNewlines": true, + "editor.renderWhitespace": "trailing", + "python.defaultInterpreterPath": "./.venv/Scripts/python.exe", + "python.pythonPath": "./.venv/Scripts/python.exe", + "python.envFile": "${workspaceFolder}/.env", + "notebook.defaultLanguage": "python", + "notebook.kernelPickerType": "mru", + "terminal.integrated.defaultProfile.windows": "PowerShell", + "plantuml.render": "Local", + "plantuml.exportFormat": "svg", + "plantuml.java": "C:\\Program Files\\OpenJDK\\jdk-22.0.2\\bin\\java.exe", + "plantuml.diagramsRoot": "assets/diagrams/src", + "plantuml.exportOutDir": "assets/diagrams/out" } diff --git a/README.md b/README.md index cc9d082..310b05b 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/11057/badge)](https://www.bestpractices.dev/projects/11057) [![Python Tests][badge-python-tests]][workflow-python-tests] -This repository provides a playground to safely experiment with and learn Azure API Management (APIM) policies in various architectures. +This repository provides a playground to safely experiment with and learn Azure API Management (APIM) policies in various architectures. _If you are interested in APIM & Azure OpenAI integrations, please check out the excellent [AI Gateway][ai-gateway] GitHub repository._ @@ -19,11 +19,13 @@ _Try it out, learn from it, apply it in your setups._ ## šŸ“ List of Infrastructures -| Infrastructure Name | Description | -|:----------------------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| [Simple API Management][infra-simple-apim] | Just the basics with a publicly accessible API Management instance fronting your APIs. This is the innermost way to experience and experiment with the APIM policies. | -| [API Management & Container Apps][infra-apim-aca] | APIs are often implemented in containers running in Azure Container Apps. This architecture accesses the container apps publicly. It's beneficial to test both APIM and container app URLs to contrast and compare experiences of API calls through and bypassing APIM. It is not intended to be a security baseline. | -| [Secure Front Door & API Management & Container Apps][infra-afd-apim-pe] | A higher-fidelity implementation of a secured setup in which Azure Front Door connects to APIM via the new private link integration. This traffic, once it traverses through Front Door, rides entirely on Microsoft-owned and operated networks. Similarly, the connection from APIM to Container Apps is secured but through a VNet configuration (it is also entirely possible to do this via private link). APIM Standard V2 is used here to accept a private link from Front Door. | +| Infrastructure Name | Description | +|:-------------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| [Simple API Management][infra-simple-apim] | Just the basics with a publicly accessible API Management instance fronting your APIs. This is the innermost way to experience and experiment with the APIM policies. | +| [API Management & Container Apps][infra-apim-aca] | APIs are often implemented in containers running in Azure Container Apps. This architecture accesses the container apps publicly. It's beneficial to test both APIM and container app URLs to contrast and compare experiences of API calls through and bypassing APIM. It is not intended to be a security baseline. | +| [Front Door & API Management & Container Apps][infra-afd-apim-pe] | A secure implementation of Azure Front Door connecting to APIM via the new private link integration. This traffic, once it traverses through Front Door, rides entirely on Microsoft-owned and operated networks. The connection from APIM to Container Apps is secured but through a VNet configuration (it is also entirely possible to do this via private link). APIM Standard V2 is used here to accept a private link from Front Door. | +| [Application Gateway (Private Endpoint) & API Management & Container Apps][infra-appgw-apim-pe] | A secure implementation of Azure Application Gateway connecting to APIM via the new private link integration. This traffic, once it traverses through App Gateway, uses a private endpoint set up in the VNet's private endpoint subnet. The connection from APIM to Container Apps is secured but through a VNet configuration (it is also entirely possible to do this via private link). APIM Standard V2 is used here to accept a private link from App Gateway. | +| Application Gateway (VNet) & API Management & Container Apps | *ETA TBD - Stay tuned!* | ## šŸ“ List of Samples @@ -49,8 +51,8 @@ The fastest way to get started is using our pre-configured development environme - **GitHub Codespaces**: Click the green "Code" button ā†’ "Codespaces" ā†’ "Create codespace on main" - **VS Code Dev Containers**: Install the [Dev Containers extension][vscode-devcontainers], then "Reopen in Container" - -All prerequisites are automatically installed and configured. +* +All prerequisites are automatically installed and configured. šŸ“– **For detailed setup information, troubleshooting, and optimization details, see [Dev Container Documentation](.devcontainer/README.md)** @@ -61,7 +63,7 @@ All prerequisites are automatically installed and configured. These prerequisites apply broadly across all infrastructure and samples. If there are specific deviations, expect them to be noted there. - [Python 3.12][python] installed - - Python 3.13 may not have all dependencies ready yet. There have been issues during installs. + - Python 3.13 and 3.14 should work as well, but have not been verified extensively - [VS Code][vscode] installed with the [Jupyter notebook extension][vscode-jupyter] enabled - [Azure CLI][azure-cli-install] installed - [An Azure Subscription][azure-free] with Owner or Contributor+UserAccessAdministrator permissions. Execute [Verify Azure Account][verify-az-account-notebook] to verify. @@ -109,7 +111,7 @@ If you're setting up locally without the dev container: That's it! Your local environment now matches the dev container experience with: - āœ… Standardized "APIM Samples Python 3.12" Jupyter kernel -- āœ… Automatic notebook kernel selection +- āœ… Automatic notebook kernel selection - āœ… Python path configured for shared modules - āœ… VS Code optimized for the project @@ -131,7 +133,7 @@ If you prefer manual setup or the automated script doesn't work: 1. Set up the project environment: ```bash python setup/setup_python_path.py --generate-env - python setup/setup_python_path.py --setup-kernel + python setup/setup_python_path.py --setup-kernel python setup/setup_python_path.py --setup-vscode ``` 1. **Restart VS Code** to ensure all environment settings are loaded properly. @@ -177,7 +179,7 @@ Now that infrastructure and sample have been stood up, you can experiment with t Encountering issues? Check our comprehensive **[Troubleshooting Guide](TROUBLESHOOTING.md)** which covers: - **Deployment Errors** - Including the common "content already consumed" error and parameter mismatches -- **Authentication Issues** - Azure CLI login problems and permission errors +- **Authentication Issues** - Azure CLI login problems and permission errors - **Notebook & Development Environment Issues** - Module import errors and Python path problems - **Azure CLI Issues** - Rate limiting and API version compatibility - **Resource Management Issues** - Resource group and APIM service problems @@ -192,10 +194,10 @@ For immediate help with common errors, diagnostic commands, and step-by-step sol - All _samples_ can be found in the `samples` folder. Samples showcase functionality and provide a baseline for your experimentation. - All _infrastructures_ can be found in the `infrastructure` folder. They provide the architectural underpinnings. -- All shared code, modules, functionality, policies, etc. can be found in the `shared` folder. +- All shared code, modules, functionality, policies, etc. can be found in the `shared` folder. - Bicep _modules_ are versioned in the `bicep/modules` folder. Major changes require versioning. - - Python _modules_ are found in the `python` folder. _They are not versioned yet but may be in the future._ - - Reusable _APIM policies_ are found in the `apim-policies` folder. + - Python _modules_ are found in the `python` folder. _They are not versioned yet but may be in the future._ + - Reusable _APIM policies_ are found in the `apim-policies` folder. - Reusable Jupyter notebooks are found in the `jupyter` folder. ### āš™ļø Sample Setup @@ -217,7 +219,35 @@ As you work with this repo, you will likely want to make your own customizations The repo uses the bicep linter and has rules defined in `bicepconfig.json`. See the [bicep linter documentation][bicep-linter-docs] for details. -**We welcome contributions!** Please consider forking the repo and creating issues and pull requests to share your samples. Please see [CONTRIBUTING.md](CONTRIBUTING.md) for details. Thank you! +**We welcome contributions!** Please consider forking the repo and creating issues and pull requests to share your samples. Please see [CONTRIBUTING.md](CONTRIBUTING.md) for details. Thank you! + +### šŸ” Code Quality & Linting + +The repository uses [pylint][pylint-docs] to maintain Python code quality standards. Configuration is located in `tests/python/.pylintrc`. + +#### Running Pylint + +**Using the convenience script (recommended):** +```powershell +# From tests/python directory +.\run_pylint.ps1 # Run with default settings +.\run_pylint.ps1 -ShowReport # Include full detailed report +.\run_pylint.ps1 -Target "../../samples" # Analyze a different directory +``` + +**Manual execution:** +```powershell +pylint --rcfile tests/python/.pylintrc shared/python +``` + +#### Pylint Reports + +All pylint runs generate timestamped reports in `tests/python/pylint/reports/`: +- **JSON format**: Machine-readable for CI/CD integration +- **Text format**: Human-readable detailed analysis +- **Latest symlinks**: `latest.json` and `latest.txt` always point to the most recent run + +The script automatically displays a **Top 10 Issues Summary** showing the most frequent code quality issues to help prioritize improvements. ### āž• Adding a Sample @@ -310,6 +340,7 @@ The original author of this project is [Simon Kurtz][simon-kurtz]. [badge-python-tests]: https://github.com/Azure-Samples/Apim-Samples/actions/workflows/python-tests.yml/badge.svg?branch=main [bicep-linter-docs]: https://learn.microsoft.com/azure/azure-resource-manager/bicep/bicep-config-linter [houssem-dellai]: https://github.com/HoussemDellai +[pylint-docs]: https://pylint.pycqa.org/ [import-troubleshooting]: .devcontainer/IMPORT-TROUBLESHOOTING.md [infra-afd-apim-pe]: ./infrastructure/afd-apim-pe [infra-apim-aca]: ./infrastructure/apim-aca diff --git a/TROUBLESHOOTING.md b/TROUBLESHOOTING.md index 71661ce..4811f5a 100644 --- a/TROUBLESHOOTING.md +++ b/TROUBLESHOOTING.md @@ -198,6 +198,29 @@ The api-version '...' is invalid 2. Check for newer API versions in the Bicep templates +### Invalid Win32 application + +This is a bit cryptic. It's helpful to execute the `az` command from the error separately in the terminal and supply the `--debug` flag. You might then see errors such as this one: + +**Error Message:** +``` +cli.azure.cli.core.azclierror: [WinError 193] %1 is not a valid Win32 application +az_command_data_logger: [WinError 193] %1 is not a valid Win32 application +``` + +Scroll up to see what is executed. + +**Solution:** + +#### Bicep + +In one case, `%USERPROFILE%\.azure\bin` contained a `bicep.exe` file but with a zero-length. The CLI would recognize that the file is there but fail on execution. + +1. Verify that bicep is indeed failing: `az bicep version` +2. Delete `%USERPROFILE%\.azure\bin\bicep.exe`. +3. (Re)install bicep: `az bicep install`. +4. Verify bicep: `az bicep version` + ## Resource Management Issues ### Resource Group Does Not Exist diff --git a/assets/diagrams/out/appgw-pe-apim-aca-architecture/Azure Application Gateway, API Management & Container Apps Architecture.svg b/assets/diagrams/out/appgw-pe-apim-aca-architecture/Azure Application Gateway, API Management & Container Apps Architecture.svg new file mode 100644 index 0000000..2a5ea1d --- /dev/null +++ b/assets/diagrams/out/appgw-pe-apim-aca-architecture/Azure Application Gateway, API Management & Container Apps Architecture.svg @@ -0,0 +1 @@ +Azure Application Gateway, API Management & Container Apps Architecture Application Gateway(WAF) API Management Container Apps Application Insights Log AnalyticsAppsAPI ConsumersRoutes traffic (via PrivateEndpoint)Backend Sendstelemetry Stores data \ No newline at end of file diff --git a/assets/diagrams/src/appgw-pe-apim-aca-architecture.puml b/assets/diagrams/src/appgw-pe-apim-aca-architecture.puml new file mode 100644 index 0000000..0426868 --- /dev/null +++ b/assets/diagrams/src/appgw-pe-apim-aca-architecture.puml @@ -0,0 +1,24 @@ +@startuml "Azure Application Gateway, API Management & Container Apps Architecture" + +!include ./base.puml + +title Azure Application Gateway, API Management & Container Apps Architecture + +' Main components +AzureApplicationGateway(appgw, "Application Gateway (WAF)", "") +AzureAPIManagement(apim, "API Management", "") +AzureContainerApp(aca, "Container Apps", "") +AzureApplicationInsights(appinsights, "Application Insights", "") +AzureLogAnalyticsWorkspace(loganalytics, "Log Analytics", "") + +' Custom components +collections "Apps" as apps #LightBlue + +' Relationships +apps --> appgw : "API Consumers" +appgw --> apim : "Routes traffic (via Private Endpoint)" +apim --> aca : "Backend" +apim -right-> appinsights : "\nSends\ntelemetry\n" +appinsights -down-> loganalytics : "Stores data" + +@enduml diff --git a/assets/diagrams/src/base.puml b/assets/diagrams/src/base.puml index 6ba5885..cb52f59 100644 --- a/assets/diagrams/src/base.puml +++ b/assets/diagrams/src/base.puml @@ -9,6 +9,7 @@ !includeurl AzurePuml/Analytics/AzureLogAnalyticsWorkspace.puml !includeurl AzurePuml/Containers/AzureContainerApp.puml !includeurl AzurePuml/Networking/AzureFrontDoor.puml +!includeurl AzurePuml/Networking/AzureApplicationGateway.puml skinparam titleFontSize 24 -left to right direction \ No newline at end of file +left to right direction diff --git a/infrastructure/afd-apim-pe/create_infrastructure.py b/infrastructure/afd-apim-pe/create_infrastructure.py index c325375..c145788 100644 --- a/infrastructure/afd-apim-pe/create_infrastructure.py +++ b/infrastructure/afd-apim-pe/create_infrastructure.py @@ -13,31 +13,30 @@ def create_infrastructure(location: str, index: int, apim_sku: APIM_SKU, no_aca: try: # Check if infrastructure already exists to determine messaging infrastructure_exists = utils.does_resource_group_exist(utils.get_infra_rg_name(utils.INFRASTRUCTURE.AFD_APIM_PE, index)) - + # Create custom APIs for AFD-APIM-PE with optional Container Apps backends custom_apis = _create_afd_specific_apis(not no_aca) - + infra = AfdApimAcaInfrastructure(location, index, apim_sku, infra_apis = custom_apis) result = infra.deploy_infrastructure(infrastructure_exists) - + sys.exit(0 if result.success else 1) - + except Exception as e: print(f'\nšŸ’„ Error: {str(e)}') sys.exit(1) - def _create_afd_specific_apis(use_aca: bool = True) -> list[API]: """ Create AFD-APIM-PE specific APIs with optional Container Apps backends. - + Args: use_aca (bool): Whether to include Azure Container Apps backends. Defaults to true. - + Returns: list[API]: List of AFD-specific APIs. """ - + # If Container Apps is enabled, create the ACA APIs in APIM if use_aca: pol_backend = utils.read_policy_xml(BACKEND_XML_POLICY_PATH) @@ -58,13 +57,14 @@ def _create_afd_specific_apis(use_aca: bool = True) -> list[API]: api_hwaca_pool = API('hello-world-aca-pool', 'Hello World (ACA Pool)', '/aca-pool', 'This is the ACA API for Backend Pool', pol_aca_backend_pool, [api_hwaca_pool_get]) return [api_hwaca_1, api_hwaca_2, api_hwaca_pool] - + return [] + def main(): """ Main entry point for command-line usage. """ - + parser = argparse.ArgumentParser(description = 'Create AFD-APIM-PE infrastructure') parser.add_argument('--location', default = 'eastus2', help = 'Azure region (default: eastus2)') parser.add_argument('--index', type = int, help = 'Infrastructure index') diff --git a/infrastructure/apim-aca/create_infrastructure.py b/infrastructure/apim-aca/create_infrastructure.py index c688f25..b4b0e48 100644 --- a/infrastructure/apim-aca/create_infrastructure.py +++ b/infrastructure/apim-aca/create_infrastructure.py @@ -13,15 +13,15 @@ def create_infrastructure(location: str, index: int, apim_sku: APIM_SKU) -> None try: # Check if infrastructure already exists to determine messaging infrastructure_exists = utils.does_resource_group_exist(utils.get_infra_rg_name(utils.INFRASTRUCTURE.APIM_ACA, index)) - + # Create custom APIs for APIM-ACA with Container Apps backends custom_apis = _create_aca_specific_apis() - + infra = ApimAcaInfrastructure(location, index, apim_sku, infra_apis = custom_apis) result = infra.deploy_infrastructure(infrastructure_exists) - + sys.exit(0 if result.success else 1) - + except Exception as e: print(f'\nšŸ’„ Error: {str(e)}') sys.exit(1) @@ -30,11 +30,11 @@ def create_infrastructure(location: str, index: int, apim_sku: APIM_SKU) -> None def _create_aca_specific_apis() -> list[API]: """ Create APIM-ACA specific APIs with Container Apps backends. - + Returns: list[API]: List of ACA-specific APIs. """ - + # Define the APIs with Container Apps backends pol_backend = utils.read_policy_xml(BACKEND_XML_POLICY_PATH) pol_aca_backend_1 = pol_backend.format(backend_id = 'aca-backend-1') @@ -52,18 +52,18 @@ def _create_aca_specific_apis() -> list[API]: # API 3: Hello World (ACA Backend Pool) api_hwaca_pool_get = GET_APIOperation('This is a GET for Hello World on ACA Backend Pool') api_hwaca_pool = API('hello-world-aca-pool', 'Hello World (ACA Pool)', '/aca-pool', 'This is the ACA API for Backend Pool', pol_aca_backend_pool, [api_hwaca_pool_get]) - + return [api_hwaca_1, api_hwaca_2, api_hwaca_pool] def main(): """ Main entry point for command-line usage. """ - + parser = argparse.ArgumentParser(description = 'Create APIM-ACA infrastructure') parser.add_argument('--location', default = 'eastus2', help = 'Azure region (default: eastus2)') parser.add_argument('--index', type = int, help = 'Infrastructure index') - parser.add_argument('--sku', choices = ['Basicv2', 'Standardv2', 'Premiumv2'], default = 'Basicv2', help = 'APIM SKU (default: Basicv2)') + parser.add_argument('--sku', choices = ['Basicv2', 'Standardv2', 'Premiumv2'], default = 'Basicv2', help = 'APIM SKU (default: Basicv2)') args = parser.parse_args() # Convert SKU string to enum using the enum's built-in functionality diff --git a/infrastructure/appgw-apim-pe/Azure Application Gateway, API Management & Container Apps Architecture.svg b/infrastructure/appgw-apim-pe/Azure Application Gateway, API Management & Container Apps Architecture.svg new file mode 100644 index 0000000..2a5ea1d --- /dev/null +++ b/infrastructure/appgw-apim-pe/Azure Application Gateway, API Management & Container Apps Architecture.svg @@ -0,0 +1 @@ +Azure Application Gateway, API Management & Container Apps Architecture Application Gateway(WAF) API Management Container Apps Application Insights Log AnalyticsAppsAPI ConsumersRoutes traffic (via PrivateEndpoint)Backend Sendstelemetry Stores data \ No newline at end of file diff --git a/infrastructure/appgw-apim-pe/README.md b/infrastructure/appgw-apim-pe/README.md new file mode 100644 index 0000000..dfeb9af --- /dev/null +++ b/infrastructure/appgw-apim-pe/README.md @@ -0,0 +1,35 @@ +# Application Gateway & API Management & Container Apps Infrastructure + +Secure architecture that takes all traffic off the public Internet once Azure Application (App) Gateway is traversed. Traffic behind the App Gateway is subsequently inaccessible to the public. This is due to App Gateways's use of a private link to Azure API Management. + +Diagram showing Azure Application Gateway, API Management, and Container Apps architecture. Azure Application Gateway routes traffic to API Management, which then routes to Container Apps. Telemetry is sent to Azure Monitor. + +## šŸŽÆ Objectives + +1. Provide a secure pathway to API Management via a private link from App Gateway +1. Maintain private networking by integrating API Management with a VNet to communicate with Azure Container Apps. (This can also be achieved via a private link there) +1. Empower users to use Azure Container Apps, if desired +1. Enable observability by sending telemetry to Azure Monitor + +## āš™ļø Configuration + +Adjust the `user-defined parameters` in this lab's Jupyter Notebook's [Initialize notebook variables][init-notebook-variables] section. + +## ā–¶ļø Execution + +šŸ‘Ÿ **Expected *Run All* runtime: ~13 minutes** + +1. Execute this lab's [Jupyter Notebook][infra-notebook] step-by-step or via _Run All_. + +## šŸ§Ŗ Testing + +Unlike Azure Front Door, App Gateway does not presently support managed certificates. This complicates the infrastructure as it either requires the user to bring their own certificate, or a self-signed certificate needs to be generated and made available to App Gateway. + +We opted for the latter as it is more conducive to generate a self-signed certificate and work with its appropriate and secure limitations. This does mean that, for the purpose of this being non-production, proof of concept infrastructure, we need to trust the self-signed cert appropriately. We do so by acknowledging and subsequently ignoring the self-signed certificate warnings and using IPs paired with `Host` header. + +**Production workloads must not use this approach and, instead, be secured appropriately.** + + + +[init-notebook-variables]: ./create.ipynb#initialize-notebook-variables +[infra-notebook]: ./create.ipynb diff --git a/infrastructure/appgw-apim-pe/clean-up.ipynb b/infrastructure/appgw-apim-pe/clean-up.ipynb new file mode 100644 index 0000000..010dfbb --- /dev/null +++ b/infrastructure/appgw-apim-pe/clean-up.ipynb @@ -0,0 +1,49 @@ +{ + "cells": [ + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "### šŸ—‘ļø Clean up resources\n", + "\n", + "When you're finished with the lab, you should remove all your deployed resources from Azure to avoid extra charges and keep your Azure subscription uncluttered." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "import utils\n", + "from apimtypes import INFRASTRUCTURE\n", + "\n", + "deployment = INFRASTRUCTURE.APPGW_APIM_PE\n", + "indexes = [1]\n", + "\n", + "utils.cleanup_infra_deployments(deployment, indexes)" + ] + } + ], + "metadata": { + "kernelspec": { + "display_name": ".venv (3.12.10)", + "language": "python", + "name": "python3" + }, + "language_info": { + "codemirror_mode": { + "name": "ipython", + "version": 3 + }, + "file_extension": ".py", + "mimetype": "text/x-python", + "name": "python", + "nbconvert_exporter": "python", + "pygments_lexer": "ipython3", + "version": "3.12.10" + } + }, + "nbformat": 4, + "nbformat_minor": 2 +} diff --git a/infrastructure/appgw-apim-pe/create.ipynb b/infrastructure/appgw-apim-pe/create.ipynb new file mode 100644 index 0000000..65eae81 --- /dev/null +++ b/infrastructure/appgw-apim-pe/create.ipynb @@ -0,0 +1,77 @@ +{ + "cells": [ + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "### šŸ› ļø Configure Infrastructure Parameters & Create the Infrastructure\n", + "\n", + "Set your desired parameters for the APPGW-APIM-PE infrastructure deployment.\n", + "\n", + "ā—ļø **Modify entries under _User-defined parameters_**.\n", + "\n", + "**Note:** This infrastructure includes Application Gateway with API Management using private endpoints. The creation process includes two phases: initial deployment with public access, private link approval, and then disabling public access." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "import utils\n", + "from apimtypes import *\n", + "\n", + "# ------------------------------\n", + "# USER CONFIGURATION\n", + "# ------------------------------\n", + "\n", + "rg_location = 'eastus2' # Azure region for deployment\n", + "index = 1 # Infrastructure index (use different numbers for multiple environments)\n", + "apim_sku = APIM_SKU.STANDARDV2 # Options: 'STANDARDV2', 'PREMIUMV2' (Basic not supported for private endpoints)\n", + "\n", + "\n", + "\n", + "# ------------------------------\n", + "# SYSTEM CONFIGURATION\n", + "# ------------------------------\n", + "\n", + "inb_helper = utils.InfrastructureNotebookHelper(rg_location, INFRASTRUCTURE.APPGW_APIM_PE, index, apim_sku)\n", + "inb_helper.create_infrastructure()\n", + "\n", + "utils.print_ok('All done!')" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "### šŸ—‘ļø Clean up resources\n", + "\n", + "When you're finished experimenting, it's advisable to remove all associated resources from Azure to avoid unnecessary cost.\n", + "Use the [clean-up notebook](clean-up.ipynb) for that." + ] + } + ], + "metadata": { + "kernelspec": { + "display_name": ".venv (3.12.10)", + "language": "python", + "name": "python3" + }, + "language_info": { + "codemirror_mode": { + "name": "ipython", + "version": 3 + }, + "file_extension": ".py", + "mimetype": "text/x-python", + "name": "python", + "nbconvert_exporter": "python", + "pygments_lexer": "ipython3", + "version": "3.12.10" + } + }, + "nbformat": 4, + "nbformat_minor": 2 +} diff --git a/infrastructure/appgw-apim-pe/create_infrastructure.py b/infrastructure/appgw-apim-pe/create_infrastructure.py new file mode 100644 index 0000000..c5f5ad9 --- /dev/null +++ b/infrastructure/appgw-apim-pe/create_infrastructure.py @@ -0,0 +1,85 @@ +""" +This module provides a reusable way to create Application Gateway with API Management (Private Endpoint) infrastructure that can be called from notebooks or other scripts. +""" + +import sys +import argparse +from apimtypes import APIM_SKU, API, GET_APIOperation, BACKEND_XML_POLICY_PATH +from infrastructures import AppGwApimPeInfrastructure +import utils + + +def create_infrastructure(location: str, index: int, apim_sku: APIM_SKU, no_aca: bool = False) -> None: + try: + # Check if infrastructure already exists to determine messaging + infrastructure_exists = utils.does_resource_group_exist(utils.get_infra_rg_name(utils.INFRASTRUCTURE.APPGW_APIM_PE, index)) + + # Create custom APIs for APPGW-APIM-PE with optional Container Apps backends + custom_apis = _create_appgw_specific_apis(not no_aca) + + infra = AppGwApimPeInfrastructure(location, index, apim_sku, infra_apis = custom_apis) + result = infra.deploy_infrastructure(infrastructure_exists) + + sys.exit(0 if result.success else 1) + + except Exception as e: + print(f'\nšŸ’„ Error: {str(e)}') + sys.exit(1) + +def _create_appgw_specific_apis(use_aca: bool = True) -> list[API]: + """ + Create APPGW-APIM-PE specific APIs with optional Container Apps backends. + + Args: + use_aca (bool): Whether to include Azure Container Apps backends. Defaults to true. + + Returns: + list[API]: List of AppGw-specific APIs. + """ + + # If Container Apps is enabled, create the ACA APIs in APIM + if use_aca: + pol_backend = utils.read_policy_xml(BACKEND_XML_POLICY_PATH) + pol_aca_backend_1 = pol_backend.format(backend_id = 'aca-backend-1') + pol_aca_backend_2 = pol_backend.format(backend_id = 'aca-backend-2') + pol_aca_backend_pool = pol_backend.format(backend_id = 'aca-backend-pool') + + # API 1: Hello World (ACA Backend 1) + api_hwaca_1_get = GET_APIOperation('This is a GET for Hello World on ACA Backend 1') + api_hwaca_1 = API('hello-world-aca-1', 'Hello World (ACA 1)', '/aca-1', 'This is the ACA API for Backend 1', pol_aca_backend_1, [api_hwaca_1_get]) + + # API 2: Hello World (ACA Backend 2) + api_hwaca_2_get = GET_APIOperation('This is a GET for Hello World on ACA Backend 2') + api_hwaca_2 = API('hello-world-aca-2', 'Hello World (ACA 2)', '/aca-2', 'This is the ACA API for Backend 2', pol_aca_backend_2, [api_hwaca_2_get]) + + # API 3: Hello World (ACA Backend Pool) + api_hwaca_pool_get = GET_APIOperation('This is a GET for Hello World on ACA Backend Pool') + api_hwaca_pool = API('hello-world-aca-pool', 'Hello World (ACA Pool)', '/aca-pool', 'This is the ACA API for Backend Pool', pol_aca_backend_pool, [api_hwaca_pool_get]) + + return [api_hwaca_1, api_hwaca_2, api_hwaca_pool] + + return [] + +def main(): + """ + Main entry point for command-line usage. + """ + + parser = argparse.ArgumentParser(description = 'Create APPGW-APIM-PE infrastructure') + parser.add_argument('--location', default = 'eastus2', help = 'Azure region (default: eastus2)') + parser.add_argument('--index', type = int, help = 'Infrastructure index') + parser.add_argument('--sku', choices = ['Standardv2', 'Premiumv2'], default = 'Standardv2', help = 'APIM SKU (default: Standardv2)') + parser.add_argument('--no-aca', action = 'store_true', help = 'Disable Azure Container Apps') + args = parser.parse_args() + + # Convert SKU string to enum using the enum's built-in functionality + try: + apim_sku = APIM_SKU(args.sku) + except ValueError: + print(f"Error: Invalid SKU '{args.sku}'. Valid options are: {', '.join([sku.value for sku in APIM_SKU])}") + sys.exit(1) + + create_infrastructure(args.location, args.index, apim_sku, args.no_aca) + +if __name__ == '__main__': + main() diff --git a/infrastructure/appgw-apim-pe/main.bicep b/infrastructure/appgw-apim-pe/main.bicep new file mode 100644 index 0000000..3aece3f --- /dev/null +++ b/infrastructure/appgw-apim-pe/main.bicep @@ -0,0 +1,659 @@ +// ------------------ +// PARAMETERS +// ------------------ + +@description('Location to be used for resources. Defaults to the resource group location') +param location string = resourceGroup().location + +@description('The unique suffix to append. Defaults to a unique string based on subscription and resource group IDs.') +param resourceSuffix string = uniqueString(subscription().id, resourceGroup().id) + +// Networking +@description('The name of the VNet.') +param vnetName string = 'vnet-${resourceSuffix}' +param apimSubnetName string = 'snet-apim' +param acaSubnetName string = 'snet-aca' +param appgwSubnetName string = 'snet-appgw' +param privateEndpointSubnetName string = 'snet-pe' + +@description('The address prefixes for the VNet.') +param vnetAddressPrefixes array = [ '10.0.0.0/16' ] + +@description('The address prefix for the APIM subnet.') +param apimSubnetPrefix string = '10.0.1.0/24' + +@description('The address prefix for the ACA subnet. Requires a /23 or larger subnet for Consumption workloads.') +param acaSubnetPrefix string = '10.0.2.0/23' + +@description('The address prefix for the Application Gateway subnet.') +param appgwSubnetPrefix string = '10.0.4.0/24' + +@description('The address prefix for the Private Endpoint subnet.') +param privateEndpointSubnetPrefix string = '10.0.5.0/24' + +// API Management +param apimName string = 'apim-${resourceSuffix}' +param apimSku string +param apis array = [] +param policyFragments array = [] + +@description('Set to true to make APIM publicly accessible. If false, APIM will be deployed into a VNet subnet for egress only.') +param apimPublicAccess bool = true + +@description('Reveals the backend API information. Defaults to true. *** WARNING: This will expose backend API information to the caller - For learning & testing only! ***') +param revealBackendApiInfo bool = true + +// Container Apps +param acaName string = 'aca-${resourceSuffix}' +param useACA bool = false + +// Application Gateway +param appgwName string = 'appgw-${resourceSuffix}' +param keyVaultName string = 'kv-${resourceSuffix}' +param uamiName string = 'uami-${resourceSuffix}' + +param setCurrentUserAsKeyVaultAdmin bool = false +param currentUserId string = '' + + +// ------------------ +// CONSTANTS +// ------------------ + +var IMG_HELLO_WORLD = 'simonkurtzmsft/helloworld:latest' +var IMG_MOCK_WEB_API = 'simonkurtzmsft/mockwebapi:1.0.0-alpha.1' +var CERT_NAME = 'appgw-cert' +var DOMAIN_NAME = 'api.apim-samples.contoso.com' + + +// ------------------------------ +// VARIABLES +// ------------------------------ + +var azureRoles = loadJsonContent('../../shared/azure-roles.json') + + +// ------------------ +// RESOURCES +// ------------------ + +// 1. Log Analytics Workspace +module lawModule '../../shared/bicep/modules/operational-insights/v1/workspaces.bicep' = { + name: 'lawModule' +} + +var lawId = lawModule.outputs.id + +// 2. Application Insights +module appInsightsModule '../../shared/bicep/modules/monitor/v1/appinsights.bicep' = { + name: 'appInsightsModule' + params: { + lawId: lawId + customMetricsOptedInType: 'WithDimensions' + } +} + +var appInsightsId = appInsightsModule.outputs.id +var appInsightsInstrumentationKey = appInsightsModule.outputs.instrumentationKey + +// 3. Virtual Network and Subnets +resource nsgDefault 'Microsoft.Network/networkSecurityGroups@2024-05-01' = { + name: 'nsg-default' + location: location +} + +// App Gateway needs a specific NSG +resource nsgAppGw 'Microsoft.Network/networkSecurityGroups@2024-05-01' = { + name: 'nsg-appgw' + location: location + properties: { + securityRules: [ + { + name: 'AllowGatewayManagerInbound' + properties: { + description: 'Allow Azure infrastructure communication' + protocol: 'Tcp' + sourcePortRange: '*' + destinationPortRange: '65200-65535' + sourceAddressPrefix: 'GatewayManager' + destinationAddressPrefix: '*' + access: 'Allow' + priority: 100 + direction: 'Inbound' + } + } + { + name: 'AllowHTTPSInbound' + properties: { + description: 'Allow HTTPS traffic' + protocol: 'Tcp' + sourcePortRange: '*' + destinationPortRange: '443' + sourceAddressPrefix: '*' + destinationAddressPrefix: '*' + access: 'Allow' + priority: 110 + direction: 'Inbound' + } + } + { + name: 'AllowAzureLoadBalancerInbound' + properties: { + description: 'Allow Azure Load Balancer' + protocol: '*' + sourcePortRange: '*' + destinationPortRange: '*' + sourceAddressPrefix: 'AzureLoadBalancer' + destinationAddressPrefix: '*' + access: 'Allow' + priority: 130 + direction: 'Inbound' + } + } + ] + } +} + +module vnetModule '../../shared/bicep/modules/vnet/v1/vnet.bicep' = { + name: 'vnetModule' + params: { + vnetName: vnetName + vnetAddressPrefixes: vnetAddressPrefixes + subnets: [ + // APIM Subnet + { + name: apimSubnetName + properties: { + addressPrefix: apimSubnetPrefix + networkSecurityGroup: { + id: nsgDefault.id + } + delegations: [ + { + name: 'Microsoft.Web/serverFarms' + properties: { + serviceName: 'Microsoft.Web/serverFarms' + } + } + ] + } + } + // ACA Subnet + { + name: acaSubnetName + properties: { + addressPrefix: acaSubnetPrefix + networkSecurityGroup: { + id: nsgDefault.id + } + delegations: [ + { + name: 'Microsoft.App/environments' + properties: { + serviceName: 'Microsoft.App/environments' + } + } + ] + } + } + // App Gateway Subnet + { + name: appgwSubnetName + properties: { + addressPrefix: appgwSubnetPrefix + networkSecurityGroup: { + id: nsgAppGw.id + } + } + } + // Private Endpoint Subnet + { + name: privateEndpointSubnetName + properties: { + addressPrefix: privateEndpointSubnetPrefix + networkSecurityGroup: { + id: nsgDefault.id + } + privateEndpointNetworkPolicies: 'Disabled' + } + } + ] + } +} + +var apimSubnetResourceId = '${vnetModule.outputs.vnetId}/subnets/${apimSubnetName}' +var acaSubnetResourceId = '${vnetModule.outputs.vnetId}/subnets/${acaSubnetName}' +var appgwSubnetResourceId = '${vnetModule.outputs.vnetId}/subnets/${appgwSubnetName}' +var privateEndpointSubnetResourceId = '${vnetModule.outputs.vnetId}/subnets/${privateEndpointSubnetName}' + +// 4. User Assigned Managed Identity +// https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/managed-identity/user-assigned-identity +module uamiModule 'br/public:avm/res/managed-identity/user-assigned-identity:0.4.2' = { + name: 'uamiModule' + params: { + name: uamiName + location: location + } +} + +// 5. Key Vault +// https://learn.microsoft.com/azure/templates/microsoft.keyvault/vaults +// This assignment is helpful for testing to allow you to examine and administer the Key Vault. Adjust accordingly for real workloads! +var keyVaultAdminRoleAssignment = setCurrentUserAsKeyVaultAdmin && !empty(currentUserId) ? [ + { + roleDefinitionIdOrName: azureRoles.KeyVaultAdministrator + principalId: currentUserId + principalType: 'User' + } +] : [] + +var keyVaultServiceRoleAssignments = [ + { + // Key Vault Certificate User (for App Gateway to read certificates) + roleDefinitionIdOrName: azureRoles.KeyVaultCertificateUser + principalId: uamiModule.outputs.principalId + principalType: 'ServicePrincipal' + } +] + +// https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/key-vault/vault +module keyVaultModule 'br/public:avm/res/key-vault/vault:0.13.3' = { + name: 'keyVaultModule' + params: { + name: keyVaultName + location: location + sku: 'standard' + enableRbacAuthorization: true + enablePurgeProtection: false // Disabled for learning/testing scenarios to facilitate resource cleanup. Set to true in production! + roleAssignments: concat(keyVaultAdminRoleAssignment, keyVaultServiceRoleAssignments) + } +} + +// 6. Public IP for Application Gateway +// https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/network/public-ip-address +module appgwPipModule 'br/public:avm/res/network/public-ip-address:0.9.1' = { + name: 'appgwPipModule' + params: { + name: 'pip-${appgwName}' + location: location + publicIPAllocationMethod: 'Static' + skuName: 'Standard' + skuTier: 'Regional' + } +} + +// 7. WAF Policy for Application Gateway +// https://learn.microsoft.com/azure/templates/microsoft.network/applicationgatewaywebapplicationfirewallpolicies +resource wafPolicy 'Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies@2024-05-01' = { + name: 'waf-${resourceSuffix}' + location: location + properties: { + customRules: [] + policySettings: { + requestBodyCheck: true + maxRequestBodySizeInKb: 128 + fileUploadLimitInMb: 100 + state: 'Enabled' + mode: 'Detection' // Use 'Prevention' in production + } + managedRules: { + managedRuleSets: [ + { + ruleSetType: 'OWASP' + ruleSetVersion: '3.2' + } + ] + } + } +} + +// 8. Azure Container App Environment (ACAE) +module acaEnvModule '../../shared/bicep/modules/aca/v1/environment.bicep' = if (useACA) { + name: 'acaEnvModule' + params: { + name: 'cae-${resourceSuffix}' + logAnalyticsWorkspaceCustomerId: lawModule.outputs.customerId + logAnalyticsWorkspaceSharedKey: lawModule.outputs.clientSecret + subnetResourceId: acaSubnetResourceId + } +} + +// 9. Azure Container Apps (ACA) for Mock Web API +module acaModule1 '../../shared/bicep/modules/aca/v1/containerapp.bicep' = if (useACA) { + name: 'acaModule-1' + params: { + name: 'ca-${resourceSuffix}-mockwebapi-1' + containerImage: IMG_MOCK_WEB_API + environmentId: acaEnvModule!.outputs.environmentId + } +} +module acaModule2 '../../shared/bicep/modules/aca/v1/containerapp.bicep' = if (useACA) { + name: 'acaModule-2' + params: { + name: 'ca-${resourceSuffix}-mockwebapi-2' + containerImage: IMG_MOCK_WEB_API + environmentId: acaEnvModule!.outputs.environmentId + } +} + +// 10. API Management +module apimModule '../../shared/bicep/modules/apim/v1/apim.bicep' = { + name: 'apimModule' + params: { + apimSku: apimSku + appInsightsInstrumentationKey: appInsightsInstrumentationKey + appInsightsId: appInsightsId + apimSubnetResourceId: apimSubnetResourceId + publicAccess: apimPublicAccess + globalPolicyXml: revealBackendApiInfo ? loadTextContent('../../shared/apim-policies/all-apis-reveal-backend.xml') : loadTextContent('../../shared/apim-policies/all-apis.xml') + } +} + +// 11. APIM Policy Fragments +module policyFragmentModule '../../shared/bicep/modules/apim/v1/policy-fragment.bicep' = [for pf in policyFragments: { + name: 'pf-${pf.name}' + params:{ + apimName: apimName + policyFragmentName: pf.name + policyFragmentDescription: pf.description + policyFragmentValue: pf.policyXml + } + dependsOn: [ + apimModule + ] +}] + +// 12. APIM Backends for ACA +module backendModule1 '../../shared/bicep/modules/apim/v1/backend.bicep' = if (useACA) { + name: 'aca-backend-1' + params: { + apimName: apimName + backendName: 'aca-backend-1' + url: 'https://${acaModule1!.outputs.containerAppFqdn}' + } + dependsOn: [ + apimModule + ] +} + +module backendModule2 '../../shared/bicep/modules/apim/v1/backend.bicep' = if (useACA) { + name: 'aca-backend-2' + params: { + apimName: apimName + backendName: 'aca-backend-2' + url: 'https://${acaModule2!.outputs.containerAppFqdn}' + } + dependsOn: [ + apimModule + ] +} + +module backendPoolModule '../../shared/bicep/modules/apim/v1/backend-pool.bicep' = if (useACA) { + name: 'aca-backend-pool' + params: { + apimName: apimName + backendPoolName: 'aca-backend-pool' + backendPoolDescription: 'Backend pool for ACA Hello World backends' + backends: [ + { + name: backendModule1!.outputs.backendName + priority: 1 + weight: 75 + } + { + name: backendModule2!.outputs.backendName + priority: 1 + weight: 25 + } + ] + } + dependsOn: [ + apimModule + ] +} + +// 13. APIM APIs +module apisModule '../../shared/bicep/modules/apim/v1/api.bicep' = [for api in apis: if(length(apis) > 0) { + name: 'api-${api.name}' + params: { + apimName: apimName + appInsightsInstrumentationKey: appInsightsInstrumentationKey + appInsightsId: appInsightsId + api: api + } + dependsOn: [ + apimModule + backendModule1 + backendModule2 + backendPoolModule + ] +}] + +// 14. Private Endpoint for APIM +// https://learn.microsoft.com/azure/templates/microsoft.network/privateendpoints +resource apimPrivateEndpoint 'Microsoft.Network/privateEndpoints@2024-05-01' = { + name: 'pe-apim-${resourceSuffix}' + location: location + properties: { + subnet: { + id: privateEndpointSubnetResourceId + } + privateLinkServiceConnections: [ + { + name: 'apim-connection' + properties: { + privateLinkServiceId: apimModule.outputs.id + groupIds: [ + 'Gateway' + ] + } + } + ] + } +} + +// 15. Private DNS Zone Group for APIM Private Endpoint +// https://learn.microsoft.com/azure/templates/microsoft.network/privateendpoints/privatednszoneegroups +resource apimPrivateDnsZoneGroup 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2024-05-01' = { + name: 'apim-dns-zone-group' + parent: apimPrivateEndpoint + properties: { + privateDnsZoneConfigs: [ + { + name: 'privatelink-azure-api-net' + properties: { + privateDnsZoneId: apimDnsPrivateLinkModule.outputs.privateDnsZoneId + } + } + ] + } +} + +// 16. APIM Private DNS Zone, VNet Link +module apimDnsPrivateLinkModule '../../shared/bicep/modules/dns/v1/dns-private-link.bicep' = { + name: 'apimDnsPrivateLinkModule' + params: { + dnsZoneName: 'privatelink.azure-api.net' + vnetId: vnetModule.outputs.vnetId + vnetLinkName: 'link-apim' + enableDnsZoneGroup: true + dnsZoneGroupName: 'dnsZoneGroup-apim' + dnsZoneConfigName: 'config-apim' + } +} + +// 17. ACA Private DNS Zone +module acaDnsPrivateZoneModule '../../shared/bicep/modules/dns/v1/aca-dns-private-zone.bicep' = if (useACA) { + name: 'acaDnsPrivateZoneModule' + params: { + acaEnvironmentRandomSubdomain: acaEnvModule!.outputs.environmentRandomSubdomain + acaEnvironmentStaticIp: acaEnvModule!.outputs.environmentStaticIp + vnetId: vnetModule.outputs.vnetId + } +} + +// 18. Application Gateway +// https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/network/application-gateway +module appgwModule 'br/public:avm/res/network/application-gateway:0.7.2' = { + name: 'appgwModule' + params: { + name: appgwName + location: location + sku: 'WAF_v2' + firewallPolicyResourceId: wafPolicy.id + enableHttp2: true + // Use minimal AZs for cost savings. Adjust accordingly for production workloads. + availabilityZones: [ + 1 + ] + gatewayIPConfigurations: [ + { + name: 'appGatewayIpConfig' + properties: { + subnet: { + id: appgwSubnetResourceId + } + } + } + ] + frontendIPConfigurations: [ + { + name: 'appGatewayFrontendPublicIP' + properties: { + publicIPAddress: { + id: appgwPipModule.outputs.resourceId + } + } + } + ] + frontendPorts: [ + { + name: 'port_443' + properties: { + port: 443 + } + } + ] + sslCertificates: [ + { + name: CERT_NAME + properties: { + keyVaultSecretId: '${keyVaultModule.outputs.uri}secrets/${CERT_NAME}' + } + } + ] + managedIdentities: { + userAssignedResourceIds: [ + uamiModule.outputs.resourceId + ] + } + backendAddressPools: [ + { + name: 'apim-backend-pool' + properties: { + backendAddresses: [ + { + fqdn: replace(apimModule.outputs.gatewayUrl, 'https://', '') + } + ] + } + } + ] + backendHttpSettingsCollection: [ + { + name: 'apim-https-settings' + properties: { + port: 443 + protocol: 'Https' + cookieBasedAffinity: 'Disabled' + pickHostNameFromBackendAddress: true + requestTimeout: 20 + probe: { + id: resourceId('Microsoft.Network/applicationGateways/probes', appgwName, 'apim-probe') + } + } + } + ] + httpListeners: [ + { + name: 'https-listener' + properties: { + frontendIPConfiguration: { + id: resourceId('Microsoft.Network/applicationGateways/frontendIPConfigurations', appgwName, 'appGatewayFrontendPublicIP') + } + frontendPort: { + id: resourceId('Microsoft.Network/applicationGateways/frontendPorts', appgwName, 'port_443') + } + protocol: 'Https' + sslCertificate: { + id: resourceId('Microsoft.Network/applicationGateways/sslCertificates', appgwName, CERT_NAME) + } + hostName: DOMAIN_NAME + } + } + ] + requestRoutingRules: [ + { + name: 'rule-1' + properties: { + ruleType: 'Basic' + httpListener: { + id: resourceId('Microsoft.Network/applicationGateways/httpListeners', appgwName, 'https-listener') + } + backendAddressPool: { + id: resourceId('Microsoft.Network/applicationGateways/backendAddressPools', appgwName, 'apim-backend-pool') + } + backendHttpSettings: { + id: resourceId('Microsoft.Network/applicationGateways/backendHttpSettingsCollection', appgwName, 'apim-https-settings') + } + priority: 100 + } + } + ] + probes: [ + { + name: 'apim-probe' + properties: { + protocol: 'Https' + path: '/status-0123456789abcdef' + interval: 30 + timeout: 30 + unhealthyThreshold: 3 + pickHostNameFromBackendHttpSettings: true + } + } + ] + } + dependsOn: [ + apimPrivateDnsZoneGroup + ] +} + + +// ------------------ +// MARK: OUTPUTS +// ------------------ + +output applicationInsightsAppId string = appInsightsModule.outputs.appId +output applicationInsightsName string = appInsightsModule.outputs.applicationInsightsName +output logAnalyticsWorkspaceId string = lawModule.outputs.customerId +output apimServiceId string = apimModule.outputs.id +output apimServiceName string = apimModule.outputs.name +output apimResourceGatewayURL string = apimModule.outputs.gatewayUrl +output apimPrivateEndpointId string = apimPrivateEndpoint.id +output appGatewayName string = appgwModule.outputs.name +output appGatewayDomainName string = DOMAIN_NAME +output appGatewayFrontendUrl string = 'https://${DOMAIN_NAME}' +output appgwPublicIpAddress string = appgwPipModule.outputs.ipAddress + +// API outputs +output apiOutputs array = [for i in range(0, length(apis)): { + name: apis[i].name + resourceId: apisModule[i].?outputs.?apiResourceId ?? '' + displayName: apisModule[i].?outputs.?apiDisplayName ?? '' + productAssociationCount: apisModule[i].?outputs.?productAssociationCount ?? 0 + subscriptionResourceId: apisModule[i].?outputs.?subscriptionResourceId ?? '' + subscriptionName: apisModule[i].?outputs.?subscriptionName ?? '' + subscriptionPrimaryKey: apisModule[i].?outputs.?subscriptionPrimaryKey ?? '' + subscriptionSecondaryKey: apisModule[i].?outputs.?subscriptionSecondaryKey ?? '' +}] diff --git a/infrastructure/simple-apim/create_infrastructure.py b/infrastructure/simple-apim/create_infrastructure.py index f8d29ca..65868d2 100644 --- a/infrastructure/simple-apim/create_infrastructure.py +++ b/infrastructure/simple-apim/create_infrastructure.py @@ -9,14 +9,14 @@ import utils -def create_infrastructure(location: str, index: int, apim_sku: APIM_SKU) -> None: +def create_infrastructure(location: str, index: int, apim_sku: APIM_SKU) -> None: try: # Check if infrastructure already exists to determine messaging infrastructure_exists = utils.does_resource_group_exist(utils.get_infra_rg_name(utils.INFRASTRUCTURE.SIMPLE_APIM, index)) - + result = SimpleApimInfrastructure(location, index, apim_sku).deploy_infrastructure(infrastructure_exists) sys.exit(0 if result.success else 1) - + except Exception as e: print(f'\nšŸ’„ Error: {str(e)}') sys.exit(1) @@ -25,11 +25,11 @@ def main(): """ Main entry point for command-line usage. """ - + parser = argparse.ArgumentParser(description = 'Create Simple APIM infrastructure') parser.add_argument('--location', default = 'eastus2', help = 'Azure region (default: eastus2)') parser.add_argument('--index', type = int, help = 'Infrastructure index') - parser.add_argument('--sku', choices = ['Basicv2', 'Standardv2', 'Premiumv2'], default = 'Basicv2', help = 'APIM SKU (default: Basicv2)') + parser.add_argument('--sku', choices = ['Basicv2', 'Standardv2', 'Premiumv2'], default = 'Basicv2', help = 'APIM SKU (default: Basicv2)') args = parser.parse_args() # Convert SKU string to enum using the enum's built-in functionality @@ -42,4 +42,4 @@ def main(): create_infrastructure(args.location, args.index, apim_sku) if __name__ == '__main__': - main() \ No newline at end of file + main() diff --git a/requirements.txt b/requirements.txt index 14c5c47..2a1352b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,15 +1,19 @@ # This is a comprehensive requirements.txt file to ensure that one installation covers everything. +# Core dependencies requests setuptools pandas matplotlib pyjwt -pytest -pytest-cov azure.storage.blob azure.identity jupyter ipykernel notebook -python-dotenv \ No newline at end of file +python-dotenv + +# Dev tools for linting, formatting, testing, etc. +pylint +pytest +pytest-cov \ No newline at end of file diff --git a/samples/authX-pro/create.ipynb b/samples/authX-pro/create.ipynb index af98b2b..b631664 100644 --- a/samples/authX-pro/create.ipynb +++ b/samples/authX-pro/create.ipynb @@ -25,7 +25,7 @@ "rg_location = 'eastus2'\n", "index = 1\n", "apim_sku = APIM_SKU.BASICV2 # Options: 'BASICV2', 'STANDARDV2', 'PREMIUMV2'\n", - "deployment = INFRASTRUCTURE.SIMPLE_APIM # Options: 'AFD_APIM_PE', 'APIM_ACA', 'SIMPLE_APIM'\n", + "deployment = INFRASTRUCTURE.SIMPLE_APIM # Options: see supported_infras below\n", "api_prefix = 'authX-pro-' # ENTER A PREFIX FOR THE APIS TO REDUCE COLLISION POTENTIAL WITH OTHER SAMPLES\n", "tags = ['authX-pro', 'jwt', 'policy-fragment'] # ENTER DESCRIPTIVE TAG(S)\n", "\n", @@ -38,7 +38,7 @@ "# Create the notebook helper with JWT support\n", "sample_folder = 'authX-pro'\n", "rg_name = utils.get_infra_rg_name(deployment, index)\n", - "supported_infras = [INFRASTRUCTURE.AFD_APIM_PE, INFRASTRUCTURE.APIM_ACA, INFRASTRUCTURE.SIMPLE_APIM]\n", + "supported_infras = [INFRASTRUCTURE.AFD_APIM_PE, INFRASTRUCTURE.APIM_ACA, INFRASTRUCTURE.APPGW_APIM_PE, INFRASTRUCTURE.SIMPLE_APIM]\n", "nb_helper = utils.NotebookHelper(sample_folder, rg_name, rg_location, deployment, supported_infras, True, index = index, apim_sku = apim_sku)\n", "\n", "# Define the APIs and their operations and policies\n", @@ -63,14 +63,14 @@ "\n", "# Define the Products\n", "pol_hr_product = utils.read_policy_xml('hr_product.xml', {\n", - " 'jwt_signing_key' : nb_helper.jwt_key_name, \n", + " 'jwt_signing_key' : nb_helper.jwt_key_name,\n", " 'hr_member_role_id' : 'HRMemberRoleId'\n", "}, sample_folder)\n", "\n", "hr_product_name = 'hr'\n", "products: List[Product] = [\n", - " Product(hr_product_name, 'Human Resources', \n", - " 'Product for Human Resources APIs providing access to employee data, organizational structure, benefits information, and HR management services. Includes JWT-based authentication for HR members.', \n", + " Product(hr_product_name, 'Human Resources',\n", + " 'Product for Human Resources APIs providing access to employee data, organizational structure, benefits information, and HR management services. Includes JWT-based authentication for HR members.',\n", " 'published', True, False, pol_hr_product)\n", "]\n", "\n", @@ -165,8 +165,19 @@ "tests = ApimTesting(\"AuthX-Pro Sample Tests\", sample_folder, deployment)\n", "hr_product_apim_subscription_key = apim_products[0]['subscriptionPrimaryKey']\n", "\n", - "# Preflight: Check if the infrastructure architecture deployment uses Azure Front Door. If so, assume that APIM is not directly accessible and use the Front Door URL instead.\n", - "endpoint_url = utils.test_url_preflight_check(deployment, rg_name, apim_gateway_url)\n", + "# Determine endpoints, URLs, etc. prior to test execution\n", + "endpoints = utils.get_endpoints(deployment, rg_name)\n", + "endpoint_url = None\n", + "request_headers = None\n", + "\n", + "if (endpoints.appgw_hostname and endpoints.appgw_public_ip):\n", + " endpoint_url = f'https://{endpoints.appgw_public_ip}'\n", + " request_headers: dict[str, str] = {\"Host\": endpoints.appgw_hostname}\n", + "else:\n", + " # Preflight: Check if the infrastructure architecture deployment uses Azure Front Door. If so, assume that APIM is not directly accessible and use the Front Door URL instead.\n", + " endpoint_url = utils.test_url_preflight_check(deployment, rg_name, apim_gateway_url)\n", + "\n", + "# ********** TEST EXECUTIONS **********\n", "\n", "# 1) HR Administrator\n", "# Create a JSON Web Token with a payload and sign it with the symmetric key from above.\n", @@ -174,7 +185,7 @@ "print(f'\\nJWT token for HR Admin:\\n{encoded_jwt_token_hr_admin}') # this value is used to call the APIs via APIM\n", "\n", "# Set up an APIM requests object with the JWT token\n", - "reqsApimAdmin = ApimRequests(endpoint_url, hr_product_apim_subscription_key)\n", + "reqsApimAdmin = ApimRequests(endpoint_url, hr_product_apim_subscription_key, request_headers)\n", "reqsApimAdmin.headers['Authorization'] = f'Bearer {encoded_jwt_token_hr_admin}'\n", "\n", "# Call APIM\n", @@ -196,7 +207,7 @@ "print(f'\\nJWT token for HR Associate:\\n{encoded_jwt_token_hr_associate}') # this value is used to call the APIs via APIM\n", "\n", "# Set up an APIM requests object with the JWT token\n", - "reqsApimAssociate = ApimRequests(endpoint_url, hr_product_apim_subscription_key)\n", + "reqsApimAssociate = ApimRequests(endpoint_url, hr_product_apim_subscription_key, request_headers)\n", "reqsApimAssociate.headers['Authorization'] = f'Bearer {encoded_jwt_token_hr_associate}'\n", "\n", "# Call APIM\n", @@ -214,7 +225,7 @@ "\n", "# 3) HR Administrator but no HR product subscription key (api-key)\n", "# Set up an APIM requests object with the JWT token\n", - "reqsApimAdminNoHrProduct = ApimRequests(endpoint_url)\n", + "reqsApimAdminNoHrProduct = ApimRequests(endpoint_url, None, request_headers)\n", "reqsApimAdminNoHrProduct.headers['Authorization'] = f'Bearer {encoded_jwt_token_hr_admin}'\n", "\n", "# Call APIM\n", @@ -223,7 +234,7 @@ "\n", "# 4) HR Associate but no HR product subscription key (api-key)\n", "# Set up an APIM requests object with the JWT token\n", - "reqsApimAssociateNoHrProduct = ApimRequests(endpoint_url)\n", + "reqsApimAssociateNoHrProduct = ApimRequests(endpoint_url, None, request_headers)\n", "reqsApimAssociateNoHrProduct.headers['Authorization'] = f'Bearer {encoded_jwt_token_hr_associate}'\n", "\n", "# Call APIM\n", diff --git a/samples/authX/create.ipynb b/samples/authX/create.ipynb index 83164f5..c5a3c26 100644 --- a/samples/authX/create.ipynb +++ b/samples/authX/create.ipynb @@ -13,18 +13,7 @@ "cell_type": "code", "execution_count": null, "metadata": {}, - "outputs": [ - { - "name": "stdout", - "output_type": "stream", - "text": [ - "šŸ‘‰šŸ½ \u001b[1;34mJWT key value : C6t1uTHcRRryHYODH4EWYmjlHmfDlQL2zq7DlfvzqfXzeJ6BZLTYZQUKCEfZ5IYo89jQGuLTgdb0jQW\u001b[0m \n", - "šŸ‘‰šŸ½ \u001b[1;34mJWT key value (base64) : QzZ0MXVUSGNSUnJ5SFlPREg0RVdZbWpsSG1mRGxRTDJ6cTdEbGZ2enFmWHplSjZCWkxUWVpRVUtDRWZaNUlZbzg5alFHdUxUZ2RiMGpRVw==\u001b[0m \n", - "\n", - "āœ… \u001b[1;32mNotebook initialized\u001b[0m āŒš 14:15:18.283524 \n" - ] - } - ], + "outputs": [], "source": [ "import utils\n", "from apimtypes import *\n", @@ -36,7 +25,7 @@ "rg_location = 'eastus2'\n", "index = 1\n", "apim_sku = APIM_SKU.BASICV2 # Options: 'BASICV2', 'STANDARDV2', 'PREMIUMV2'\n", - "deployment = INFRASTRUCTURE.SIMPLE_APIM # Options: 'AFD_APIM_PE', 'APIM_ACA', 'SIMPLE_APIM'\n", + "deployment = INFRASTRUCTURE.SIMPLE_APIM # Options: see supported_infras below\n", "api_prefix = 'authX-' # ENTER A PREFIX FOR THE APIS TO REDUCE COLLISION POTENTIAL WITH OTHER SAMPLES\n", "tags = ['authX', 'jwt', 'hr'] # ENTER DESCRIPTIVE TAG(S)\n", "\n", @@ -49,7 +38,7 @@ "# Create the notebook helper with JWT support\n", "sample_folder = 'authX'\n", "rg_name = utils.get_infra_rg_name(deployment, index)\n", - "supported_infras = [INFRASTRUCTURE.AFD_APIM_PE, INFRASTRUCTURE.APIM_ACA, INFRASTRUCTURE.SIMPLE_APIM]\n", + "supported_infras = [INFRASTRUCTURE.AFD_APIM_PE, INFRASTRUCTURE.APIM_ACA, INFRASTRUCTURE.APPGW_APIM_PE, INFRASTRUCTURE.SIMPLE_APIM]\n", "nb_helper = utils.NotebookHelper(sample_folder, rg_name, rg_location, deployment, supported_infras, True, index = index, apim_sku = apim_sku)\n", "\n", "# Define the APIs and their operations and policies\n", @@ -64,7 +53,7 @@ "\n", "# Named values must be set up a bit differently as they need to have two surrounding curly braces\n", "pol_hr_all_operations = utils.read_policy_xml('hr_all_operations.xml', sample_name = sample_folder).format(\n", - " jwt_signing_key = '{{' + nb_helper.jwt_key_name + '}}', \n", + " jwt_signing_key = '{{' + nb_helper.jwt_key_name + '}}',\n", " hr_member_role_id = '{{HRMemberRoleId}}'\n", ")\n", "pol_hr_get = utils.read_policy_xml('hr_get.xml', sample_name = sample_folder).format(\n", @@ -150,14 +139,25 @@ "tests = ApimTesting(\"AuthX Sample Tests\", sample_folder, nb_helper.deployment)\n", "hr_api_apim_subscription_key = apim_apis[0]['subscriptionPrimaryKey']\n", "\n", - "# Preflight: Check if the infrastructure architecture deployment uses Azure Front Door. If so, assume that APIM is not directly accessible and use the Front Door URL instead.\n", - "endpoint_url = utils.test_url_preflight_check(deployment, rg_name, apim_gateway_url)\n", + "# Determine endpoints, URLs, etc. prior to test execution\n", + "endpoints = utils.get_endpoints(deployment, rg_name)\n", + "endpoint_url = None\n", + "request_headers = None\n", + "\n", + "if (endpoints.appgw_hostname and endpoints.appgw_public_ip):\n", + " endpoint_url = f'https://{endpoints.appgw_public_ip}'\n", + " request_headers: dict[str, str] = {\"Host\": endpoints.appgw_hostname}\n", + "else:\n", + " # Preflight: Check if the infrastructure architecture deployment uses Azure Front Door. If so, assume that APIM is not directly accessible and use the Front Door URL instead.\n", + " endpoint_url = utils.test_url_preflight_check(deployment, rg_name, apim_gateway_url)\n", + "\n", + "# ********** TEST EXECUTIONS **********\n", "\n", "# 1) HR Administrator - Full access\n", "encoded_jwt_token_hr_admin = AuthFactory.create_symmetric_jwt_token_for_user(UserHelper.get_user_by_role(Role.HR_ADMINISTRATOR), nb_helper.jwt_key_value)\n", "print(f'\\nJWT token for HR Admin:\\n{encoded_jwt_token_hr_admin}')\n", "\n", - "reqsApimAdmin = ApimRequests(endpoint_url, hr_api_apim_subscription_key)\n", + "reqsApimAdmin = ApimRequests(endpoint_url, hr_api_apim_subscription_key, request_headers)\n", "reqsApimAdmin.headers['Authorization'] = f'Bearer {encoded_jwt_token_hr_admin}'\n", "\n", "output = reqsApimAdmin.singleGet(hr_employees_path, msg = 'Calling GET Employees API as HR Admin. Expect 200.')\n", @@ -170,7 +170,7 @@ "encoded_jwt_token_hr_associate = AuthFactory.create_symmetric_jwt_token_for_user(UserHelper.get_user_by_role(Role.HR_ASSOCIATE), nb_helper.jwt_key_value)\n", "print(f'\\nJWT token for HR Associate:\\n{encoded_jwt_token_hr_associate}')\n", "\n", - "reqsApimAssociate = ApimRequests(endpoint_url, hr_api_apim_subscription_key)\n", + "reqsApimAssociate = ApimRequests(endpoint_url, hr_api_apim_subscription_key, request_headers)\n", "reqsApimAssociate.headers['Authorization'] = f'Bearer {encoded_jwt_token_hr_associate}'\n", "\n", "output = reqsApimAssociate.singleGet(hr_employees_path, msg = 'Calling GET Employees API as HR Associate. Expect 200.')\n", @@ -180,7 +180,7 @@ "tests.verify(output, '')\n", "\n", "# 3) Missing API subscription key\n", - "reqsNoApiSubscription = ApimRequests(endpoint_url)\n", + "reqsNoApiSubscription = ApimRequests(endpoint_url, None, request_headers)\n", "reqsNoApiSubscription.headers['Authorization'] = f'Bearer {encoded_jwt_token_hr_admin}'\n", "\n", "output = reqsNoApiSubscription.singleGet(hr_employees_path, msg = 'Calling GET Employees API without API subscription key. Expect 401.')\n", diff --git a/samples/azure-maps/create.ipynb b/samples/azure-maps/create.ipynb index 833ac10..4b7e9bb 100644 --- a/samples/azure-maps/create.ipynb +++ b/samples/azure-maps/create.ipynb @@ -29,7 +29,7 @@ "rg_location = 'eastus2'\n", "index = 1\n", "apim_sku = APIM_SKU.BASICV2 # Options: 'BASICV2', 'STANDARDV2', 'PREMIUMV2'\n", - "deployment = INFRASTRUCTURE.SIMPLE_APIM # Options: 'AFD_APIM_PE', 'APIM_ACA', 'SIMPLE_APIM'\n", + "deployment = INFRASTRUCTURE.SIMPLE_APIM # Options: see supported_infras below\n", "api_prefix = '' # using a prefix results in some issues with at least the default API GET. It's fine to leave it off.\n", "tags = ['azure-maps']\n", "\n", @@ -41,7 +41,7 @@ "\n", "sample_folder = 'azure-maps'\n", "rg_name = utils.get_infra_rg_name(deployment, index)\n", - "supported_infras = [INFRASTRUCTURE.AFD_APIM_PE, INFRASTRUCTURE.APIM_ACA, INFRASTRUCTURE.SIMPLE_APIM]\n", + "supported_infras = [INFRASTRUCTURE.AFD_APIM_PE, INFRASTRUCTURE.APIM_ACA, INFRASTRUCTURE.APPGW_APIM_PE, INFRASTRUCTURE.SIMPLE_APIM]\n", "nb_helper = utils.NotebookHelper(sample_folder, rg_name, rg_location, deployment, supported_infras, index = index, apim_sku = apim_sku)\n", "azure_maps_url = 'https://atlas.microsoft.com'\n", "\n", @@ -58,12 +58,12 @@ "pol_map_geocode_v2_aad_get = utils.read_policy_xml('map_geocode_v2_aad_get.xml', sample_name=sample_folder)\n", "\n", "# API 1: Maps\n", - "map_path = f'{api_prefix}map' \n", + "map_path = f'{api_prefix}map'\n", "mapApi_v2_default_get = GET_APIOperation2('get-default-route', 'Get default route', '/default/*', 'This is the default route that will allow all requests to go through to the backend api', pol_map_default_route_v2_aad_get)\n", "mapApi_v1_async_post = APIOperation('async-geocode-batch', 'Async Geocode Batch', '/geocode/batch/async', HTTP_VERB.POST, 'Post geocode batch async endpoint', pol_map_async_geocode_batch_v1_keyauth_post)\n", "mapApi_v2_geocode_get = GET_APIOperation2('get-geocode', 'Get Geocode', '/geocode', 'Get geocode endpoint', pol_map_geocode_v2_aad_get)\n", "\n", - "maps = API(map_path, 'Map API', map_path, 'This is the proxy for Azure Maps', \n", + "maps = API(map_path, 'Map API', map_path, 'This is the proxy for Azure Maps',\n", " operations = [mapApi_v2_default_get, mapApi_v1_async_post, mapApi_v2_geocode_get], tags = tags, serviceUrl = azure_maps_url)\n", "\n", "# APIs Array\n", @@ -132,9 +132,21 @@ "tests = ApimTesting(\"Azure Maps Sample Tests\", sample_folder, deployment)\n", "api_subscription_key = apim_apis[0]['subscriptionPrimaryKey']\n", "\n", - "# Get the appropriate endpoint URL for testing\n", - "endpoint_url = utils.test_url_preflight_check(deployment, rg_name, apim_gateway_url)\n", - "reqs = ApimRequests(endpoint_url, api_subscription_key)\n", + "# Determine endpoints, URLs, etc. prior to test execution\n", + "endpoints = utils.get_endpoints(deployment, rg_name)\n", + "endpoint_url = None\n", + "request_headers = None\n", + "\n", + "if (endpoints.appgw_hostname and endpoints.appgw_public_ip):\n", + " endpoint_url = f'https://{endpoints.appgw_public_ip}'\n", + " request_headers: dict[str, str] = {\"Host\": endpoints.appgw_hostname}\n", + "else:\n", + " # Preflight: Check if the infrastructure architecture deployment uses Azure Front Door. If so, assume that APIM is not directly accessible and use the Front Door URL instead.\n", + " endpoint_url = utils.test_url_preflight_check(deployment, rg_name, apim_gateway_url)\n", + "\n", + "# ********** TEST EXECUTIONS **********\n", + "\n", + "reqs = ApimRequests(endpoint_url, api_subscription_key, request_headers)\n", "\n", "# Test Azure Maps API endpoints\n", "utils.print_info(\"Testing Azure Maps API operations...\")\n", @@ -147,24 +159,25 @@ "output = reqs.singleGet(f'{map_path}/geocode?query=15127%20NE%2024th%20Street%20Redmond%20WA', msg = 'Calling Geocode v2 API with AAD Auth. Expect 200.')\n", "tests.verify('address' in output, True)\n", "\n", + "# TODO: 12/05/25 - SJK: Need to fix the implementation for this as it presently fails.\n", "# Test async geocode batch with shared key auth\n", - "output = reqs.singlePostAsync(f'{map_path}/geocode/batch/async', data={\n", - " \"batchItems\": [\n", - " {\"query\": \"?query=400 Broad St, Seattle, WA 98109&limit=3\"},\n", - " {\"query\": \"?query=One, Microsoft Way, Redmond, WA 98052&limit=3\"},\n", - " {\"query\": \"?query=350 5th Ave, New York, NY 10118&limit=1\"},\n", - " {\"query\": \"?query=Pike Pl, Seattle, WA 98101&lat=47.610970&lon=-122.342469&radius=1000\"},\n", - " {\"query\": \"?query=Champ de Mars, 5 Avenue Anatole France, 75007 Paris, France&limit=1\"}\n", - " ]\n", - "}, msg = 'Calling Async Geocode Batch v1 API with Share Key Auth. Expect initial 202, then a 200 on the polling response', timeout = 120, poll_interval = 3)\n", - "\n", - "# Verify batch response contains successful requests\n", - "tests.verify('summary' in output and 'successfulRequests' in output and \n", - " json.loads(output)['summary']['successfulRequests'] == 5, True)\n", + "# output = reqs.singlePostAsync(f'{map_path}/geocode/batch/async', data={\n", + "# \"batchItems\": [\n", + "# {\"query\": \"?query=400 Broad St, Seattle, WA 98109&limit=3\"},\n", + "# {\"query\": \"?query=One, Microsoft Way, Redmond, WA 98052&limit=3\"},\n", + "# {\"query\": \"?query=350 5th Ave, New York, NY 10118&limit=1\"},\n", + "# {\"query\": \"?query=Pike Pl, Seattle, WA 98101&lat=47.610970&lon=-122.342469&radius=1000\"},\n", + "# {\"query\": \"?query=Champ de Mars, 5 Avenue Anatole France, 75007 Paris, France&limit=1\"}\n", + "# ]\n", + "# }, msg = 'Calling Async Geocode Batch v1 API with Share Key Auth. Expect initial 202, then a 200 on the polling response', timeout = 120, poll_interval = 3)\n", + "\n", + "# # Verify batch response contains successful requests\n", + "# tests.verify('summary' in output and 'successfulRequests' in output and\n", + "# json.loads(output)['summary']['successfulRequests'] == 5, True)\n", "\n", "# Test unauthorized access (should fail with 401)\n", - "reqsNoApiSubscription = ApimRequests(endpoint_url)\n", - "output = reqsNoApiSubscription.singleGet(f'{map_path}/geocode?query=15127%20NE%2024th%20Street%20Redmond%20WA', \n", + "reqsNoApiSubscription = ApimRequests(endpoint_url, None, request_headers)\n", + "output = reqsNoApiSubscription.singleGet(f'{map_path}/geocode?query=15127%20NE%2024th%20Street%20Redmond%20WA',\n", " msg='Calling Geocode v2 API without API subscription key. Expect 401.')\n", "outputJson = utils.get_json(output)\n", "tests.verify(outputJson['statusCode'], 401)\n", diff --git a/samples/general/create.ipynb b/samples/general/create.ipynb index 6a0e540..6d7cf92 100644 --- a/samples/general/create.ipynb +++ b/samples/general/create.ipynb @@ -24,9 +24,9 @@ "\n", "rg_location = 'eastus2'\n", "index = 1\n", - "apim_sku = APIM_SKU.BASICV2 # Options: 'BASICV2', 'STANDARDV2', 'PREMIUMV2'\n", - "deployment = INFRASTRUCTURE.SIMPLE_APIM # Options: 'AFD_APIM_PE', 'APIM_ACA', 'SIMPLE_APIM'\n", - "api_prefix = '' # Not defining a prefix for general as these APIs will live off the root\n", + "apim_sku = APIM_SKU.STANDARDV2 # Options: 'BASICV2', 'STANDARDV2', 'PREMIUMV2'\n", + "deployment = INFRASTRUCTURE.SIMPLE_APIM # Options: see supported_infras below\n", + "api_prefix = '' # Not defining a prefix for general as these APIs will live off the root\n", "tags = ['general']\n", "\n", "\n", @@ -37,7 +37,7 @@ "\n", "sample_folder = 'general'\n", "rg_name = utils.get_infra_rg_name(deployment, index)\n", - "supported_infras = [INFRASTRUCTURE.AFD_APIM_PE, INFRASTRUCTURE.APIM_ACA, INFRASTRUCTURE.SIMPLE_APIM]\n", + "supported_infras = [INFRASTRUCTURE.AFD_APIM_PE, INFRASTRUCTURE.APIM_ACA, INFRASTRUCTURE.APPGW_APIM_PE, INFRASTRUCTURE.SIMPLE_APIM]\n", "nb_helper = utils.NotebookHelper(sample_folder, rg_name, rg_location, deployment, supported_infras, index = index, apim_sku = apim_sku)\n", "\n", "# Define the APIs and their operations and policies\n", @@ -117,18 +117,27 @@ "# Initialize testing framework\n", "tests = ApimTesting(\"General Sample Tests\", sample_folder, nb_helper.deployment)\n", "\n", - "# Preflight: Check if the infrastructure architecture deployment uses Azure Front Door. If so, assume that APIM is not directly accessible and use the Front Door URL instead.\n", - "endpoint_url = utils.test_url_preflight_check(deployment, rg_name, apim_gateway_url)\n", + "# Determine endpoints, URLs, etc. prior to test execution\n", + "endpoints = utils.get_endpoints(deployment, rg_name)\n", + "endpoint_url = None\n", + "request_headers = None\n", + "\n", + "if (endpoints.appgw_hostname and endpoints.appgw_public_ip):\n", + " endpoint_url = f'https://{endpoints.appgw_public_ip}'\n", + " request_headers: dict[str, str] = {\"Host\": endpoints.appgw_hostname}\n", + "else:\n", + " # Preflight: Check if the infrastructure architecture deployment uses Azure Front Door. If so, assume that APIM is not directly accessible and use the Front Door URL instead.\n", + " endpoint_url = utils.test_url_preflight_check(deployment, rg_name, apim_gateway_url)\n", + "\n", + "# ********** TEST EXECUTIONS **********\n", "\n", "# 1) Request Headers\n", - "api_subscription_key = apim_apis[0]['subscriptionPrimaryKey']\n", - "reqs = ApimRequests(endpoint_url, api_subscription_key)\n", + "reqs = ApimRequests(endpoint_url, apim_apis[0]['subscriptionPrimaryKey'], request_headers)\n", "output = reqs.singleGet('/request-headers', msg = 'Calling the Request Headers API. Expect 200.')\n", "tests.verify('Host:' in output, True)\n", "\n", "# 2) API ID\n", - "api_subscription_key = apim_apis[1]['subscriptionPrimaryKey']\n", - "reqs = ApimRequests(endpoint_url, api_subscription_key)\n", + "reqs.subscriptionKey = apim_apis[1]['subscriptionPrimaryKey']\n", "output = reqs.singleGet('/api-id', msg = 'Calling the API ID API. Expect 200.')\n", "tests.verify(output, 'Extracted API ID: api-42')\n", "\n", @@ -140,9 +149,9 @@ ], "metadata": { "kernelspec": { - "display_name": "APIM Samples Python 3.12", + "display_name": ".venv (3.12.10)", "language": "python", - "name": "apim-samples" + "name": "python3" }, "language_info": { "codemirror_mode": { diff --git a/samples/load-balancing/create.ipynb b/samples/load-balancing/create.ipynb index 80f7289..643a26c 100644 --- a/samples/load-balancing/create.ipynb +++ b/samples/load-balancing/create.ipynb @@ -25,7 +25,7 @@ "rg_location = 'eastus2'\n", "index = 1\n", "apim_sku = APIM_SKU.BASICV2 # Options: 'BASICV2', 'STANDARDV2', 'PREMIUMV2'\n", - "deployment = INFRASTRUCTURE.APIM_ACA # Options: 'AFD_APIM_PE', 'APIM_ACA'\n", + "deployment = INFRASTRUCTURE.APIM_ACA # Options: see supported_infras below\n", "api_prefix = 'lb-' # ENTER A PREFIX FOR THE APIS TO REDUCE COLLISION POTENTIAL WITH OTHER SAMPLES\n", "tags = ['load-balancing'] # ENTER DESCRIPTIVE TAG(S)\n", "\n", @@ -37,7 +37,7 @@ "\n", "sample_folder = 'load-balancing'\n", "rg_name = utils.get_infra_rg_name(deployment, index)\n", - "supported_infras = [INFRASTRUCTURE.AFD_APIM_PE, INFRASTRUCTURE.APIM_ACA]\n", + "supported_infras = [INFRASTRUCTURE.AFD_APIM_PE, INFRASTRUCTURE.APIM_ACA, INFRASTRUCTURE.APPGW_APIM_PE]\n", "nb_helper = utils.NotebookHelper(sample_folder, rg_name, rg_location, deployment, supported_infras, index = index, apim_sku = apim_sku)\n", "\n", "# Define the APIs and their operations and policies\n", @@ -131,11 +131,22 @@ "\n", "tests = ApimTesting(\"Load Balancing Sample Tests\", sample_folder, deployment)\n", "\n", - "# Get the appropriate endpoint URL for testing\n", - "endpoint_url = utils.test_url_preflight_check(deployment, rg_name, apim_gateway_url)\n", + "# Determine endpoints, URLs, etc. prior to test execution\n", + "endpoints = utils.get_endpoints(deployment, rg_name)\n", + "endpoint_url = None\n", + "request_headers = None\n", + "\n", + "if (endpoints.appgw_hostname and endpoints.appgw_public_ip):\n", + " endpoint_url = f'https://{endpoints.appgw_public_ip}'\n", + " request_headers: dict[str, str] = {\"Host\": endpoints.appgw_hostname}\n", + "else:\n", + " # Preflight: Check if the infrastructure architecture deployment uses Azure Front Door. If so, assume that APIM is not directly accessible and use the Front Door URL instead.\n", + " endpoint_url = utils.test_url_preflight_check(deployment, rg_name, apim_gateway_url)\n", + "\n", + "# ********** TEST EXECUTIONS **********\n", "\n", "# Quick test to verify load balancing API is accessible\n", - "reqs = ApimRequests(endpoint_url, apim_apis[0]['subscriptionPrimaryKey'])\n", + "reqs = ApimRequests(endpoint_url, apim_apis[0]['subscriptionPrimaryKey'], request_headers)\n", "output = reqs.singleGet('/lb-prioritized', msg = 'Quick test of load balancing API')\n", "\n", "# Verify initial response from priority 1 backend\n", @@ -153,21 +164,21 @@ "# 2) Weighted equal distribution\n", "zzzs()\n", "utils.print_message('2/5: Starting API calls for weighted distribution (50/50)', blank_above = True)\n", - "reqs = ApimRequests(endpoint_url, apim_apis[2]['subscriptionPrimaryKey'])\n", + "reqs.subscriptionKey = apim_apis[2]['subscriptionPrimaryKey']\n", "api_results_weighted_equal = reqs.multiGet('/lb-weighted-equal', runs = 15, msg='Calling weighted (equal) APIs')\n", "tests.verify(len(api_results_weighted_equal), 15)\n", "\n", "# 3) Weighted unequal distribution\n", "zzzs()\n", "utils.print_message('3/5: Starting API calls for weighted distribution (80/20)', blank_above = True)\n", - "reqs = ApimRequests(endpoint_url, apim_apis[3]['subscriptionPrimaryKey'])\n", + "reqs.subscriptionKey = apim_apis[3]['subscriptionPrimaryKey']\n", "api_results_weighted_unequal = reqs.multiGet('/lb-weighted-unequal', runs = 15, msg = 'Calling weighted (unequal) APIs')\n", "tests.verify(len(api_results_weighted_unequal), 15)\n", "\n", "# 4) Prioritized and weighted distribution\n", "zzzs()\n", "utils.print_message('4/5: Starting API calls for prioritized & weighted distribution', blank_above=True)\n", - "reqs = ApimRequests(endpoint_url, apim_apis[1]['subscriptionPrimaryKey'])\n", + "reqs.subscriptionKey = apim_apis[1]['subscriptionPrimaryKey']\n", "api_results_prioritized_and_weighted = reqs.multiGet('/lb-prioritized-weighted', runs=20, msg='Calling prioritized & weighted APIs')\n", "tests.verify(len(api_results_prioritized_and_weighted), 20)\n", "\n", diff --git a/samples/oauth-3rd-party/create.ipynb b/samples/oauth-3rd-party/create.ipynb index ee6bb98..c7764e6 100644 --- a/samples/oauth-3rd-party/create.ipynb +++ b/samples/oauth-3rd-party/create.ipynb @@ -31,10 +31,11 @@ "# ------------------------------\n", "# USER CONFIGURATION\n", "# ------------------------------\n", + "\n", "rg_location = 'eastus2'\n", "index = 1\n", "apim_sku = APIM_SKU.BASICV2 # Options: 'BASICV2', 'STANDARDV2', 'PREMIUMV2'\n", - "deployment = INFRASTRUCTURE.SIMPLE_APIM # Options: 'AFD_APIM_PE', 'APIM_ACA', 'SIMPLE_APIM'\n", + "deployment = INFRASTRUCTURE.SIMPLE_APIM # Options: see supported_infras below\n", "api_prefix = 'oauth-' # Prefix for API names # ENTER A PREFIX FOR THE APIS TO REDUCE COLLISION POTENTIAL WITH OTHER SAMPLES\n", "tags = ['oauth-3rd-party', 'jwt', 'credential-manager', 'policy-fragment'] # ENTER DESCRIPTIVE TAG(S)\n", "\n", @@ -47,7 +48,7 @@ "# Create the notebook helper with JWT support\n", "sample_folder = 'oauth-3rd-party'\n", "rg_name = utils.get_infra_rg_name(deployment, index)\n", - "supported_infras = [INFRASTRUCTURE.AFD_APIM_PE, INFRASTRUCTURE.APIM_ACA, INFRASTRUCTURE.SIMPLE_APIM]\n", + "supported_infras = [INFRASTRUCTURE.AFD_APIM_PE, INFRASTRUCTURE.APIM_ACA, INFRASTRUCTURE.APPGW_APIM_PE, INFRASTRUCTURE.SIMPLE_APIM]\n", "nb_helper = utils.NotebookHelper(sample_folder, rg_name, rg_location, deployment, supported_infras, True, index = index, apim_sku = apim_sku)\n", "\n", "# OAuth credentials (required environment variables)\n", @@ -70,7 +71,7 @@ "# Load policy definitions\n", "pol_artist_get_xml = utils.read_policy_xml('artist_get.xml', sample_name=sample_folder)\n", "pol_spotify_api_xml = utils.read_and_modify_policy_xml('spotify_api.xml', {\n", - " 'jwt_signing_key': '{{' + nb_helper.jwt_key_name + '}}', \n", + " 'jwt_signing_key': '{{' + nb_helper.jwt_key_name + '}}',\n", " 'marketing_member_role_id': '{{MarketingMemberRoleId}}'\n", "}, sample_folder)\n", "\n", @@ -187,18 +188,29 @@ "tests = ApimTesting(\"OAuth 3rd Party (Spotify) Sample Tests\", sample_folder, deployment)\n", "api_subscription_key = apim_apis[0]['subscriptionPrimaryKey']\n", "\n", + "# Determine endpoints, URLs, etc. prior to test execution\n", + "endpoints = utils.get_endpoints(deployment, rg_name)\n", + "endpoint_url = None\n", + "request_headers = None\n", + "\n", + "if (endpoints.appgw_hostname and endpoints.appgw_public_ip):\n", + " endpoint_url = f'https://{endpoints.appgw_public_ip}'\n", + " request_headers: dict[str, str] = {\"Host\": endpoints.appgw_hostname}\n", + "else:\n", + " # Preflight: Check if the infrastructure architecture deployment uses Azure Front Door. If so, assume that APIM is not directly accessible and use the Front Door URL instead.\n", + " endpoint_url = utils.test_url_preflight_check(deployment, rg_name, apim_gateway_url)\n", + "\n", + "# ********** TEST EXECUTIONS **********\n", + "\n", "# Create JWT token for Marketing Member role\n", "encoded_jwt_token_marketing_member = AuthFactory.create_symmetric_jwt_token_for_user(\n", - " UserHelper.get_user_by_role(Role.MARKETING_MEMBER), \n", + " UserHelper.get_user_by_role(Role.MARKETING_MEMBER),\n", " nb_helper.jwt_key_value\n", ")\n", "utils.print_info(f'JWT token for Marketing Member:\\n{encoded_jwt_token_marketing_member}')\n", "\n", - "# Get the appropriate endpoint URL for testing\n", - "endpoint_url = utils.test_url_preflight_check(deployment, rg_name, apim_gateway_url)\n", - "\n", "# Test Spotify API integration\n", - "reqs = ApimRequests(endpoint_url, api_subscription_key)\n", + "reqs = ApimRequests(endpoint_url, api_subscription_key, request_headers)\n", "reqs.headers['Authorization'] = f'Bearer {encoded_jwt_token_marketing_member}'\n", "\n", "# Test artist lookup (Taylor Swift's Spotify Artist ID)\n", @@ -210,7 +222,7 @@ "utils.print_info(f'{artist[\"name\"]} has a popularity rating of {artist[\"popularity\"]} with {artist[\"followers\"][\"total\"]:,} followers on Spotify.')\n", "\n", "# Test unauthorized access (should fail with 401)\n", - "reqsNoApiSubscription = ApimRequests(endpoint_url)\n", + "reqsNoApiSubscription = ApimRequests(endpoint_url, None, request_headers)\n", "output = reqsNoApiSubscription.singleGet(f'{spotify_path}/artists/{artist_id}', msg = 'Calling the Spotify Artist API without API subscription key. Expect 401.')\n", "outputJson = utils.get_json(output)\n", "tests.verify(outputJson['statusCode'], 401)\n", diff --git a/samples/secure-blob-access/create.ipynb b/samples/secure-blob-access/create.ipynb index 4847f78..57977d9 100644 --- a/samples/secure-blob-access/create.ipynb +++ b/samples/secure-blob-access/create.ipynb @@ -27,7 +27,7 @@ "rg_location = 'eastus2'\n", "index = 1\n", "apim_sku = APIM_SKU.BASICV2 # Options: 'BASICV2', 'STANDARDV2', 'PREMIUMV2'\n", - "deployment = INFRASTRUCTURE.SIMPLE_APIM # Options: 'AFD_APIM_PE', 'APIM_ACA', 'SIMPLE_APIM'\n", + "deployment = INFRASTRUCTURE.SIMPLE_APIM # Options: see supported_infras below\n", "api_prefix = 'blob-'\n", "tags = ['secure-blob-access', 'valet-key', 'storage', 'jwt', 'authz']\n", "\n", @@ -40,7 +40,7 @@ "# Create the notebook helper with JWT support\n", "sample_folder = 'secure-blob-access'\n", "rg_name = utils.get_infra_rg_name(deployment, index)\n", - "supported_infras = [INFRASTRUCTURE.AFD_APIM_PE, INFRASTRUCTURE.APIM_ACA, INFRASTRUCTURE.SIMPLE_APIM]\n", + "supported_infras = [INFRASTRUCTURE.AFD_APIM_PE, INFRASTRUCTURE.APIM_ACA, INFRASTRUCTURE.APPGW_APIM_PE, INFRASTRUCTURE.SIMPLE_APIM]\n", "nb_helper = utils.NotebookHelper(sample_folder, rg_name, rg_location, deployment, supported_infras, True, index = index, apim_sku = apim_sku)\n", "\n", "# Blob storage configuration\n", @@ -213,7 +213,7 @@ "\n", " # Test direct blob access using the valet key (SAS URL)\n", " utils.print_info(\"šŸ§Ŗ Testing direct blob access...\")\n", - " \n", + "\n", " try:\n", " blob_response = requests.get(access_info['sas_url'])\n", " if blob_response.status_code == 200:\n", @@ -232,8 +232,20 @@ "\n", "tests = ApimTesting(\"Secure Blob Access Sample Tests\", sample_folder, deployment)\n", "\n", - "# Get the appropriate endpoint URL for testing\n", - "endpoint_url = utils.test_url_preflight_check(deployment, rg_name, apim_gateway_url)\n", + "# Determine endpoints, URLs, etc. prior to test execution\n", + "endpoints = utils.get_endpoints(deployment, rg_name)\n", + "endpoint_url = None\n", + "request_headers = None\n", + "\n", + "if (endpoints.appgw_hostname and endpoints.appgw_public_ip):\n", + " endpoint_url = f'https://{endpoints.appgw_public_ip}'\n", + " request_headers: dict[str, str] = {\"Host\": endpoints.appgw_hostname}\n", + "else:\n", + " # Preflight: Check if the infrastructure architecture deployment uses Azure Front Door. If so, assume that APIM is not directly accessible and use the Front Door URL instead.\n", + " endpoint_url = utils.test_url_preflight_check(deployment, rg_name, apim_gateway_url)\n", + "\n", + "# ********** TEST EXECUTIONS **********\n", + "\n", "api_subscription_key = apim_apis[0]['subscriptionPrimaryKey']\n", "\n", "# Test 1: Authorized user with HR Member role\n", @@ -241,17 +253,17 @@ "\n", "# Create JWT token for HR Member role\n", "encoded_jwt_token_hr_member = AuthFactory.create_symmetric_jwt_token_for_user(\n", - " UserHelper.get_user_by_role(Role.HR_MEMBER), \n", + " UserHelper.get_user_by_role(Role.HR_MEMBER),\n", " nb_helper.jwt_key_value\n", ")\n", "utils.print_info(f'JWT token for HR Member:\\n{encoded_jwt_token_hr_member}')\n", "\n", "# Test secure blob access with authorization\n", - "reqsApimAuthorized = ApimRequests(endpoint_url, api_subscription_key)\n", + "reqsApimAuthorized = ApimRequests(endpoint_url, api_subscription_key, request_headers)\n", "reqsApimAuthorized.headers['Authorization'] = f'Bearer {encoded_jwt_token_hr_member}'\n", "\n", "utils.print_info(f\"šŸ”’ Getting secure access for {file_name} with authorized user...\")\n", - "response = reqsApimAuthorized.singleGet(f'/{api_prefix}secure-files/{file_name}', \n", + "response = reqsApimAuthorized.singleGet(f'/{api_prefix}secure-files/{file_name}',\n", " msg=f'Requesting secure access for {file_name} (authorized)')\n", "output = handleResponse(response)\n", "tests.verify(output, 'This is an HR document.')\n", @@ -261,17 +273,17 @@ "\n", "# Create JWT token for user with no role\n", "encoded_jwt_token_no_role = AuthFactory.create_symmetric_jwt_token_for_user(\n", - " UserHelper.get_user_by_role(Role.NONE), \n", + " UserHelper.get_user_by_role(Role.NONE),\n", " nb_helper.jwt_key_value\n", ")\n", "utils.print_info(f'JWT token for user with no role:\\n{encoded_jwt_token_no_role}')\n", "\n", "# Test access denial for unauthorized user\n", - "reqsApimUnauthorized = ApimRequests(endpoint_url, api_subscription_key)\n", + "reqsApimUnauthorized = ApimRequests(endpoint_url, api_subscription_key, request_headers)\n", "reqsApimUnauthorized.headers['Authorization'] = f'Bearer {encoded_jwt_token_no_role}'\n", "\n", "utils.print_info(f\"šŸ”’ Attempting to obtain secure access for {file_name} with unauthorized user (expect 401/403)...\")\n", - "response = reqsApimUnauthorized.singleGet(f'/{api_prefix}secure-files/{file_name}', \n", + "response = reqsApimUnauthorized.singleGet(f'/{api_prefix}secure-files/{file_name}',\n", " msg=f'Requesting secure access for {file_name} (unauthorized)')\n", "output = handleResponse(response)\n", "tests.verify(json.loads(output)['statusCode'], 401)\n", diff --git a/setup/setup_python_path.py b/setup/setup_python_path.py index 3d62462..6b43bae 100644 --- a/setup/setup_python_path.py +++ b/setup/setup_python_path.py @@ -23,12 +23,12 @@ def get_project_root() -> Path: """ Get the absolute path to the project root directory. - + Cross-platform strategy: - Uses pathlib.Path for consistent path operations across OS - Searches upward from script location to find project indicators - Returns absolute paths that work on Windows, macOS, and Linux - + Returns: Path: Absolute path to project root directory """ @@ -36,19 +36,19 @@ def get_project_root() -> Path: # Start from script's parent directory (since we're in setup/ folder) # Path(__file__).resolve() gives absolute path, .parent.parent goes up two levels start_path = Path(__file__).resolve().parent.parent - + # Project root indicators - files that should exist at project root # These help identify the correct directory regardless of where script is run indicators = ['README.md', 'requirements.txt', 'bicepconfig.json'] current_path = start_path - + # Walk up the directory tree until we find all indicators or reach filesystem root while current_path != current_path.parent: # Stop at filesystem root # Check if all indicator files exist in current directory if all((current_path / indicator).exists() for indicator in indicators): return current_path current_path = current_path.parent - + # Fallback: if indicators not found, assume parent of script directory is project root # This handles cases where the project structure might be different return Path(__file__).resolve().parent.parent @@ -57,7 +57,7 @@ def get_project_root() -> Path: def setup_python_path() -> None: """ Add shared Python modules to PYTHONPATH for runtime import resolution. - + This modifies sys.path in the current Python session to enable imports from the shared/python directory. Cross-platform compatibility: - Uses pathlib for path construction (handles OS-specific separators) @@ -68,11 +68,11 @@ def setup_python_path() -> None: project_root = get_project_root() # Use pathlib's / operator for cross-platform path joining shared_python_path = project_root / 'shared' / 'python' - + if shared_python_path.exists(): # Convert Path object to string for sys.path compatibility shared_path_str = str(shared_python_path) - + # Check if path is already in sys.path to avoid duplicates if shared_path_str not in sys.path: # Insert at beginning to prioritize our modules over system modules @@ -90,10 +90,10 @@ def generate_env_file() -> None: - pathlib handles path separators automatically (\\ on Windows, / on Unix) - Works with VS Code's python.envFile setting """ - + project_root = get_project_root() shared_python_path = project_root / 'shared' / 'python' - + # Create .env file content with absolute paths # These paths will be automatically correct for the current platform env_content = f"""# Auto-generated PYTHONPATH for VS Code - Run 'python setup/setup_python_path.py' to regenerate @@ -102,14 +102,14 @@ def generate_env_file() -> None: SPOTIFY_CLIENT_ID= SPOTIFY_CLIENT_SECRET= """ - + env_file_path = project_root / '.env' - + # Use explicit UTF-8 encoding for cross-platform text file compatibility # This ensures the file reads correctly on all operating systems with open(env_file_path, 'w', encoding='utf-8') as f: f.write(env_content) - + print() print(f"Generated .env file : {env_file_path}") print(f"PROJECT_ROOT : {project_root}") @@ -121,44 +121,44 @@ def generate_env_file() -> None: def install_jupyter_kernel(): """ Install and register the standardized Jupyter kernel for APIM Samples. - + This creates a consistent kernel specification that matches the dev container setup, ensuring notebooks have the same kernel regardless of environment. """ - + try: # Check if ipykernel is available - subprocess.run([sys.executable, '-m', 'ipykernel', '--version'], + subprocess.run([sys.executable, '-m', 'ipykernel', '--version'], check=True, capture_output=True, text=True) except (subprocess.CalledProcessError, FileNotFoundError): print("Installing ipykernel...") try: - subprocess.run([sys.executable, '-m', 'pip', 'install', 'ipykernel'], + subprocess.run([sys.executable, '-m', 'pip', 'install', 'ipykernel'], check=True, capture_output=True, text=True) print("āœ… ipykernel installed successfully") except subprocess.CalledProcessError as e: print(f"āŒ Failed to install ipykernel: {e}") return False - + # Register the kernel with standardized name and display name kernel_name = "apim-samples" display_name = "APIM Samples Python 3.12" - + try: # Install the kernel for the current user result = subprocess.run([ - sys.executable, '-m', 'ipykernel', 'install', - '--user', - f'--name={kernel_name}', + sys.executable, '-m', 'ipykernel', 'install', + '--user', + f'--name={kernel_name}', f'--display-name={display_name}' ], check=True, capture_output=True, text=True) - + print(f"āœ… Jupyter kernel registered successfully:") print(f" Name : {kernel_name}") print(f" Display Name : {display_name}") - + return True - + except subprocess.CalledProcessError as e: print(f"āŒ Failed to register Jupyter kernel: {e}") if e.stderr: @@ -169,20 +169,24 @@ def install_jupyter_kernel(): def create_vscode_settings(): """ Create VS Code workspace settings to automatically use the APIM Samples kernel. - + This ensures that when users open notebooks, VS Code automatically selects the correct kernel without manual intervention. """ - + project_root = get_project_root() vscode_dir = project_root / '.vscode' settings_file = vscode_dir / 'settings.json' - + # Create .vscode directory if it doesn't exist vscode_dir.mkdir(exist_ok=True) - + # Settings to update for kernel and Python configuration required_settings = { + "files.trimTrailingWhitespace": True, + "files.insertFinalNewline": True, + "files.trimFinalNewlines": True, + "editor.renderWhitespace": "trailing", "python.defaultInterpreterPath": "./.venv/Scripts/python.exe" if os.name == 'nt' else "./.venv/bin/python", "python.pythonPath": "./.venv/Scripts/python.exe" if os.name == 'nt' else "./.venv/bin/python", "python.envFile": "${workspaceFolder}/.env", @@ -200,7 +204,7 @@ def create_vscode_settings(): "**/python3.*", "*/site-packages/*", "/bin/python", - "/bin/python3", + "/bin/python3", "/opt/python/*/bin/python*", "/usr/bin/python", "/usr/bin/python3", @@ -222,34 +226,34 @@ def create_vscode_settings(): "notebook.defaultLanguage": "python", "notebook.kernelPickerType": "mru" } - + # For Windows, also set the default terminal profile if os.name == 'nt': required_settings["terminal.integrated.defaultProfile.windows"] = "PowerShell" - + # Check if settings.json already exists if settings_file.exists(): try: # Read the existing settings file content as text first with open(settings_file, 'r', encoding='utf-8') as f: content = f.read() - + # Try to parse as JSON (will fail if it has comments) import json existing_settings = json.loads(content) - + # Merge required settings with existing ones existing_settings.update(required_settings) - + # Write back the merged settings with open(settings_file, 'w', encoding='utf-8') as f: json.dump(existing_settings, f, indent=4) - + print(f"āœ… VS Code settings updated: {settings_file}") print(" - Existing settings preserved") print(" - Default kernel set to 'apim-samples'") print(" - Python interpreter configured for .venv") - + except (json.JSONDecodeError, IOError) as e: print(f"āš ļø Existing settings.json has comments or formatting issues") print(f" Please manually add these settings to preserve your existing configuration:") @@ -263,30 +267,30 @@ def create_vscode_settings(): import json with open(settings_file, 'w', encoding='utf-8') as f: json.dump(required_settings, f, indent=4) - + print(f"āœ… VS Code settings created: {settings_file}") print(" - Default kernel set to 'apim-samples'") print(" - Python interpreter configured for .venv") except (ImportError, IOError) as e: print(f"āŒ Failed to create VS Code settings: {e}") return False - + return True def validate_kernel_setup(): """ Validate that the APIM Samples kernel is properly registered and accessible. - + Returns: bool: True if kernel is properly configured, False otherwise """ - + try: # Check if ipykernel is available - result = subprocess.run([sys.executable, '-m', 'jupyter', 'kernelspec', 'list'], + result = subprocess.run([sys.executable, '-m', 'jupyter', 'kernelspec', 'list'], check=True, capture_output=True, text=True) - + # Check if our kernel is in the list if 'apim-samples' in result.stdout: print("āœ… APIM Samples kernel found in kernelspec list") @@ -294,7 +298,7 @@ def validate_kernel_setup(): else: print("āŒ APIM Samples kernel not found in kernelspec list") return False - + except subprocess.CalledProcessError as e: print(f"āŒ Failed to check kernel list: {e}") return False @@ -308,28 +312,28 @@ def force_kernel_consistency(): Enforce kernel consistency by removing conflicting kernels and ensuring only the APIM Samples kernel is used for notebooks. """ - + print("šŸ”§ Enforcing kernel consistency...") - + # First, ensure our kernel is registered if not validate_kernel_setup(): print("āš ļø Kernel not found, attempting to register...") if not install_jupyter_kernel(): print("āŒ Failed to register kernel - manual intervention required") return False - + # Update VS Code settings with strict kernel enforcement project_root = get_project_root() vscode_dir = project_root / '.vscode' settings_file = vscode_dir / 'settings.json' - + # Enhanced kernel settings that prevent VS Code from changing kernels strict_kernel_settings = { "jupyter.defaultKernel": "apim-samples", "jupyter.kernels.changeKernelIdForNotebookEnabled": False, "jupyter.kernels.filter": [ { - "path": "apim-samples", + "path": "apim-samples", "type": "pythonEnvironment" } ], @@ -342,7 +346,7 @@ def force_kernel_consistency(): # Prevent VS Code from auto-detecting other Python environments "jupyter.kernels.excludePythonEnvironments": [ "**/anaconda3/**", - "**/conda/**", + "**/conda/**", "**/miniconda3/**", "**/python3.*", "*/site-packages/*", @@ -350,7 +354,7 @@ def force_kernel_consistency(): "/bin/python3", "/opt/python/*/bin/python*", "/usr/bin/python", - "/usr/bin/python3", + "/usr/bin/python3", "/usr/local/bin/python", "/usr/local/bin/python3", "python", @@ -360,10 +364,10 @@ def force_kernel_consistency(): "**/bin/python*" ] } - + try: import json - + # Read existing settings or create new ones existing_settings = {} if settings_file.exists(): @@ -372,17 +376,17 @@ def force_kernel_consistency(): existing_settings = json.load(f) except json.JSONDecodeError: print("āš ļø Existing settings.json has issues, creating new one") - + # Merge settings, with our strict kernel settings taking priority existing_settings.update(strict_kernel_settings) - + # Write updated settings with open(settings_file, 'w', encoding='utf-8') as f: json.dump(existing_settings, f, indent=4) - + print("āœ… Strict kernel enforcement settings applied") return True - + except Exception as e: print(f"āŒ Failed to update VS Code settings: {e}") return False @@ -391,29 +395,29 @@ def force_kernel_consistency(): def setup_complete_environment(): """ Complete setup: generate .env file, register kernel, and configure VS Code. - + This provides a one-command setup that makes the local environment as easy to use as the dev container. """ - + print("šŸš€ Setting up complete APIM Samples environment...\n") - + # Step 1: Generate .env file print("1. Generating .env file for Python path configuration...") generate_env_file() - + # Step 2: Register Jupyter kernel print("2. Registering standardized Jupyter kernel...") kernel_success = install_jupyter_kernel() - + # Step 3: Configure VS Code settings with strict kernel enforcement print("\n3. Configuring VS Code workspace settings...") vscode_success = create_vscode_settings() - + # Step 4: Enforce kernel consistency print("\n4. Enforcing kernel consistency for future reliability...") consistency_success = force_kernel_consistency() - + # Summary print("\n" + "="*50) print("šŸ“‹ Setup Summary:") @@ -421,7 +425,7 @@ def setup_complete_environment(): print(f" {'āœ…' if kernel_success else 'āŒ'} Jupyter kernel registration: {'Complete' if kernel_success else 'Failed'}") print(f" {'āœ…' if vscode_success else 'āŒ'} VS Code settings: {'Complete' if vscode_success else 'Failed'}") print(f" {'āœ…' if consistency_success else 'āŒ'} Kernel consistency enforcement: {'Complete' if consistency_success else 'Failed'}") - + if kernel_success and vscode_success and consistency_success: print("\nšŸŽ‰ Setup complete! Your local environment now matches the dev container experience.") print(" ā€¢ Notebooks will automatically use the 'APIM Samples Python 3.12' kernel") @@ -443,13 +447,13 @@ def show_help(): print("\n" + "="*80) print(" APIM Samples Python Environment Setup") print("="*80) - + print("\nThis script configures the Python environment for APIM Samples development.") print("It handles PYTHONPATH setup, Jupyter kernel registration, and VS Code integration.") - + print("\nUSAGE:") print(" python setup/setup_python_path.py [OPTION]") - + print("\nOPTIONS:") print(" (no options) Show this help information") print(" --run-only Only modify current session's PYTHONPATH (basic setup)") @@ -457,37 +461,37 @@ def show_help(): print(" --setup-kernel Register the APIM Samples Jupyter kernel") print(" --setup-vscode Configure VS Code settings for optimal workflow") print(" --complete-setup Perform complete environment setup (recommended)") - + print("\nDETAILS:") print(" --run-only:") print(" ā€¢ Modifies the current Python session's sys.path") print(" ā€¢ Adds shared/python directory to PYTHONPATH") print(" ā€¢ Changes are temporary (only for current session)") print(" ā€¢ Use this for quick testing in the current terminal") - + print("\n --generate-env:") print(" ā€¢ Creates a .env file at project root") print(" ā€¢ Sets PROJECT_ROOT and PYTHONPATH variables") print(" ā€¢ Used by VS Code and can be sourced in shells") print(" ā€¢ Ensures consistent paths across platforms") - + print("\n --setup-kernel:") print(" ā€¢ Registers a standardized Jupyter kernel named 'apim-samples'") print(" ā€¢ Display name will be 'APIM Samples Python 3.12'") print(" ā€¢ Ensures consistent notebook experience") print(" ā€¢ Installs ipykernel if not already available") - + print("\n --setup-vscode:") print(" ā€¢ Creates/updates .vscode/settings.json") print(" ā€¢ Configures Python interpreter, Jupyter settings") print(" ā€¢ Sets default kernel for notebooks") print(" ā€¢ Preserves existing VS Code settings") - + print("\n --complete-setup:") print(" ā€¢ Performs all of the above steps") print(" ā€¢ Recommended for new development environments") print(" ā€¢ Recreates dev container experience locally") - + print("\nEXAMPLES:") print(" # Show this help information:") print(" python setup/setup_python_path.py") @@ -495,7 +499,7 @@ def show_help(): print(" python setup/setup_python_path.py --complete-setup") print("\n # Only generate the .env file:") print(" python setup/setup_python_path.py --generate-env") - + print("\nNOTES:") print(" ā€¢ Running this script without options now displays this help screen") print(" ā€¢ For basic PYTHONPATH setup, use the --run-only option") @@ -509,7 +513,7 @@ def show_help(): # Parse command-line arguments for different setup modes if len(sys.argv) > 1: command = sys.argv[1] - + if command == "--generate-env": # Legacy: just generate .env file generate_env_file() diff --git a/setup/verify_local_setup.py b/setup/verify_local_setup.py index c5c29b3..f4205a3 100644 --- a/setup/verify_local_setup.py +++ b/setup/verify_local_setup.py @@ -37,17 +37,17 @@ def check_virtual_environment(): if not venv_path.exists(): print_status("Virtual environment (.venv) not found", False) return False - + # Check if current Python executable is from the venv current_python = Path(sys.executable) expected_venv_python = venv_path / ("Scripts" if os.name == 'nt' else "bin") / "python" - + if not str(current_python).startswith(str(venv_path)): print_status(f"Not using virtual environment Python", False) print(f" Current: {current_python}") print(f" Expected: {expected_venv_python}") return False - + print_status("Virtual environment is active") return True @@ -61,9 +61,9 @@ def check_required_packages(): ('jupyter', 'jupyter'), ('python-dotenv', 'dotenv') ] - + missing_packages = [] - + for package_name, import_name in required_packages: try: __import__(import_name) @@ -71,7 +71,7 @@ def check_required_packages(): except ImportError: print_status(f"{package_name} is missing", False) missing_packages.append(package_name) - + return len(missing_packages) == 0 @@ -81,19 +81,19 @@ def check_shared_modules(): # Add project root to path project_root = Path(__file__).parent.parent shared_python_path = project_root / 'shared' / 'python' - + if str(shared_python_path) not in sys.path: sys.path.insert(0, str(shared_python_path)) - + # Try importing shared modules import utils import apimtypes import authfactory import apimrequests - + print_status("All shared modules can be imported") return True - + except ImportError as e: print_status(f"Shared module import failed: {e}", False) return False @@ -105,14 +105,14 @@ def check_jupyter_kernel(): result = subprocess.run([ sys.executable, '-m', 'jupyter', 'kernelspec', 'list' ], capture_output=True, text=True, check=True) - + if 'apim-samples' in result.stdout: print_status("APIM Samples Jupyter kernel is registered") return True else: print_status("APIM Samples Jupyter kernel not found", False) return False - + except (subprocess.CalledProcessError, FileNotFoundError): print_status("Could not check Jupyter kernel registration", False) return False @@ -121,34 +121,34 @@ def check_jupyter_kernel(): def check_vscode_settings(): """Check if VS Code settings are configured.""" vscode_settings = Path.cwd() / '.vscode' / 'settings.json' - + if not vscode_settings.exists(): print_status("VS Code settings.json not found", False) return False - + try: with open(vscode_settings, 'r', encoding='utf-8') as f: content = f.read() - + # Check for key settings (simple string search since the file may have comments) checks = [ ('jupyter.defaultKernel', 'apim-samples'), ('python.defaultInterpreterPath', '.venv'), ('notebook.defaultLanguage', 'python') ] - + all_found = True for setting_key, expected_value in checks: if setting_key not in content or expected_value not in content: print_status(f"VS Code setting '{setting_key}' not properly configured", False) all_found = False - + if all_found: print_status("VS Code settings are configured correctly") return True else: return False - + except Exception as e: print_status(f"Could not read VS Code settings: {e}", False) return False @@ -157,22 +157,22 @@ def check_vscode_settings(): def check_env_file(): """Check if .env file exists and has correct configuration.""" env_file = Path.cwd() / '.env' - + if not env_file.exists(): print_status(".env file not found", False) return False - + try: with open(env_file, 'r', encoding='utf-8') as f: content = f.read() - + if 'PYTHONPATH=' in content and 'PROJECT_ROOT=' in content: print_status(".env file is configured correctly") return True else: print_status(".env file missing required configuration", False) return False - + except Exception as e: print_status(f"Could not read .env file: {e}", False) return False @@ -182,7 +182,7 @@ def main(): """Run all verification checks.""" print("šŸ” APIM Samples Local Environment Verification") print("=" * 50) - + checks = [ ("Virtual Environment", check_virtual_environment), ("Required Packages", check_required_packages), @@ -191,9 +191,9 @@ def main(): ("Jupyter Kernel", check_jupyter_kernel), ("VS Code Settings", check_vscode_settings) ] - + results = [] - + for check_name, check_function in checks: print_section(check_name) result = check_function() @@ -204,13 +204,13 @@ def main(): total = len(results) # Calculate the maximum check name length for alignment max_name_length = max(len(check_name) for check_name, _ in results) - + for check_name, result in results: padded_name = check_name.ljust(max_name_length + 1) print_status(f"{padded_name}: {'PASS' if result else 'FAIL'}", result) - + print(f"\nšŸ“Š Overall: {passed}/{total} checks passed") - + if passed == total: print("\nšŸŽ‰ All checks passed! Your local environment is ready for APIM Samples.") print("šŸ’” You can now open any notebook and it should work seamlessly.") @@ -218,7 +218,7 @@ def main(): print("\nāš ļø Some checks failed. Consider running the setup script:") print(" python setup/setup_python_path.py --complete-setup") print(" Then restart VS Code and run this verification again.") - + return passed == total diff --git a/shared/azure-roles.json b/shared/azure-roles.json index 5f4374f..9febc5a 100644 --- a/shared/azure-roles.json +++ b/shared/azure-roles.json @@ -1,7 +1,10 @@ { "__source": "https://learn.microsoft.com/azure/role-based-access-control/built-in-roles", - "StorageBlobDataContributor": "ba92f5b4-2d11-453d-a403-e96b0029c9fe", - "StorageBlobDataReader": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1", + "AzureMapsContributor": "dba33070-676a-4fb0-87fa-064dc56ff7fb", "AzureMapsSearchAndRenderDataReader": "6be48352-4f82-47c9-ad5e-0acacefdb005", - "AzureMapsContributor": "dba33070-676a-4fb0-87fa-064dc56ff7fb" + "KeyVaultAdministrator": "00482a5a-887f-4fb3-b363-3b7fe8e74483", + "KeyVaultCertificateUser": "db79e9a7-68ee-4b58-9aeb-b90e7c24fcba", + "KeyVaultSecretsUser": "4633458b-17de-408a-b874-0445c86b69e6", + "StorageBlobDataContributor": "ba92f5b4-2d11-453d-a403-e96b0029c9fe", + "StorageBlobDataReader": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1" } diff --git a/shared/jupyter/verify-az-account.ipynb b/shared/jupyter/verify-az-account.ipynb index fea53ea..8e95f20 100644 --- a/shared/jupyter/verify-az-account.ipynb +++ b/shared/jupyter/verify-az-account.ipynb @@ -36,10 +36,23 @@ }, { "cell_type": "code", - "execution_count": null, + "execution_count": 2, "id": "475c5176", "metadata": {}, - "outputs": [], + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "āš™ļø \u001b[1;34maz account show\u001b[0m \n", + "āš™ļø \u001b[1;34maz ad signed-in-user show\u001b[0m \n", + "šŸ‘‰šŸ½ \u001b[1;34mCurrent user : simonkurtz@microsoft.com\u001b[0m \n", + "šŸ‘‰šŸ½ \u001b[1;34mCurrent user ID : 744cffd5-e99d-4cc0-9fe3-2d284e07a1c4\u001b[0m \n", + "šŸ‘‰šŸ½ \u001b[1;34mTenant ID : 16b3c013-d300-468d-ac64-7eda0820b6d3\u001b[0m \n", + "šŸ‘‰šŸ½ \u001b[1;34mSubscription ID : 5fb73327-9152-4f64-bf8a-90dc0cc4ad8f\u001b[0m \n" + ] + } + ], "source": [ "import utils\n", "\n", @@ -49,9 +62,9 @@ ], "metadata": { "kernelspec": { - "display_name": "APIM Samples Python 3.12", + "display_name": ".venv (3.12.10)", "language": "python", - "name": "apim-samples" + "name": "python3" }, "language_info": { "codemirror_mode": { diff --git a/shared/python/apimrequests.py b/shared/python/apimrequests.py index f16bfd9..aa5f966 100644 --- a/shared/python/apimrequests.py +++ b/shared/python/apimrequests.py @@ -5,10 +5,14 @@ import json import time import requests +import urllib3 import utils from typing import Any from apimtypes import HTTP_VERB, SUBSCRIPTION_KEY_PARAMETER_NAME, SLEEP_TIME_BETWEEN_REQUESTS_MS +# Disable SSL warnings for self-signed certificates +urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + # ------------------------------ # CLASSES @@ -25,21 +29,19 @@ class ApimRequests: # CONSTRUCTOR # ------------------------------ - def __init__(self, url: str, apimSubscriptionKey: str | None = None) -> None: + def __init__(self, url: str, apimSubscriptionKey: str | None = None, headers: dict[str, str] | None = None) -> None: """ Initialize the ApimRequests object. Args: url: The base URL for the APIM endpoint. apimSubscriptionKey: Optional subscription key for APIM. + headers: Optional additional headers to include in requests. """ - self.url = url - self.apimSubscriptionKey = apimSubscriptionKey - self._headers: dict[str, str] = {} - - if self.apimSubscriptionKey: - self._headers[SUBSCRIPTION_KEY_PARAMETER_NAME] = self.apimSubscriptionKey + self._url = url + self._headers: dict[str, str] = headers.copy() if headers else {} + self.subscriptionKey = apimSubscriptionKey self._headers['Accept'] = 'application/json' @@ -47,6 +49,35 @@ def __init__(self, url: str, apimSubscriptionKey: str | None = None) -> None: # PROPERTIES # ------------------------------ + # apimSubscriptionKey + @property + def subscriptionKey(self) -> str | None: + """ + Gets the APIM subscription key, if defined. + + Returns: + str | None: The APIM subscrption key, if defined; otherwise None. + """ + return self._subscriptionKey + + @subscriptionKey.setter + def subscriptionKey(self, value: str | None) -> None: + """ + Sets the APIM subscription key for the request to use. + + Args: + value: The APIM subscription key to use or None to not use any key for the request + """ + + self._subscriptionKey = value + + if self._subscriptionKey: + self._headers[SUBSCRIPTION_KEY_PARAMETER_NAME] = self._subscriptionKey + else: + # Remove subscription key from headers if it exists + self._headers.pop(SUBSCRIPTION_KEY_PARAMETER_NAME, None) + + # headers @property def headers(self) -> dict[str, str]: """ @@ -93,8 +124,8 @@ def _request(self, method: HTTP_VERB, path: str, headers: list[any] = None, data # Ensure path has a leading slash if not path.startswith('/'): path = '/' + path - - url = self.url + path + + url = self._url + path utils.print_info(f'{method.value} {url}') merged_headers = self.headers.copy() @@ -102,8 +133,10 @@ def _request(self, method: HTTP_VERB, path: str, headers: list[any] = None, data if headers: merged_headers.update(headers) - response = requests.request(method.value, url, headers = merged_headers, json = data) - + utils.print_info(merged_headers) + + response = requests.request(method.value, url, headers = merged_headers, json = data, verify = False) + content_type = response.headers.get('Content-Type') responseBody = None @@ -121,7 +154,7 @@ def _request(self, method: HTTP_VERB, path: str, headers: list[any] = None, data except requests.exceptions.RequestException as e: utils.print_error(f'Error making request: {e}') return None - + def _multiRequest(self, method: HTTP_VERB, path: str, runs: int, headers: list[any] = None, data: any = None, msg: str | None = None, printResponse: bool = True, sleepMs: int | None = None) -> list[dict[str, Any]]: """ Make multiple requests to the Azure API Management service. @@ -142,24 +175,25 @@ def _multiRequest(self, method: HTTP_VERB, path: str, runs: int, headers: list[a api_runs = [] session = requests.Session() + session.headers.update(self.headers.copy()) try: if msg: utils.print_message(msg, blank_above = True) - + # Ensure path has a leading slash if not path.startswith('/'): path = '/' + path - - url = self.url + path + + url = self._url + path utils.print_info(f'{method.value} {url}') for i in range(runs): utils.print_info(f'ā–¶ļø Run {i + 1}/{runs}:') start_time = time.time() - response = session.request(method.value, url, json = data) + response = session.request(method.value, url, json = data, verify = False) response_time = time.time() - start_time utils.print_info(f'āŒš {response_time:.2f} seconds') @@ -181,7 +215,7 @@ def _multiRequest(self, method: HTTP_VERB, path: str, runs: int, headers: list[a if sleepMs is not None: if sleepMs > 0: - time.sleep(sleepMs / 1000) + time.sleep(sleepMs / 1000) else: time.sleep(SLEEP_TIME_BETWEEN_REQUESTS_MS / 1000) # default sleep time finally: @@ -223,24 +257,26 @@ def _print_response_code(self, response) -> None: def _poll_async_operation(self, location_url: str, headers: dict = None, timeout: int = 60, poll_interval: int = 2) -> requests.Response | None: """ Poll an async operation until completion. - + Args: location_url: The URL from the Location header headers: Headers to include in polling requests timeout: Maximum time to wait in seconds poll_interval: Time between polls in seconds - + Returns: The final response when operation completes or None on error """ start_time = time.time() - + while time.time() - start_time < timeout: try: - response = requests.get(location_url, headers=headers or {}) - + utils.print_info(f'GET {location_url}', True) + utils.print_info(headers) + response = requests.get(location_url, headers = headers or {}, verify = False) + utils.print_info(f'Polling operation - Status: {response.status_code}') - + if response.status_code == 200: utils.print_ok('Async operation completed successfully!') return response @@ -250,11 +286,11 @@ def _poll_async_operation(self, location_url: str, headers: dict = None, timeout else: utils.print_error(f'Unexpected status code during polling: {response.status_code}') return response - + except requests.exceptions.RequestException as e: utils.print_error(f'Error polling operation: {e}') return None - + utils.print_error(f'Async operation timeout reached after {timeout} seconds') return None @@ -292,7 +328,7 @@ def singlePost(self, path: str, *, headers = None, data = None, msg: str | None """ return self._request(method = HTTP_VERB.POST, path = path, headers = headers, data = data, msg = msg, printResponse = printResponse) - + def multiGet(self, path: str, runs: int, headers = None, data = None, msg: str | None = None, printResponse: bool = True, sleepMs: int | None = None) -> list[dict[str, Any]]: """ Make multiple GET requests to the Azure API Management service. @@ -310,11 +346,11 @@ def multiGet(self, path: str, runs: int, headers = None, data = None, msg: str | """ return self._multiRequest(method = HTTP_VERB.GET, path = path, runs = runs, headers = headers, data = data, msg = msg, printResponse = printResponse, sleepMs = sleepMs) - + def singlePostAsync(self, path: str, *, headers = None, data = None, msg: str | None = None, printResponse = True, timeout = 60, poll_interval = 2) -> Any: """ Make an async POST request to the Azure API Management service and poll until completion. - + Args: path: The path to append to the base URL for the request. headers: Additional headers to include in the request. @@ -323,57 +359,55 @@ def singlePostAsync(self, path: str, *, headers = None, data = None, msg: str | printResponse: Whether to print the returned output. timeout: Maximum time to wait for completion in seconds. poll_interval: Time between polls in seconds. - + Returns: str | None: The JSON response as a string, or None on error. """ - + try: if msg: utils.print_message(msg, blank_above = True) - + # Ensure path has a leading slash if not path.startswith('/'): path = '/' + path - - url = self.url + path + + url = self._url + path utils.print_info(f'POST {url}') - + merged_headers = self.headers.copy() - + if headers: merged_headers.update(headers) - + + utils.print_info(merged_headers) + # Make the initial async request - response = requests.request(HTTP_VERB.POST.value, url, headers = merged_headers, json = data) - + response = requests.request(HTTP_VERB.POST.value, url, headers = merged_headers, json = data, verify = False) + utils.print_info(f'Initial response status: {response.status_code}') - + if response.status_code == 202: # Accepted - async operation started location_header = response.headers.get('Location') + if location_header: utils.print_info(f'Found Location header: {location_header}') - + # Poll the location URL until completion - final_response = self._poll_async_operation( - location_header, - headers=merged_headers, - timeout=timeout, - poll_interval=poll_interval - ) - + final_response = self._poll_async_operation(location_header, timeout = timeout, poll_interval = poll_interval ) + if final_response and final_response.status_code == 200: if printResponse: self._print_response(final_response) - + content_type = final_response.headers.get('Content-Type') responseBody = None - + if content_type and 'application/json' in content_type: responseBody = json.dumps(final_response.json(), indent = 4) else: responseBody = final_response.text - + return responseBody else: utils.print_error('Async operation failed or timed out') @@ -387,19 +421,17 @@ def singlePostAsync(self, path: str, *, headers = None, data = None, msg: str | # Non-async response, handle normally if printResponse: self._print_response(response) - + content_type = response.headers.get('Content-Type') responseBody = None - + if content_type and 'application/json' in content_type: responseBody = json.dumps(response.json(), indent = 4) else: responseBody = response.text - + return responseBody - + except requests.exceptions.RequestException as e: utils.print_error(f'Error making request: {e}') return None - - \ No newline at end of file diff --git a/shared/python/apimtesting.py b/shared/python/apimtesting.py index c4babf6..62a5460 100644 --- a/shared/python/apimtesting.py +++ b/shared/python/apimtesting.py @@ -1,5 +1,5 @@ """ -Rudimentary test framework to offload validations from the Jupyter notebooks. +Rudimentary test framework to offload validations from the Jupyter notebooks. """ from apimtypes import INFRASTRUCTURE @@ -34,19 +34,19 @@ def __init__(self, test_suite_name: str = 'APIM Tests', sample_name: str = None, self.total_tests = 0 self.errors = [] - + # ------------------------------ # PUBLIC METHODS # ------------------------------ - + def verify(self, value: any, expected: any) -> bool: """ Verify (i.e. assert) that a value matches an expected value. - + Args: value: The actual value to check expected: The expected value to match - + Returns: bool: True, if the assertion passes; otherwise, False. """ @@ -64,20 +64,20 @@ def verify(self, value: any, expected: any) -> bool: print(f'āŒ Test {self.total_tests}: FAIL - {str(e)}') return False - + def print_summary(self) -> None: """ Print a summary of the test results with visual flair and comprehensive details. - + Displays the number of tests passed, failed, and any errors encountered in a professionally formatted, visually appealing summary box. """ - + # Calculate success rate and create visual elements success_rate = (self.tests_passed / self.total_tests * 100) if self.total_tests > 0 else 0 border_width = 70 border_line = '=' * border_width - + # Create padded title title = f'šŸ§Ŗ {self.test_suite_name} - Test Results Summary šŸ§Ŗ' title_padding = max(0, (border_width - len(title)) // 2) @@ -88,7 +88,7 @@ def print_summary(self) -> None: print(f'{' ' * title_padding}{title}') print(border_line) print() - + print(f' Sample Name : {self.sample_name if self.sample_name else 'N/A'}') print(f' Deployment : {self.deployment.name if self.deployment else 'N/A'}\n') @@ -98,7 +98,7 @@ def print_summary(self) -> None: print(f' ā€¢ Tests Passed : {self.tests_passed:>5}') print(f' ā€¢ Tests Failed : {self.tests_failed:>5} {'āŒ' if self.tests_failed > 0 else ''}') print(f' ā€¢ Success Rate : {success_rate:>5.1f}%\n') - + # Overall result if self.tests_failed == 0 and self.total_tests > 0: print('šŸŽ‰ OVERALL RESULT: ALL TESTS PASSED! šŸŽ‰') @@ -110,9 +110,9 @@ def print_summary(self) -> None: print('āŒ OVERALL RESULT: SOME TESTS FAILED') print('šŸ› ļø Your APIM deployment needs attention') print(f'šŸ’” {self.tests_failed} issue(s) require investigation.') - + print() - + test_completion_msg = 'šŸŽÆ Test execution completed successfully! šŸŽÆ' # Detailed error reporting with style @@ -123,7 +123,7 @@ def print_summary(self) -> None: print('ā”€' * 50) for i, error in enumerate(self.errors, 1): print(f'{i:>2}. {error}\n') - + print() print(border_line) print(f'{test_completion_msg:^{border_width}}') diff --git a/shared/python/apimtypes.py b/shared/python/apimtypes.py index d3b0061..26d53d2 100644 --- a/shared/python/apimtypes.py +++ b/shared/python/apimtypes.py @@ -18,16 +18,16 @@ def _get_project_root() -> Path: # Try to get from environment variable first (set by .env file) if 'PROJECT_ROOT' in os.environ: return Path(os.environ['PROJECT_ROOT']) - + # Fallback: detect project root by walking up from this file current_path = Path(__file__).resolve().parent.parent.parent # Go up from shared/python/ indicators = ['README.md', 'requirements.txt', 'bicepconfig.json'] - + while current_path != current_path.parent: if all((current_path / indicator).exists() for indicator in indicators): return current_path current_path = current_path.parent - + # Ultimate fallback return Path(__file__).resolve().parent.parent.parent @@ -132,8 +132,28 @@ class INFRASTRUCTURE(StrEnum): SIMPLE_APIM = 'simple-apim' # Simple API Management with no dependencies APIM_ACA = 'apim-aca' # Azure API Management connected to Azure Container Apps AFD_APIM_PE = 'afd-apim-pe' # Azure Front Door Premium connected to Azure API Management (Standard V2) via Private Link + APPGW_APIM_PE = 'appgw-apim-pe' # Application Gateway connected to Azure API Management (Standard V2) via Private Link +class Endpoints(object): + + + """ + Represents a set of endpoints to call + """ + + afd_endpoint_url: str | None + apim_endpoint_url: str | None + appgw_hostname: str | None + appgw_public_ip: str | None + + # ------------------------------ + # CONSTRUCTOR + # ------------------------------ + + def __init__(self, deployment: INFRASTRUCTURE): + self.deployment = deployment + # ------------------------------ # CLASSES # ------------------------------ @@ -159,7 +179,7 @@ class API: # CONSTRUCTOR # ------------------------------ - def __init__(self, name: str, displayName: str, path: str, description: str, policyXml: Optional[str] = None, operations: Optional[List['APIOperation']] = None, tags: Optional[List[str]] = None, + def __init__(self, name: str, displayName: str, path: str, description: str, policyXml: Optional[str] = None, operations: Optional[List['APIOperation']] = None, tags: Optional[List[str]] = None, productNames: Optional[List[str]] = None, subscriptionRequired: bool = True, serviceUrl: Optional[str] = None): self.name = name self.displayName = displayName @@ -222,12 +242,12 @@ def __init__(self, name: str, displayName: str, urlTemplate: str, method: HTTP_V self.urlTemplate = urlTemplate self.description = description self.policyXml = policyXml if policyXml is not None else _read_policy_xml(DEFAULT_XML_POLICY_PATH) - self.templateParameters = templateParameters if templateParameters is not None else [] - + self.templateParameters = templateParameters if templateParameters is not None else [] + # ------------------------------ # PUBLIC METHODS # ------------------------------ - + def to_dict(self) -> dict: return { 'name': self.name, @@ -277,7 +297,7 @@ class POST_APIOperation(APIOperation): # ------------------------------ # CONSTRUCTOR # ------------------------------ - + def __init__(self, description: str, policyXml: Optional[str] = None, templateParameters: Optional[List[dict[str, Any]]] = None) -> None: super().__init__('POST', 'POST', '/', HTTP_VERB.POST, description, policyXml, templateParameters) @@ -315,7 +335,7 @@ def to_dict(self) -> dict: return nv_dict - + @dataclass class PolicyFragment: """ @@ -344,7 +364,7 @@ def to_dict(self) -> dict: pf_dict = { 'name': self.name, 'policyXml': self.policyXml, - 'description': self.description + 'description': self.description } return pf_dict @@ -357,7 +377,7 @@ class Product: Products in APIM are logical groupings of APIs with associated policies, terms of use, and rate limits. They are used to manage API access control. """ - + name: str displayName: str description: str @@ -365,11 +385,11 @@ class Product: subscriptionRequired: bool = True approvalRequired: bool = False policyXml: Optional[str] = None - + # ------------------------------ # CONSTRUCTOR # ------------------------------ - + def __init__(self, name: str, displayName: str, description: str, state: str = 'published', subscriptionRequired: bool = True, approvalRequired: bool = False, policyXml: Optional[str] = None) -> None: self.name = name self.displayName = displayName diff --git a/shared/python/authfactory.py b/shared/python/authfactory.py index e97396d..fd6628d 100644 --- a/shared/python/authfactory.py +++ b/shared/python/authfactory.py @@ -31,7 +31,7 @@ class JwtPayload: def __init__(self, subject: str, name: str, issued_at: int | None = None, expires: int | None = None, roles: dict[str] | None = None) -> None: self.sub = subject - self.name = name + self.name = name self.iat = issued_at if issued_at is not None else int(time.time()) self.exp = expires if expires is not None else self.iat + self.DEFAULT_LIFETIME_SECONDS self.roles = roles if roles is not None else [] @@ -50,7 +50,7 @@ def to_dict(self) -> dict[str, Any]: 'name': self.name, 'iat': self.iat, 'exp': self.exp - } + } if bool(self.roles): pl['roles'] = self.roles @@ -97,7 +97,7 @@ def encode(self) -> str: """ return jwt.encode(self.payload.to_dict(), self.key, algorithm = 'HS256') - + class AuthFactory: """ Factory class for creating authentication tokens or objects. @@ -111,15 +111,15 @@ class AuthFactory: def create_symmetric_jwt_token_for_user(user: User, jwt_key: str) -> str: if not user: raise ValueError('User is required to create a symmetric JWT token.') - + if not str(jwt_key): raise ValueError('JWT key is required to create a symmetric JWT token.') jwt_payload = JwtPayload(subject = user.id, name = user.name, roles = user.roles) symmetric_jwt = SymmetricJwtToken(jwt_key, jwt_payload) - + return symmetric_jwt.encode() - + @staticmethod def create_jwt_payload_for_user(user: User) -> Any: """ @@ -140,4 +140,3 @@ def create_jwt_payload_for_user(user: User) -> Any: 'name': user.name, 'roles': user.roles } - diff --git a/shared/python/charts.py b/shared/python/charts.py index bc17a6b..708a57d 100644 --- a/shared/python/charts.py +++ b/shared/python/charts.py @@ -146,4 +146,4 @@ def _plot_barchart(self, api_results: list[dict]) -> None: # Add figtext under the chart plt.figtext(0.13, -0.1, wrap = True, ha = 'left', fontsize = 11, s = self.fig_text) - plt.show() \ No newline at end of file + plt.show() diff --git a/shared/python/infrastructures.py b/shared/python/infrastructures.py index 67250f8..043afbf 100644 --- a/shared/python/infrastructures.py +++ b/shared/python/infrastructures.py @@ -1,9 +1,10 @@ """ -Infrastructure Types +Infrastructure Types """ import json import os +import time from pathlib import Path from apimtypes import * import utils @@ -23,7 +24,7 @@ class Infrastructure: # CONSTRUCTOR # ------------------------------ - def __init__(self, infra: INFRASTRUCTURE, index: int, rg_location: str, apim_sku: APIM_SKU = APIM_SKU.BASICV2, networkMode: APIMNetworkMode = APIMNetworkMode.PUBLIC, + def __init__(self, infra: INFRASTRUCTURE, index: int, rg_location: str, apim_sku: APIM_SKU = APIM_SKU.BASICV2, networkMode: APIMNetworkMode = APIMNetworkMode.PUBLIC, infra_pfs: List[PolicyFragment] | None = None, infra_apis: List[API] | None = None): self.infra = infra self.index = index @@ -33,24 +34,34 @@ def __init__(self, infra: INFRASTRUCTURE, index: int, rg_location: str, apim_sku self.infra_apis = infra_apis self.infra_pfs = infra_pfs + # Define and create the resource group self.rg_name = utils.get_infra_rg_name(infra, index) self.rg_tags = utils.build_infrastructure_tags(infra) + utils.create_resource_group(self.rg_name, self.rg_location, self.rg_tags) + + # Some infrastructure deployments require knowing the resource suffix that bicep will use prior to the main deployment. + # Uses subscription ID and resource group name hashing to generate the suffix. + self.resource_suffix = utils.get_unique_suffix_for_resource_group(self.rg_name) + + self.current_user, self.current_user_id, self.tenant_id, self.subscription_id = utils.get_account_info() + # ------------------------------ # PRIVATE METHODS - # ------------------------------ + # ------------------------------ def _define_bicep_parameters(self) -> dict: # Define the Bicep parameters with serialized APIs self.bicep_parameters = { + 'resourceSuffix' : {'value': self.resource_suffix}, 'apimSku' : {'value': self.apim_sku.value}, 'apis' : {'value': [api.to_dict() for api in self.apis]}, 'policyFragments' : {'value': [pf.to_dict() for pf in self.pfs]} } return self.bicep_parameters - + def _define_policy_fragments(self) -> List[PolicyFragment]: """ @@ -77,7 +88,7 @@ def _define_apis(self) -> List[API]: Define APIs for the infrastructure. """ - # The base APIs common to all infrastructures + # The base APIs common to all infrastructures # Hello World API pol_hello_world = utils.read_policy_xml(HELLO_WORLD_XML_POLICY_PATH) api_hwroot_get = GET_APIOperation('Gets a Hello World message', pol_hello_world) @@ -92,52 +103,52 @@ def _define_apis(self) -> List[API]: def _verify_infrastructure(self, rg_name: str) -> bool: """ Verify that the infrastructure was created successfully. - + Args: rg_name (str): Resource group name. - + Returns: bool: True if verification passed, False otherwise. """ - + print('\nšŸ” Verifying infrastructure...') - + try: # Check if the resource group exists if not utils.does_resource_group_exist(rg_name): print('āŒ Resource group does not exist!') return False - + print('āœ… Resource group verified') - + # Get APIM service details output = utils.run(f'az apim list -g {rg_name} --query "[0]" -o json', print_command_to_run = False, print_errors = False) - + if output.success and output.json_data: apim_name = output.json_data.get('name') - + print(f'āœ… APIM Service verified: {apim_name}') - + # Get API count - api_output = utils.run(f'az apim api list --service-name {apim_name} -g {rg_name} --query "length(@)"', + api_output = utils.run(f'az apim api list --service-name {apim_name} -g {rg_name} --query "length(@)"', print_command_to_run = False, print_errors = False) - + if api_output.success: api_count = int(api_output.text.strip()) print(f'āœ… APIs verified: {api_count} API(s) created') - + # Test basic connectivity (optional) if api_count > 0: try: # Get subscription key for testing - sub_output = utils.run(f'az apim subscription list --service-name {apim_name} -g {rg_name} --query "[0].primaryKey" -o tsv', + sub_output = utils.run(f'az apim subscription list --service-name {apim_name} -g {rg_name} --query "[0].primaryKey" -o tsv', print_command_to_run = False, print_errors = False) - + if sub_output.success and sub_output.text.strip(): print('āœ… Subscription key available for API testing') except: pass - + # Call infrastructure-specific verification if self._verify_infrastructure_specific(rg_name): print('\nšŸŽ‰ Infrastructure verification completed successfully!') @@ -145,11 +156,11 @@ def _verify_infrastructure(self, rg_name: str) -> bool: else: print('\nāŒ Infrastructure-specific verification failed!') return False - + else: print('\nāŒ APIM service not found!') return False - + except Exception as e: print(f'\nāš ļø Verification failed with error: {str(e)}') return False @@ -158,10 +169,10 @@ def _verify_infrastructure_specific(self, rg_name: str) -> bool: """ Verify infrastructure-specific components. This is a virtual method that can be overridden by subclasses for specific verification logic. - + Args: rg_name (str): Resource group name. - + Returns: bool: True if verification passed, False otherwise. """ @@ -170,17 +181,17 @@ def _verify_infrastructure_specific(self, rg_name: str) -> bool: # ------------------------------ # PUBLIC METHODS - # ------------------------------ + # ------------------------------ def deploy_infrastructure(self, is_update: bool = False) -> 'utils.Output': """ Deploy the infrastructure using the defined Bicep parameters. This method should be implemented in subclasses to handle specific deployment logic. - + Args: is_update (bool): Whether this is an update to existing infrastructure or a new deployment. """ - + action_verb = "Updating" if is_update else "Creating" print(f'\nšŸš€ {action_verb} infrastructure...\n') print(f' Infrastructure : {self.infra.value}') @@ -190,24 +201,25 @@ def deploy_infrastructure(self, is_update: bool = False) -> 'utils.Output': print(f' APIM SKU : {self.apim_sku.value}\n') self._define_policy_fragments() - self._define_apis() + self._define_apis() self._define_bicep_parameters() # Determine the correct infrastructure directory based on the infrastructure type original_cwd = os.getcwd() - + # Map infrastructure types to their directory names infra_dir_map = { INFRASTRUCTURE.SIMPLE_APIM: 'simple-apim', - INFRASTRUCTURE.APIM_ACA: 'apim-aca', - INFRASTRUCTURE.AFD_APIM_PE: 'afd-apim-pe' + INFRASTRUCTURE.APIM_ACA: 'apim-aca', + INFRASTRUCTURE.AFD_APIM_PE: 'afd-apim-pe', + INFRASTRUCTURE.APPGW_APIM_PE: 'appgw-apim-pe' } - + # Get the infrastructure directory infra_dir_name = infra_dir_map.get(self.infra) if not infra_dir_name: raise ValueError(f"Unknown infrastructure type: {self.infra}") - + # Navigate to the correct infrastructure directory # From shared/python -> ../../infrastructure/{infra_type}/ shared_dir = Path(__file__).parent @@ -216,68 +228,64 @@ def deploy_infrastructure(self, is_update: bool = False) -> 'utils.Output': try: os.chdir(infra_dir) print(f'šŸ“ Changed working directory to: {infra_dir}') - + # Prepare deployment parameters and run directly to avoid path detection issues bicep_parameters_format = { '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#', 'contentVersion': '1.0.0.0', 'parameters': self.bicep_parameters } - + # Write the parameters file params_file_path = infra_dir / 'params.json' - with open(params_file_path, 'w') as file: + with open(params_file_path, 'w') as file: file.write(json.dumps(bicep_parameters_format)) - + print(f"šŸ“ Updated the policy XML in the bicep parameters file 'params.json'") - + # ------------------------------ # EXECUTE DEPLOYMENT # ------------------------------ - - # Create the resource group if it doesn't exist - utils.create_resource_group(self.rg_name, self.rg_location, self.rg_tags) - + # Run the deployment directly main_bicep_path = infra_dir / 'main.bicep' output = utils.run( f'az deployment group create --name {self.infra.value} --resource-group {self.rg_name} --template-file "{main_bicep_path}" --parameters "{params_file_path}" --query "properties.outputs"', - f"Deployment '{self.infra.value}' succeeded", + f"Deployment '{self.infra.value}' succeeded", f"Deployment '{self.infra.value}' failed.", print_command_to_run = False ) - + # ------------------------------ # VERIFY DEPLOYMENT RESULTS # ------------------------------ - + if output.success: print('\nāœ… Infrastructure creation completed successfully!') if output.json_data: apim_gateway_url = output.get('apimResourceGatewayURL', 'APIM API Gateway URL', suppress_logging = True) apim_apis = output.getJson('apiOutputs', 'APIs', suppress_logging = True) - + print(f'\nšŸ“‹ Infrastructure Details:') print(f' Resource Group : {self.rg_name}') print(f' Location : {self.rg_location}') print(f' APIM SKU : {self.apim_sku.value}') print(f' Gateway URL : {apim_gateway_url}') print(f' APIs Created : {len(apim_apis)}') - + # TODO: Perform basic verification self._verify_infrastructure(self.rg_name) else: print('āŒ Infrastructure creation failed!') - + return output - + finally: # Always restore the original working directory os.chdir(original_cwd) print(f'šŸ“ Restored working directory to: {original_cwd}') - class SimpleApimInfrastructure(Infrastructure): """ Represents a simple API Management infrastructure. @@ -286,7 +294,6 @@ class SimpleApimInfrastructure(Infrastructure): def __init__(self, rg_location: str, index: int, apim_sku: APIM_SKU = APIM_SKU.BASICV2, infra_pfs: List[PolicyFragment] | None = None, infra_apis: List[API] | None = None): super().__init__(INFRASTRUCTURE.SIMPLE_APIM, index, rg_location, apim_sku, APIMNetworkMode.PUBLIC, infra_pfs, infra_apis) - class ApimAcaInfrastructure(Infrastructure): """ Represents an API Management with Azure Container Apps infrastructure. @@ -298,17 +305,17 @@ def __init__(self, rg_location: str, index: int, apim_sku: APIM_SKU = APIM_SKU.B def _verify_infrastructure_specific(self, rg_name: str) -> bool: """ Verify APIM-ACA specific components. - + Args: rg_name (str): Resource group name. - + Returns: bool: True if verification passed, False otherwise. """ try: # Get Container Apps count aca_output = utils.run(f'az containerapp list -g {rg_name} --query "length(@)"', print_command_to_run = False, print_errors = False) - + if aca_output.success: aca_count = int(aca_output.text.strip()) print(f'āœ… Container Apps verified: {aca_count} app(s) created') @@ -316,12 +323,11 @@ def _verify_infrastructure_specific(self, rg_name: str) -> bool: else: print('āŒ Container Apps verification failed!') return False - + except Exception as e: print(f'āš ļø Container Apps verification failed with error: {str(e)}') return False - class AfdApimAcaInfrastructure(Infrastructure): """ Represents an Azure Front Door with API Management and Azure Container Apps infrastructure. @@ -336,13 +342,13 @@ def _define_bicep_parameters(self) -> dict: """ # Get base parameters base_params = super()._define_bicep_parameters() - + # Add AFD-specific parameters afd_params = { 'apimPublicAccess': {'value': True}, # Initially true for private link approval 'useACA': {'value': len(self.infra_apis) > 0 if self.infra_apis else False} # Enable ACA if custom APIs are provided } - + # Merge with base parameters base_params.update(afd_params) return base_params @@ -350,15 +356,15 @@ def _define_bicep_parameters(self) -> dict: def _approve_private_link_connections(self, apim_service_id: str) -> bool: """ Approve pending private link connections from AFD to APIM. - + Args: apim_service_id (str): APIM service resource ID. - + Returns: bool: True if all connections were approved successfully, False otherwise. """ print('\nšŸ”— Step 3: Approving Front Door private link connection to APIM...') - + try: # Get all pending private endpoint connections output = utils.run( @@ -366,43 +372,43 @@ def _approve_private_link_connections(self, apim_service_id: str) -> bool: print_command_to_run = False, print_errors = False ) - + if not output.success: print('āŒ Failed to retrieve private endpoint connections') return False - + pending_connections = output.json_data if output.is_json else [] - + # Handle both single object and list if isinstance(pending_connections, dict): pending_connections = [pending_connections] - + total = len(pending_connections) print(f' Found {total} pending private link service connection(s)') - + if total == 0: print(' āœ… No pending connections found - may already be approved') return True - + # Approve each pending connection for i, conn in enumerate(pending_connections, 1): conn_id = conn.get('id') conn_name = conn.get('name', '') print(f' Approving {i}/{total}: {conn_name}') - + approve_result = utils.run( f'az network private-endpoint-connection approve --id {conn_id} --description "Approved by infrastructure deployment"', f'āœ… Private Link Connection approved: {conn_name}', f'āŒ Failed to approve Private Link Connection: {conn_name}', print_command_to_run = False ) - + if not approve_result.success: return False - + print(' āœ… All private link connections approved successfully') return True - + except Exception as e: print(f' āŒ Error during private link approval: {str(e)}') return False @@ -410,36 +416,36 @@ def _approve_private_link_connections(self, apim_service_id: str) -> bool: def _disable_apim_public_access(self) -> bool: """ Disable public network access to APIM by redeploying with updated parameters. - + Returns: bool: True if deployment succeeded, False otherwise. """ print('\nšŸ”’ Step 5: Disabling API Management public network access...') - + try: # Update parameters to disable public access self.bicep_parameters['apimPublicAccess']['value'] = False - + # Write updated parameters file original_cwd = os.getcwd() shared_dir = Path(__file__).parent infra_dir = shared_dir.parent.parent / 'infrastructure' / 'afd-apim-pe' - + try: os.chdir(infra_dir) - + bicep_parameters_format = { '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#', 'contentVersion': '1.0.0.0', 'parameters': self.bicep_parameters } - + params_file_path = infra_dir / 'params.json' with open(params_file_path, 'w') as file: file.write(json.dumps(bicep_parameters_format)) - + print(' šŸ“ Updated parameters to disable public access') - + # Run the second deployment main_bicep_path = infra_dir / 'main.bicep' output = utils.run( @@ -448,12 +454,12 @@ def _disable_apim_public_access(self) -> bool: 'āŒ Failed to disable public access', print_command_to_run = False ) - + return output.success - + finally: os.chdir(original_cwd) - + except Exception as e: print(f' āŒ Error during public access disable: {str(e)}') return False @@ -461,31 +467,31 @@ def _disable_apim_public_access(self) -> bool: def _verify_apim_connectivity(self, apim_gateway_url: str) -> bool: """ Verify APIM connectivity before disabling public access using the health check endpoint. - + Args: apim_gateway_url (str): APIM gateway URL. - + Returns: bool: True if connectivity test passed, False otherwise. """ print('\nāœ… Step 4: Verifying API request success via API Management...') - + try: # Use the health check endpoint which doesn't require a subscription key import requests - + healthcheck_url = f'{apim_gateway_url}/status-0123456789abcdef' print(f' Testing connectivity to health check endpoint: {healthcheck_url}') - + response = requests.get(healthcheck_url, timeout=30) - + if response.status_code == 200: print(' āœ… APIM connectivity verified - Health check returned 200') return True else: print(f' āš ļø APIM health check returned status code {response.status_code} (expected 200)') return True # Continue anyway as this might be expected during deployment - + except Exception as e: print(f' āš ļø APIM connectivity test failed: {str(e)}') print(' ā„¹ļø Continuing deployment - this may be expected during infrastructure setup') @@ -494,10 +500,10 @@ def _verify_apim_connectivity(self, apim_gateway_url: str) -> bool: def deploy_infrastructure(self, is_update: bool = False) -> Output: """ Deploy the AFD-APIM-PE infrastructure with the required multi-step process. - + Args: is_update (bool): Whether this is an update to existing infrastructure or a new deployment. - + Returns: utils.Output: The deployment result. """ @@ -505,53 +511,45 @@ def deploy_infrastructure(self, is_update: bool = False) -> Output: print(f'\nšŸš€ {action_verb} AFD-APIM-PE infrastructure deployment...\n') print(' This deployment requires multiple steps:\n') print(' 1. Initial deployment with public access enabled') - print(' 2. Approve private link connections') + print(' 2. Approve private link connections') print(' 3. Verify connectivity') print(' 4. Disable public access to APIM') print(' 5. Final verification\n') - + # Step 1 & 2: Initial deployment using base class method output = super().deploy_infrastructure(is_update) - + if not output.success: print('āŒ Initial deployment failed!') return output - + print('\nāœ… Step 1 & 2: Initial infrastructure deployment completed') - + # Extract required values from deployment output if not output.json_data: print('āŒ No deployment output data available') return output - + apim_service_id = output.get('apimServiceId', 'APIM Service ID', suppress_logging = True) apim_gateway_url = output.get('apimResourceGatewayURL', 'APIM Gateway URL', suppress_logging = True) - + if not apim_service_id or not apim_gateway_url: print('āŒ Required APIM information not found in deployment output') return output - + # Step 3: Approve private link connections if not self._approve_private_link_connections(apim_service_id): print('āŒ Private link approval failed!') - # Create a failed output object - failed_output = utils.Output() - failed_output.success = False - failed_output.text = 'Private link approval failed' - return failed_output - + return utils.Output(False, 'Private link approval failed') + # Step 4: Verify connectivity (optional - continues on failure) self._verify_apim_connectivity(apim_gateway_url) - + # Step 5: Disable public access if not self._disable_apim_public_access(): print('āŒ Failed to disable public access!') - # Create a failed output object - failed_output = utils.Output() - failed_output.success = False - failed_output.text = 'Failed to disable public access' - return failed_output - + return utils.Output(False, 'Failed to disable public access') + print('\nšŸŽ‰ AFD-APIM-PE infrastructure deployment completed successfully!\n') print('\nšŸ“‹ Final Configuration:\n') print(' āœ… Azure Front Door deployed') @@ -559,35 +557,35 @@ def deploy_infrastructure(self, is_update: bool = False) -> Output: print(' āœ… Private link connections approved') print(' āœ… Public access to APIM disabled') print(' ā„¹ļø Traffic now flows: Internet ā†’ AFD ā†’ Private Endpoint ā†’ APIM') - + return output def _verify_infrastructure_specific(self, rg_name: str) -> bool: """ Verify AFD-APIM-PE specific components. - + Args: rg_name (str): Resource group name. - + Returns: bool: True if verification passed, False otherwise. """ try: # Check Front Door afd_output = utils.run(f'az afd profile list -g {rg_name} --query "[0]" -o json', print_command_to_run = False, print_errors = False) - + if afd_output.success and afd_output.json_data: afd_name = afd_output.json_data.get('name') print(f'āœ… Azure Front Door verified: {afd_name}') - + # Check Container Apps if they exist (optional for this infrastructure) aca_output = utils.run(f'az containerapp list -g {rg_name} --query "length(@)"', print_command_to_run = False, print_errors = False) - + if aca_output.success: aca_count = int(aca_output.text.strip()) if aca_count > 0: print(f'āœ… Container Apps verified: {aca_count} app(s) created') - + # Verify private endpoint connections (optional - don't fail if it errors) try: apim_output = utils.run(f'az apim list -g {rg_name} --query "[0].id" -o tsv', print_command_to_run = False, print_errors = False) @@ -600,12 +598,428 @@ def _verify_infrastructure_specific(self, rg_name: str) -> bool: except: # Don't fail verification if private endpoint check fails pass - + return True else: print('āŒ Azure Front Door verification failed!') return False - + except Exception as e: print(f'āš ļø AFD-APIM-PE verification failed with error: {str(e)}') return False + +class AppGwApimPeInfrastructure(Infrastructure): + """ + Represents an Application Gateway with API Management and Azure Container Apps infrastructure. + """ + + # Class constants for certificate configuration + CERT_NAME = 'appgw-cert' + DOMAIN_NAME = 'api.apim-samples.contoso.com' + + def __init__(self, rg_location: str, index: int, apim_sku: APIM_SKU = APIM_SKU.BASICV2, infra_pfs: List[PolicyFragment] | None = None, infra_apis: List[API] | None = None): + super().__init__(INFRASTRUCTURE.APPGW_APIM_PE, index, rg_location, apim_sku, APIMNetworkMode.PUBLIC, infra_pfs, infra_apis) + + def _create_keyvault_certificate(self, key_vault_name: str) -> bool: + """ + Create a self-signed certificate in Key Vault for Application Gateway TLS. + This is done via Azure CLI because deployment scripts require storage accounts with + shared key access enabled, which may be blocked by Azure Policy. + + Args: + key_vault_name (str): Name of the Key Vault. + + Returns: + bool: True if certificate was created or already exists, False on failure. + """ + print(f'\n šŸ” Creating self-signed certificate in Key Vault...\n') + print(f' Key Vault : {key_vault_name}') + print(f' Certificate : {self.CERT_NAME}') + print(f' Domain : {self.DOMAIN_NAME}') + + # Check if certificate already exists + check_output = utils.run( + f'az keyvault certificate show --vault-name {key_vault_name} --name {self.CERT_NAME} -o json', + print_command_to_run = False, + print_errors = False + ) + + if check_output.success: + print(f' āœ… Certificate already exists in Key Vault') + return True + + # Build the certificate policy JSON for Azure CLI + cert_policy = json.dumps({ + "issuerParameters": { + "name": "Self" + }, + "keyProperties": { + "exportable": True, + "keySize": 2048, + "keyType": "RSA", + "reuseKey": True + }, + "secretProperties": { + "contentType": "application/x-pkcs12" + }, + "x509CertificateProperties": { + "keyUsage": [ + "digitalSignature", + "keyEncipherment" + ], + "subject": f"CN={self.DOMAIN_NAME}", + "validityInMonths": 12 + } + }) + + # Create the certificate using Azure CLI + # Use escaped double quotes for Windows PowerShell compatibility + escaped_policy = cert_policy.replace('"', '\\"') + create_output = utils.run( + f'az keyvault certificate create --vault-name {key_vault_name} --name {self.CERT_NAME} --policy "{escaped_policy}"', + f'āœ… Certificate created successfully in Key Vault', + f'āŒ Failed to create certificate in Key Vault', + print_command_to_run = False + ) + + return create_output.success + + def _define_bicep_parameters(self) -> dict: + """ + Define APPGW-APIM-PE specific Bicep parameters. + """ + # Get base parameters + base_params = super()._define_bicep_parameters() + + # Add AppGw-specific parameters + appgw_params = { + 'apimPublicAccess': {'value': True}, # Initially true for private link approval + 'useACA': {'value': len(self.infra_apis) > 0 if self.infra_apis else False}, # Enable ACA if custom APIs are provided + 'setCurrentUserAsKeyVaultAdmin': {'value': True}, + 'currentUserId': {'value': self.current_user_id} + } + + # Merge with base parameters + base_params.update(appgw_params) + return base_params + + def _approve_private_link_connections(self, apim_service_id: str) -> bool: + """ + Approve pending private link connections from App Gateway to APIM. + + Args: + apim_service_id (str): APIM service resource ID. + + Returns: + bool: True if all connections were approved successfully, False otherwise. + """ + print('\nšŸ”— Step 3: Approving App Gateway private link connection to APIM...') + + try: + # Get all pending private endpoint connections + output = utils.run( + f'az network private-endpoint-connection list --id {apim_service_id} --query "[?contains(properties.privateLinkServiceConnectionState.status, \'Pending\')]" -o json', + print_command_to_run = False, + print_errors = False + ) + + if not output.success: + print('āŒ Failed to retrieve private endpoint connections') + return False + + pending_connections = output.json_data if output.is_json else [] + + # Handle both single object and list + if isinstance(pending_connections, dict): + pending_connections = [pending_connections] + + total = len(pending_connections) + print(f' Found {total} pending private link service connection(s)') + + if total == 0: + print(' āœ… No pending connections found - this is normal for VNet integration scenarios') + print(' ā„¹ļø Application Gateway will access APIM through VNet integration') + return True + + # Approve each pending connection + for i, conn in enumerate(pending_connections, 1): + conn_id = conn.get('id') + conn_name = conn.get('name', '') + print(f' Approving {i}/{total}: {conn_name}') + + approve_result = utils.run( + f'az network private-endpoint-connection approve --id {conn_id} --description "Approved by infrastructure deployment"', + f'āœ… Private Link Connection approved: {conn_name}', + f'āŒ Failed to approve Private Link Connection: {conn_name}', + print_command_to_run = False + ) + + if not approve_result.success: + return False + + print(' āœ… All private link connections approved successfully') + return True + + except Exception as e: + print(f' āŒ Error during private link approval: {str(e)}') + return False + + def _disable_apim_public_access(self) -> bool: + """ + Disable public network access to APIM by redeploying with updated parameters. + + Returns: + bool: True if deployment succeeded, False otherwise. + """ + print('\nšŸ”’ Step 5: Disabling API Management public network access...') + + try: + # Update parameters to disable public access + self.bicep_parameters['apimPublicAccess']['value'] = False + + # Write updated parameters file + original_cwd = os.getcwd() + shared_dir = Path(__file__).parent + infra_dir = shared_dir.parent.parent / 'infrastructure' / 'appgw-apim-pe' + + try: + os.chdir(infra_dir) + + bicep_parameters_format = { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#', + 'contentVersion': '1.0.0.0', + 'parameters': self.bicep_parameters + } + + params_file_path = infra_dir / 'params.json' + with open(params_file_path, 'w') as file: + file.write(json.dumps(bicep_parameters_format)) + + print(' šŸ“ Updated parameters to disable public access') + + # Run the second deployment + main_bicep_path = infra_dir / 'main.bicep' + output = utils.run( + f'az deployment group create --name {self.infra.value}-lockdown --resource-group {self.rg_name} --template-file "{main_bicep_path}" --parameters "{params_file_path}" --query "properties.outputs"', + 'āœ… Public access disabled successfully', + 'āŒ Failed to disable public access', + print_command_to_run = False + ) + + return output.success + + finally: + os.chdir(original_cwd) + + except Exception as e: + print(f' āŒ Error during public access disable: {str(e)}') + return False + + def _verify_apim_connectivity(self, apim_gateway_url: str) -> bool: + """ + Verify APIM connectivity before disabling public access using the health check endpoint. + + Args: + apim_gateway_url (str): APIM gateway URL. + + Returns: + bool: True if connectivity test passed, False otherwise. + """ + print('\nāœ… Step 4: Verifying API request success via API Management...') + + try: + # Use the health check endpoint which doesn't require a subscription key + import requests + + healthcheck_url = f'{apim_gateway_url}/status-0123456789abcdef' + print(f' Testing connectivity to health check endpoint: {healthcheck_url}') + + response = requests.get(healthcheck_url, timeout=30) + + if response.status_code == 200: + print(' āœ… APIM connectivity verified - Health check returned 200') + return True + else: + print(f' āš ļø APIM health check returned status code {response.status_code} (expected 200)') + return True # Continue anyway as this might be expected during deployment + + except Exception as e: + print(f' āš ļø APIM connectivity test failed: {str(e)}') + print(' ā„¹ļø Continuing deployment - this may be expected during infrastructure setup') + return True # Continue anyway + + def _create_keyvault(self, key_vault_name: str) -> bool: + # Check if Key Vault already exists + check_kv = utils.run( + f'az keyvault show --name {key_vault_name} --resource-group {self.rg_name} -o json', + print_command_to_run = False, + print_errors = False + ) + + if not check_kv.success: + # Create Key Vault via Azure CLI with RBAC authorization (consistent with Bicep module) + print(f' Creating Key Vault: {key_vault_name}') + utils.run( + f'az keyvault create --name {key_vault_name} --resource-group {self.rg_name} --location {self.rg_location} --enable-rbac-authorization true', + f'āœ… Key Vault created: {key_vault_name}', + f'āŒ Failed to create Key Vault', + print_command_to_run = False + ) + + #Assign Key Vault Certificates Officer role to current user for certificate creation + + # Key Vault Certificates Officer role + assign_kv_role = utils.run( + f'az role assignment create --role "Key Vault Certificates Officer" --assignee {self.current_user_id} --scope /subscriptions/{self.subscription_id}/resourceGroups/{self.rg_name}/providers/Microsoft.KeyVault/vaults/{key_vault_name}', + print_command_to_run = False, + print_errors = False + ) + if not assign_kv_role.success: + print(f' āŒ Failed to assign Key Vault Certificates Officer role to current user') + return False + + print(' āœ… Assigned Key Vault Certificates Officer role to current user') + + # Brief wait for role assignment propagation + print(' ā³ Waiting for role assignment propagation (15 seconds)...') + time.sleep(15) + + return True + + def deploy_infrastructure(self, is_update: bool = False) -> Output: + """ + Deploy the APPGW-APIM-PE infrastructure with the required multi-step process. + + Args: + is_update (bool): Whether this is an update to existing infrastructure or a new deployment. + + Returns: + utils.Output: The deployment result. + """ + action_verb = "Updating" if is_update else "Starting" + print(f'\nšŸš€ {action_verb} APPGW-APIM-PE infrastructure deployment...\n') + print(' This deployment requires multiple steps:\n') + print(' 1. Create Key Vault and self-signed certificate') + print(' 2. Initial deployment with public access enabled') + print(' 3. Approve private link connections') + print(' 4. Verify connectivity') + print(' 5. Disable public access to APIM') + + # Step 1: Create Key Vault and certificate before main deployment + print('\nšŸ“‹ Step 1: Creating Key Vault and certificate...\n') + key_vault_name = f'kv-{self.resource_suffix}' + + # Create the Key Vault + if not self._create_keyvault(key_vault_name): + return utils.Output(False, 'Failed to create Key Vault') + + # Create the certificate + if not self._create_keyvault_certificate(key_vault_name): + return utils.Output(False, 'Failed to create certificate in Key Vault') + + print('\nāœ… Step 1: Key Vault and certificate creation completed') + + # Step 2: Initial deployment using base class method + print('\nšŸ“‹ Step 2: Initial infrastructure deploying...\n') + + output = super().deploy_infrastructure(is_update) + + if not output.success: + print('āŒ Initial deployment failed!') + return output + + print('\nāœ… Step 2: Initial infrastructure deployment completed') + + # Extract required values from deployment output + if not output.json_data: + print('āŒ No deployment output data available') + return output + + apim_service_id = output.get('apimServiceId', 'APIM Service ID', suppress_logging = True) + apim_gateway_url = output.get('apimResourceGatewayURL', 'APIM Gateway URL', suppress_logging = True) + self.appgw_domain_name = output.get('appGatewayDomainName', 'App Gateway Domain Name', suppress_logging = True) + self.appgw_public_ip = output.get('appgwPublicIpAddress', 'App Gateway Public IP', suppress_logging = True) + + if not apim_service_id or not apim_gateway_url: + print('āŒ Required APIM information not found in deployment output') + return output + + # Step 3: Approve private link connections + print('\nšŸ“‹ Step 3: Approve private link connection...\n') + if not self._approve_private_link_connections(apim_service_id): + print('āŒ Private link approval failed!') + return utils.Output(False, 'Private link approval failed') + + # Step 4: Verify connectivity (optional - continues on failure) + print('\nšŸ“‹ Step 4: Approving private link connection...\n') + self._verify_apim_connectivity(apim_gateway_url) + + # Step 5: Disable public access + print('\nšŸ“‹ Step 5: Disabling public access...\n') + if not self._disable_apim_public_access(): + print('āŒ Failed to disable public access!') + return utils.Output(False, 'Failed to disable public access') + + print('\nšŸŽ‰ APPGW-APIM-PE infrastructure deployment completed successfully!\n') + print('\nšŸ“‹ Final Configuration:\n') + print(' āœ… Application Gateway deployed') + print(' āœ… API Management deployed with private endpoints') + print(' āœ… Private link connections approved') + print(' āœ… Public access to APIM disabled') + print(' ā„¹ļø Traffic now flows: Internet ā†’ Application Gateway ā†’ Private Endpoint ā†’ APIM') + + print('\n\n šŸ§Ŗ TESTING\n') + print('As we are using a self-signed certificate (please see README.md for details), we need to test differently.\n' + + 'A curl command using flags for verbose (v), ignoring cert issues (k), and supplying a host header (h) works to verify connectivity.\n' + + 'This tests ingress through App Gateway and a response from API Management\'s health endpoint. An "HTTP 200 Service Operational" response indicates success.\n') + print(f'curl -v -k -H "Host: {self.appgw_domain_name}" https://{self.appgw_public_ip}/status-0123456789abcdef') + + return output + + def _verify_infrastructure_specific(self, rg_name: str) -> bool: + """ + Verify APPGW-APIM-PE specific components. + + Args: + rg_name (str): Resource group name. + + Returns: + bool: True if verification passed, False otherwise. + """ + try: + # Check Application Gateway + appgw_output = utils.run(f'az network application-gateway list -g {rg_name} --query "[0]" -o json', print_command_to_run = False, print_errors = False) + + if appgw_output.success and appgw_output.json_data: + appgw_name = appgw_output.json_data.get('name') + print(f'āœ… Application Gateway verified: {appgw_name}') + + # Check Container Apps if they exist (optional for this infrastructure) + aca_output = utils.run(f'az containerapp list -g {rg_name} --query "length(@)"', print_command_to_run = False, print_errors = False) + + if aca_output.success: + aca_count = int(aca_output.text.strip()) + if aca_count > 0: + print(f'āœ… Container Apps verified: {aca_count} app(s) created') + + # Verify private endpoint connections (optional - don't fail if it errors) + try: + apim_output = utils.run(f'az apim list -g {rg_name} --query "[0].id" -o tsv', print_command_to_run = False, print_errors = False) + if apim_output.success and apim_output.text.strip(): + apim_id = apim_output.text.strip() + pe_output = utils.run(f'az network private-endpoint-connection list --id {apim_id} --query "length(@)"', print_command_to_run = False, print_errors = False) + if pe_output.success: + pe_count = int(pe_output.text.strip()) + print(f'āœ… Private endpoint connections: {pe_count}') + except: + # Don't fail verification if private endpoint check fails + pass + + return True + else: + print('āŒ Application Gateway verification failed!') + return False + + except Exception as e: + print(f'āš ļø APPGW-APIM-PE verification failed with error: {str(e)}') + return False diff --git a/shared/python/users.py b/shared/python/users.py index 99fbd52..8e01bf8 100644 --- a/shared/python/users.py +++ b/shared/python/users.py @@ -131,4 +131,4 @@ def get_user_by_role(role_or_roles: str | list[str]) -> 'User | None': if not matching_users: return None - return random.choice(matching_users) \ No newline at end of file + return random.choice(matching_users) diff --git a/shared/python/utils.py b/shared/python/utils.py index b8c04ad..439ac97 100644 --- a/shared/python/utils.py +++ b/shared/python/utils.py @@ -5,6 +5,7 @@ import ast import datetime import json +import sys import os import re import subprocess @@ -18,9 +19,12 @@ import threading from concurrent.futures import ThreadPoolExecutor, as_completed from pathlib import Path +import apimtypes +import tempfile +import os as temp_os from typing import Any, Optional, Tuple -from apimtypes import APIM_SKU, HTTP_VERB, INFRASTRUCTURE +from apimtypes import APIM_SKU, HTTP_VERB, INFRASTRUCTURE, Endpoints, _get_project_root # ------------------------------ @@ -53,32 +57,30 @@ def build_infrastructure_tags(infrastructure: str | INFRASTRUCTURE, custom_tags: dict | None = None) -> dict: """ - Build standard tags for infrastructure resource groups, including required 'infrastructure' and infrastructure name tags. - + Build standard tags for infrastructure resource groups, including required 'infrastructure' tag. + Args: infrastructure (str | INFRASTRUCTURE): The infrastructure type/name. custom_tags (dict, optional): Additional custom tags to include. - + Returns: dict: Combined tags dictionary with standard and custom tags. """ - + # Convert infrastructure enum to string value if needed if hasattr(infrastructure, 'value'): infra_name = infrastructure.value else: infra_name = str(infrastructure) - - # Build standard tags - standard_tags = { - 'infrastructure': infra_name - } - + + # Build standard tags - only include infrastructure tag + tags = {'infrastructure': infra_name} + # Add custom tags if provided if custom_tags: - standard_tags.update(custom_tags) - - return standard_tags + tags.update(custom_tags) + + return tags # ------------------------------ @@ -104,7 +106,7 @@ def __init__(self, success: bool, text: str): self.text = text self.jsonParseException = None - # Check if the exact string is JSON. + # Check if the exact string is JSON. if (is_string_json(text)): try: self.json_data = json.loads(text) @@ -249,7 +251,7 @@ class InfrastructureNotebookHelper: def __init__(self, rg_location: str, deployment: INFRASTRUCTURE, index: int, apim_sku: APIM_SKU): """ Initialize the InfrastructureNotebookHelper. - + Args: rg_location (str): Azure region for deployment. deployment (INFRASTRUCTURE): Infrastructure type to deploy. @@ -262,6 +264,13 @@ def __init__(self, rg_location: str, deployment: INFRASTRUCTURE, index: int, api self.index = index self.apim_sku = apim_sku + print('Initializing Infrastructure Notebook Helper with the following parameters:\n') + print_val('Location', self.rg_location) + print_val('Infrastructure', self.deployment.value) + print_val('Index', self.index) + print_val('APIM SKU', self.apim_sku.value) + print('') + # ------------------------------ # PUBLIC METHODS # ------------------------------ @@ -269,18 +278,16 @@ def __init__(self, rg_location: str, deployment: INFRASTRUCTURE, index: int, api def create_infrastructure(self, bypass_infrastructure_check: bool = False, allow_update: bool = True) -> None: """ Create infrastructure by executing the appropriate creation script. - + Args: bypass_infrastructure_check (bool): Skip infrastructure existence check. Defaults to False. allow_update (bool): Allow infrastructure updates when infrastructure already exists. Defaults to True. - + Returns: None: Method either succeeds or exits the program with SystemExit. """ try: - import sys - # For infrastructure notebooks, check if update is allowed and handle user choice if allow_update: rg_name = get_infra_rg_name(self.deployment, self.index) @@ -300,26 +307,27 @@ def create_infrastructure(self, bypass_infrastructure_check: bool = False, allow except (KeyboardInterrupt, EOFError): print('\nāŒ Infrastructure deployment cancelled by user (Escape/Ctrl+C pressed).') raise SystemExit("User cancelled deployment") - + # Check infrastructure existence for the normal flow infrastructure_exists = does_resource_group_exist(get_infra_rg_name(self.deployment, self.index)) if not allow_update else False - + if bypass_infrastructure_check or not infrastructure_exists: # Map infrastructure types to their folder names infra_folder_map = { INFRASTRUCTURE.SIMPLE_APIM: 'simple-apim', - INFRASTRUCTURE.AFD_APIM_PE: 'afd-apim-pe', - INFRASTRUCTURE.APIM_ACA: 'apim-aca' + INFRASTRUCTURE.AFD_APIM_PE: 'afd-apim-pe', + INFRASTRUCTURE.APIM_ACA: 'apim-aca', + INFRASTRUCTURE.APPGW_APIM_PE: 'appgw-apim-pe' } - + infra_folder = infra_folder_map.get(self.deployment) if not infra_folder: print(f'āŒ Unsupported infrastructure type: {self.deployment.value}') raise SystemExit(1) - + # Build the command to call the infrastructure creation script cmd_args = [ - sys.executable, + sys.executable, os.path.join(find_project_root(), 'infrastructure', infra_folder, 'create_infrastructure.py'), '--location', self.rg_location, '--index', str(self.index), @@ -327,7 +335,7 @@ def create_infrastructure(self, bypass_infrastructure_check: bool = False, allow ] # Execute the infrastructure creation script with real-time output streaming and UTF-8 encoding to handle Unicode characters properly - process = subprocess.Popen(cmd_args, stdout = subprocess.PIPE, stderr = subprocess.STDOUT, text = True, + process = subprocess.Popen(cmd_args, stdout = subprocess.PIPE, stderr = subprocess.STDOUT, text = True, bufsize = 1, universal_newlines = True, encoding = 'utf-8', errors = 'replace') try: @@ -336,7 +344,7 @@ def create_infrastructure(self, bypass_infrastructure_check: bool = False, allow print(line.rstrip()) except Exception as e: print(f'Error reading subprocess output: {e}') - + # Wait for process to complete process.wait() @@ -347,14 +355,14 @@ def create_infrastructure(self, bypass_infrastructure_check: bool = False, allow return True return True - + except KeyboardInterrupt: print("\nšŸš« Infrastructure deployment cancelled by user.") raise SystemExit("User cancelled deployment") except Exception as e: print(f"āŒ Infrastructure deployment failed with error: {e}") raise SystemExit(1) - + class NotebookHelper: """ Helper class for managing sample notebook deployments and infrastructure interaction. @@ -367,7 +375,7 @@ class NotebookHelper: def __init__(self, sample_folder: str, rg_name: str, rg_location: str, deployment: INFRASTRUCTURE, supported_infrastructures = list[INFRASTRUCTURE], use_jwt: bool = False, index: int = 1, is_debug = False, apim_sku: APIM_SKU = APIM_SKU.BASICV2): """ Initialize the NotebookHelper with sample configuration and infrastructure details. - + Args: sample_folder (str): The name of the sample folder. rg_name (str): The name of the resource group associated with the notebook. @@ -405,18 +413,18 @@ def _create_jwt(self) -> None: self.jwt_key_name = f'JwtSigningKey-{self.sample_folder}-{int(time.time())}' self.jwt_key_value, self.jwt_key_value_bytes_b64 = generate_signing_key() print_val('JWT key value', self.jwt_key_value) # this value is used to create the signed JWT token for requests to APIM - print_val('JWT key value (base64)', self.jwt_key_value_bytes_b64) # this value is used in the APIM validate-jwt policy's issuer-signing-key attribute + print_val('JWT key value (base64)', self.jwt_key_value_bytes_b64) # this value is used in the APIM validate-jwt policy's issuer-signing-key attribute def _get_current_index(self) -> int | None: """ Extract the index from the current resource group name. - + Returns: int | None: The index if it exists, None otherwise. """ prefix = f'apim-infra-{self.deployment.value}' - + if self.rg_name == prefix: return None elif self.rg_name.startswith(f'{prefix}-'): @@ -438,65 +446,65 @@ def _clean_up_jwt(self, apim_name: str) -> None: def _query_and_select_infrastructure(self) -> tuple[INFRASTRUCTURE | None, int | None]: """ Query for available infrastructures and allow user to select one or create new infrastructure. - + Returns: tuple: (selected_infrastructure, selected_index) or (None, None) if no valid option """ - - # SJK: Querying the resource group location is inefficient at this time as it's done sequentially. + + # SJK: Querying the resource group location is inefficient at this time as it's done sequentially. # I'm leaving the code here, but may revisit it later. QUERY_RG_LOCATION = False print('Querying for available infrastructures...\n') - + # Get all resource groups that match the infrastructure pattern available_options = [] - + for infra in self.supported_infrastructures: infra_options = self._find_infrastructure_instances(infra) available_options.extend(infra_options) - + # Check if the desired infrastructure/index combination exists desired_rg_name = get_infra_rg_name(self.deployment, self._get_current_index()) desired_exists = any( - get_infra_rg_name(infra, idx) == desired_rg_name + get_infra_rg_name(infra, idx) == desired_rg_name for infra, idx in available_options ) - + if desired_exists: # Scenario 1: Desired infrastructure exists, use it directly print_success(f'Found desired infrastructure: {self.deployment.value} with resource group {desired_rg_name}') return self.deployment, self._get_current_index() - + # Sort available options by infrastructure type, then by index available_options.sort(key = lambda x: (x[0].value, x[1] if x[1] is not None else 0)) - + # Prepare display options display_options = [] option_counter = 1 - + # Add existing infrastructure options if available_options: print_info(f'Found {len(available_options)} existing infrastructure(s). You can either create a new one or select an existing one.') - + # ALWAYS make "Create a NEW infrastructure" the first option for consistency desired_index_str = self._get_current_index() if self._get_current_index() is not None else 'N/A' desired_location = self.rg_location - + print(f'\n Create a NEW infrastructure:\n') # Column headers if QUERY_RG_LOCATION: print(f' {'#':>3} {'Infrastructure':<20} {'Index':>8} {'Resource Group':<35} {'Location':<15}') print(f' {'-'*3:>3} {'-'*20:<20} {'-'*8:>8} {'-'*35:<35} {'-'*15:<15}') print(f' {option_counter:>3} {self.deployment.value:<20} {desired_index_str:>8} {desired_rg_name:<35} {desired_location:<15}') - else: + else: print(f' {'#':>3} {'Infrastructure':<20} {'Index':>8} {'Resource Group':<35}') print(f' {'-'*3:>3} {'-'*20:<20} {'-'*8:>8} {'-'*35:<35}') print(f' {option_counter:>3} {self.deployment.value:<20} {desired_index_str:>8} {desired_rg_name:<35}') display_options.append(('create_new', self.deployment, self._get_current_index())) option_counter += 1 - + print(f'\n Or select an EXISTING infrastructure:\n') # Column headers if QUERY_RG_LOCATION: @@ -505,11 +513,11 @@ def _query_and_select_infrastructure(self) -> tuple[INFRASTRUCTURE | None, int | else: print(f' {'#':>3} {'Infrastructure':<20} {'Index':>8} {'Resource Group':<35}') print(f' {'-'*3:>3} {'-'*20:<20} {'-'*8:>8} {'-'*35:<35}') - + for infra, index in available_options: index_str = index if index is not None else 'N/A' rg_name = get_infra_rg_name(infra, index) - + if QUERY_RG_LOCATION: rg_location = get_resource_group_location(rg_name) print(f' {option_counter:>3} {infra.value:<20} {index_str:>8} {rg_name:<35} {rg_location:<15}') @@ -521,11 +529,11 @@ def _query_and_select_infrastructure(self) -> tuple[INFRASTRUCTURE | None, int | else: print_warning('No existing supported infrastructures found.') print_info(f'Automatically proceeding to create new infrastructure: {self.deployment.value}') - + # Automatically create the desired infrastructure without user confirmation selected_index = self._get_current_index() print_info(f'Creating new infrastructure: {self.deployment.value}{' (index: ' + str(selected_index) + ')' if selected_index is not None else ''}') - + # Execute the infrastructure creation inb_helper = InfrastructureNotebookHelper(self.rg_location, self.deployment, selected_index, self.apim_sku) success = inb_helper.create_infrastructure(True) # Bypass infrastructure check to force creation @@ -536,28 +544,28 @@ def _query_and_select_infrastructure(self) -> tuple[INFRASTRUCTURE | None, int | else: print_error('Failed to create infrastructure.') return None, None - + print('') - + # Get user selection while True: try: choice = input(f'Select infrastructure (1-{len(display_options)}): ').strip() - + if not choice: print_warning('No infrastructure selected. Exiting.') return None, None - + choice_idx = int(choice) - 1 if 0 <= choice_idx < len(display_options): option_type, selected_infra, selected_index = display_options[choice_idx] - + if option_type == 'existing': print_success(f'Selected existing: {selected_infra.value}{' (index: ' + str(selected_index) + ')' if selected_index is not None else ''}') return selected_infra, selected_index elif option_type == 'create_new': print_info(f'Creating new infrastructure: {selected_infra.value}{' (index: ' + str(selected_index) + ')' if selected_index is not None else ''}') - + # Execute the infrastructure creation inb_helper = InfrastructureNotebookHelper(self.rg_location, self.deployment, selected_index, self.apim_sku) success = inb_helper.create_infrastructure(True) # Bypass infrastructure check to force creation @@ -570,7 +578,7 @@ def _query_and_select_infrastructure(self) -> tuple[INFRASTRUCTURE | None, int | return None, None else: print_error(f'Invalid choice. Please enter a number between 1 and {len(display_options)}.') - + except ValueError: print_error('Invalid input. Please enter a number.') @@ -578,28 +586,28 @@ def _query_and_select_infrastructure(self) -> tuple[INFRASTRUCTURE | None, int | def _find_infrastructure_instances(self, infrastructure: INFRASTRUCTURE) -> list[tuple[INFRASTRUCTURE, int | None]]: """ Find all instances of a specific infrastructure type by querying Azure resource groups. - + Args: infrastructure (INFRASTRUCTURE): The infrastructure type to search for. - + Returns: list: List of tuples (infrastructure, index) for found instances. """ - + instances = [] - + # Query Azure for resource groups with the infrastructure tag query_cmd = f'az group list --tag infrastructure={infrastructure.value} --query "[].name" -o tsv' output = run(query_cmd, print_command_to_run = False, print_errors = False) - + if output.success and output.text.strip(): rg_names = [name.strip() for name in output.text.strip().split('\n') if name.strip()] - + for rg_name in rg_names: # Parse the resource group name to extract the index # Expected format: apim-infra-{infrastructure}-{index} or apim-infra-{infrastructure} prefix = f'apim-infra-{infrastructure.value}' - + if rg_name == prefix: # No index instances.append((infrastructure, None)) @@ -612,7 +620,7 @@ def _find_infrastructure_instances(self, infrastructure: INFRASTRUCTURE) -> list except ValueError: # Invalid index format, skip continue - + return instances # ------------------------------ @@ -622,10 +630,10 @@ def _find_infrastructure_instances(self, infrastructure: INFRASTRUCTURE) -> list def deploy_sample(self, bicep_parameters: dict) -> Output: """ Deploy a sample with infrastructure auto-detection and selection. - + Args: bicep_parameters (dict): Parameters for the Bicep template deployment. - + Returns: Output: The deployment result. """ @@ -642,20 +650,20 @@ def deploy_sample(self, bicep_parameters: dict) -> Output: # If the desired infrastructure doesn't exist, use the interactive selection process if not rg_exists: print_info('Desired infrastructure does not exist.\n') - + # Check if we've already done infrastructure selection (prevent double execution) if 'infrastructure_selection_completed' not in globals(): # Use the NotebookHelper's infrastructure selection process selected_deployment, selected_index = self._query_and_select_infrastructure() - + if selected_deployment is None: raise SystemExit(1) - + # Update the notebook helper with the selected infrastructure self.deployment = selected_deployment self.index = selected_index self.rg_name = get_infra_rg_name(self.deployment, self.index) - + # Verify the updates were applied correctly print(f'šŸ“ Updated infrastructure variables') else: @@ -679,7 +687,7 @@ def deploy_sample(self, bicep_parameters: dict) -> Output: if self.use_jwt: apim_name = output.get('apimServiceName') self._clean_up_jwt(apim_name) - + print_success('Deployment succeeded', blank_above = True) else: raise SystemExit('Deployment failed') @@ -719,39 +727,39 @@ def _cleanup_resources(deployment_name: str, rg_name: str) -> None: print_info(f'Resource group : {rg_name}') # Show the deployment details - output = run(f'az deployment group show --name {deployment_name} -g {rg_name} -o json', 'Deployment retrieved', 'Failed to retrieve the deployment', print_command_to_run = False) + output = run(f'az deployment group show --name {deployment_name} -g {rg_name} -o json', 'Deployment retrieved', 'Failed to retrieve the deployment', print_command_to_run = False, print_errors = False) if output.success and output.json_data: # Delete and purge CognitiveService accounts - output = run(f' az cognitiveservices account list -g {rg_name}', f'Listed CognitiveService accounts', f'Failed to list CognitiveService accounts', print_command_to_run = False) + output = run(f' az cognitiveservices account list -g {rg_name}', f'Listed CognitiveService accounts', f'Failed to list CognitiveService accounts', print_command_to_run = False, print_errors = False) if output.success and output.json_data: for resource in output.json_data: print_info(f"Deleting and purging Cognitive Service Account '{resource['name']}'...") - output = run(f"az cognitiveservices account delete -g {rg_name} -n {resource['name']}", f"Cognitive Services '{resource['name']}' deleted", f"Failed to delete Cognitive Services '{resource['name']}'", print_command_to_run = False) - output = run(f"az cognitiveservices account purge -g {rg_name} -n {resource['name']} --location \"{resource['location']}\"", f"Cognitive Services '{resource['name']}' purged", f"Failed to purge Cognitive Services '{resource['name']}'", print_command_to_run = False) + output = run(f"az cognitiveservices account delete -g {rg_name} -n {resource['name']}", f"Cognitive Services '{resource['name']}' deleted", f"Failed to delete Cognitive Services '{resource['name']}'", print_command_to_run = False, print_errors = False) + output = run(f"az cognitiveservices account purge -g {rg_name} -n {resource['name']} --location \"{resource['location']}\"", f"Cognitive Services '{resource['name']}' purged", f"Failed to purge Cognitive Services '{resource['name']}'", print_command_to_run = False, print_errors = False) # Delete and purge APIM resources - output = run(f' az apim list -g {rg_name}', f'Listed APIM resources', f'Failed to list APIM resources', print_command_to_run = False) + output = run(f' az apim list -g {rg_name}', f'Listed APIM resources', f'Failed to list APIM resources', print_command_to_run = False, print_errors = False) if output.success and output.json_data: for resource in output.json_data: print_info(f"Deleting and purging API Management '{resource['name']}'...") - output = run(f"az apim delete -n {resource['name']} -g {rg_name} -y", f"API Management '{resource['name']}' deleted", f"Failed to delete API Management '{resource['name']}'", print_command_to_run = False) - output = run(f"az apim deletedservice purge --service-name {resource['name']} --location \"{resource['location']}\"", f"API Management '{resource['name']}' purged", f"Failed to purge API Management '{resource['name']}'", print_command_to_run = False) + output = run(f"az apim delete -n {resource['name']} -g {rg_name} -y", f"API Management '{resource['name']}' deleted", f"Failed to delete API Management '{resource['name']}'", print_command_to_run = False, print_errors = False) + output = run(f"az apim deletedservice purge --service-name {resource['name']} --location \"{resource['location']}\"", f"API Management '{resource['name']}' purged", f"Failed to purge API Management '{resource['name']}'", print_command_to_run = False, print_errors = False) # Delete and purge Key Vault resources - output = run(f' az keyvault list -g {rg_name}', f'Listed Key Vault resources', f'Failed to list Key Vault resources', print_command_to_run = False) - + output = run(f' az keyvault list -g {rg_name}', f'Listed Key Vault resources', f'Failed to list Key Vault resources', print_command_to_run = False, print_errors = False) + if output.success and output.json_data: for resource in output.json_data: print_info(f"Deleting and purging Key Vault '{resource['name']}'...") - output = run(f"az keyvault delete -n {resource['name']} -g {rg_name}", f"Key Vault '{resource['name']}' deleted", f"Failed to delete Key Vault '{resource['name']}'", print_command_to_run = False) - output = run(f"az keyvault purge -n {resource['name']} --location \"{resource['location']}\"", f"Key Vault '{resource['name']}' purged", f"Failed to purge Key Vault '{resource['name']}'", print_command_to_run = False) + output = run(f"az keyvault delete -n {resource['name']} -g {rg_name}", f"Key Vault '{resource['name']}' deleted", f"Failed to delete Key Vault '{resource['name']}'", print_command_to_run = False, print_errors = False) + output = run(f"az keyvault purge -n {resource['name']} --location \"{resource['location']}\"", f"Key Vault '{resource['name']}' purged", f"Failed to purge Key Vault '{resource['name']}'", print_command_to_run = False, print_errors = False) # Delete the resource group last print_message(f"Deleting resource group '{rg_name}'...") - output = run(f'az group delete --name {rg_name} -y', f"Resource group '{rg_name}' deleted', f'Failed to delete resource group '{rg_name}'", print_command_to_run = False) + output = run(f'az group delete --name {rg_name} -y', f"Resource group '{rg_name}' deleted', f'Failed to delete resource group '{rg_name}'", print_command_to_run = False, print_errors = False) print_message('Cleanup completed.') @@ -800,7 +808,7 @@ def _print_log(message: str, prefix: str = '', color: str = '', output: str = '' def _determine_bicep_directory(infrastructure_dir: str) -> str: """ Determine the correct Bicep directory based on the current working directory and infrastructure directory name. - + This function implements the following logic: 1. If current directory contains main.bicep, use current directory (for samples) 2. If current directory name matches infrastructure_dir, use current directory (for infrastructure) @@ -808,44 +816,43 @@ def _determine_bicep_directory(infrastructure_dir: str) -> str: 4. Look for infrastructure/{infrastructure_dir} relative to parent directory 5. Try to find project root and construct path from there 6. Fall back to current directory + infrastructure/{infrastructure_dir} - + Args: infrastructure_dir (str): The name of the infrastructure directory to find. - + Returns: str: The path to the directory containing the main.bicep file. """ current_dir = os.getcwd() - + # First, check if there's a main.bicep file in the current directory (for samples) if os.path.exists(os.path.join(current_dir, 'main.bicep')): return current_dir - + # Check if we're already in the correct infrastructure directory if os.path.basename(current_dir) == infrastructure_dir: return current_dir - + # Look for the infrastructure directory from the current location bicep_dir = os.path.join(current_dir, 'infrastructure', infrastructure_dir) if os.path.exists(bicep_dir): return bicep_dir - + # If that doesn't exist, try going up one level and looking again parent_dir = os.path.dirname(current_dir) bicep_dir = os.path.join(parent_dir, 'infrastructure', infrastructure_dir) if os.path.exists(bicep_dir): return bicep_dir - + # Try to find the project root and construct the path from there try: - from apimtypes import _get_project_root project_root = _get_project_root() bicep_dir = os.path.join(str(project_root), 'infrastructure', infrastructure_dir) if os.path.exists(bicep_dir): return bicep_dir except Exception: pass - + # Fall back to current directory + infrastructure/{infrastructure_dir} return os.path.join(current_dir, 'infrastructure', infrastructure_dir) @@ -868,10 +875,10 @@ def _determine_bicep_directory(infrastructure_dir: str) -> str: def get_azure_role_guid(role_name: str) -> Optional[str]: """ Load the Azure roles JSON file and return the GUID for the specified role name. - + Args: role_name (str): The name of the Azure role (e.g., 'StorageBlobDataReader'). - + Returns: Optional[str]: The GUID of the role if found, None if not found or file cannot be loaded. """ @@ -879,20 +886,20 @@ def get_azure_role_guid(role_name: str) -> Optional[str]: # Get the directory of the current script to build the path to azure-roles.json current_dir = os.path.dirname(os.path.abspath(__file__)) roles_file_path = os.path.join(current_dir, '..', 'azure-roles.json') - + # Normalize the path for cross-platform compatibility roles_file_path = os.path.normpath(roles_file_path) - + # Load the JSON file with open(roles_file_path, 'r', encoding='utf-8') as file: roles_data: dict[str, str] = json.load(file) - + # Return the GUID for the specified role name return roles_data.get(role_name) - + except (FileNotFoundError, json.JSONDecodeError, OSError) as e: print_error(f'Failed to load Azure roles from {roles_file_path}: {str(e)}') - + return None @@ -935,10 +942,10 @@ def create_bicep_deployment_group(rg_name: str, rg_location: str, deployment: st else: deployment_name = deployment infrastructure_dir = deployment - + # Use helper function to determine the correct Bicep directory bicep_dir = _determine_bicep_directory(infrastructure_dir) - + main_bicep_path = os.path.join(bicep_dir, 'main.bicep') params_file_path = os.path.join(bicep_dir, bicep_parameters_file) @@ -947,7 +954,7 @@ def create_bicep_deployment_group(rg_name: str, rg_location: str, deployment: st file.write(json.dumps(bicep_parameters_format)) print(f'šŸ“ Updated the policy XML in the bicep parameters file {bicep_parameters_file}') - + # Verify that main.bicep exists in the infrastructure directory if not os.path.exists(main_bicep_path): raise FileNotFoundError(f'main.bicep file not found in expected infrastructure directory: {bicep_dir}') @@ -965,25 +972,25 @@ def create_bicep_deployment_group(rg_name: str, rg_location: str, deployment: st def find_project_root() -> str: """ Find the project root directory by looking for specific marker files. - + Returns: str: Path to the project root directory. - + Raises: FileNotFoundError: If project root cannot be determined. """ current_dir = os.getcwd() - + # Look for marker files that indicate the project root marker_files = ['requirements.txt', 'README.md', 'bicepconfig.json'] - + while current_dir != os.path.dirname(current_dir): # Stop at filesystem root if any(os.path.exists(os.path.join(current_dir, marker)) for marker in marker_files): # Additional check: verify this looks like our project by checking for samples directory if os.path.exists(os.path.join(current_dir, 'samples')): return current_dir current_dir = os.path.dirname(current_dir) - + # If we can't find the project root, raise an error raise FileNotFoundError('Could not determine project root directory') @@ -1006,11 +1013,10 @@ def create_bicep_deployment_group_for_sample(sample_name: str, rg_name: str, rg_ Returns: Output: The result of the deployment command. """ - import os - + # Get the current working directory original_cwd = os.getcwd() - + try: # Determine the sample directory path # This handles both cases: running from project root or from sample directory @@ -1021,22 +1027,22 @@ def create_bicep_deployment_group_for_sample(sample_name: str, rg_name: str, rg_ # Assume we're in project root or elsewhere, navigate to sample directory project_root = find_project_root() sample_dir = os.path.join(project_root, 'samples', sample_name) - + # Verify the sample directory exists and has main.bicep if not os.path.exists(sample_dir): raise FileNotFoundError(f'Sample directory not found: {sample_dir}') - + main_bicep_path = os.path.join(sample_dir, 'main.bicep') if not os.path.exists(main_bicep_path): raise FileNotFoundError(f'main.bicep not found in sample directory: {sample_dir}') - + # Change to the sample directory to ensure params.json is written there os.chdir(sample_dir) print(f'šŸ“ Changed working directory to: {sample_dir}') - + # Call the original deployment function return create_bicep_deployment_group(rg_name, rg_location, sample_name, bicep_parameters, bicep_parameters_file, rg_tags, is_debug) - + finally: # Always restore the original working directory os.chdir(original_cwd) @@ -1057,8 +1063,6 @@ def create_resource_group(rg_name: str, resource_group_location: str | None = No """ if not does_resource_group_exist(rg_name): - print_info(f'Creating the resource group now...') - # Build the tags string for the Azure CLI command tag_string = 'source=apim-sample' if tags: @@ -1069,16 +1073,16 @@ def create_resource_group(rg_name: str, resource_group_location: str | None = No run(f'az group create --name {rg_name} --location {resource_group_location} --tags {tag_string}', f"Resource group '{rg_name}' created", - f"Failed to create the resource group '{rg_name}'", + f"Failed to create the resource group '{rg_name}'", False, False, False, False) def _prompt_for_infrastructure_update(rg_name: str) -> tuple[bool, int | None]: """ Prompt the user for infrastructure update confirmation. - + Args: rg_name (str): The resource group name. - + Returns: tuple: (proceed_with_update, new_index) where: - proceed_with_update: True if user wants to proceed with update, False to cancel @@ -1091,15 +1095,15 @@ def _prompt_for_infrastructure_update(rg_name: str) -> tuple[bool, int | None]: print(' ā€¢ Add new APIs and policy fragments defined in the infrastructure') print(' ā€¢ Update existing infrastructure components to match the template') print(' ā€¢ Preserve manually added samples and configurations\n') - - print('ā„¹ļø Choose an option:') + + print('ā„¹ļø Choose an option (input box at the top of the screen):') print(' 1. Update the existing infrastructure (recommended)') print(' 2. Use a different index') print(' 3. Delete the existing resource group first using the clean-up notebook\n') - + while True: choice = input('\nEnter your choice (1, 2, or 3): ').strip() - + # Default to option 1 if user just presses Enter if choice == '1' or not choice: return True, None @@ -1111,12 +1115,12 @@ def _prompt_for_infrastructure_update(rg_name: str) -> tuple[bool, int | None]: if not new_index_str: print('āŒ Please enter a valid index number.') continue - + new_index = int(new_index_str) if new_index <= 0: print('āŒ Index must be a positive integer.') continue - + return False, new_index except ValueError: print('āŒ Please enter a valid integer for the index.') @@ -1137,7 +1141,7 @@ def does_infrastructure_exist(infrastructure: INFRASTRUCTURE, index: int, allow_ Returns: bool: True if the infrastructure exists and no update is desired, False if infrastructure doesn't exist or update is confirmed. """ - + print(f'ļæ½ Debug: does_infrastructure_exist called with allow_update_option={allow_update_option}') print(f'ļ潚Ÿ” Checking if infrastructure already exists...') @@ -1145,22 +1149,22 @@ def does_infrastructure_exist(infrastructure: INFRASTRUCTURE, index: int, allow_ if does_resource_group_exist(rg_name): print(f'āœ… Infrastructure already exists: {rg_name}\n') - + if allow_update_option: print('šŸ”„ Infrastructure Update Options:\n') print(' This infrastructure notebook can update the existing infrastructure. Updates are additive and will:\n') print(' ā€¢ Add new APIs and policy fragments defined in the infrastructure') print(' ā€¢ Update existing infrastructure components to match the template') print(' ā€¢ Preserve manually added samples and configurations\n') - - print('ā„¹ļø Choose an option:\n') + + print('ā„¹ļø Choose an option (input box at the top of the screen):') print(' 1. Update the existing infrastructure (recommended and not destructive if samples already exist)') print(' 2. Use a different index') print(' 3. Exit, then delete the existing resource group separately via the clean-up notebook\n') - + while True: choice = input('\nEnter your choice (1, 2, or 3): ').strip() - + # Default to option 1 if user just presses Enter if choice == '1': return False # Allow deployment to proceed @@ -1172,10 +1176,10 @@ def does_infrastructure_exist(infrastructure: INFRASTRUCTURE, index: int, allow_ print('ā„¹ļø To redeploy, either:') print(' 1. Use a different index, or') print(' 2. Exit, then delete the existing resource group separately via the clean-up notebook\n') - + return True else: - print(' Infrastructure does not yet exist.') + print(' Infrastructure does not yet exist.') return False def does_resource_group_exist(rg_name: str) -> bool: @@ -1242,11 +1246,11 @@ def determine_shared_policy_path(policy_xml_filename: str) -> str: def determine_policy_path(policy_xml_filepath_or_filename: str, sample_name: str = None) -> str: # Determine if this is a full path or just a filename path_obj = Path(policy_xml_filepath_or_filename) - + # Legacy mode check: if named_values is None, always treat as legacy (backwards compatibility) # OR if it looks like a path (contains separators or is absolute) - if (path_obj.is_absolute() or - '/' in policy_xml_filepath_or_filename or + if (path_obj.is_absolute() or + '/' in policy_xml_filepath_or_filename or '\\' in policy_xml_filepath_or_filename): # Legacy mode: treat as full path policy_xml_filepath = policy_xml_filepath_or_filename @@ -1257,7 +1261,7 @@ def determine_policy_path(policy_xml_filepath_or_filename: str, sample_name: str # Get the current frame's filename (the notebook or script calling this function) frame = inspect.currentframe() caller_frame = frame.f_back - + # Try to get the filename from the caller's frame if hasattr(caller_frame, 'f_globals') and '__file__' in caller_frame.f_globals: caller_file = caller_frame.f_globals['__file__'] @@ -1265,10 +1269,10 @@ def determine_policy_path(policy_xml_filepath_or_filename: str, sample_name: str else: # Fallback for Jupyter notebooks: use current working directory caller_path = Path(os.getcwd()).resolve() - + # Walk up the directory tree to find the samples directory structure current_path = caller_path.parent if caller_path.is_file() else caller_path - + # Look for samples directory in the path path_parts = current_path.parts if 'samples' in path_parts: @@ -1279,25 +1283,24 @@ def determine_policy_path(policy_xml_filepath_or_filename: str, sample_name: str raise ValueError('Could not detect sample name from path') else: raise ValueError('Not running from within a samples directory') - + except Exception as e: raise ValueError(f'Could not auto-detect sample name. Please provide sample_name parameter explicitly. Error: {e}') - + # Construct the full path - from apimtypes import _get_project_root - project_root = _get_project_root() - policy_xml_filepath = str(project_root / 'samples' / sample_name / policy_xml_filepath_or_filename) + project_root = apimtypes._get_project_root() + policy_xml_filepath = str(Path(project_root) / 'samples' / sample_name / policy_xml_filepath_or_filename) return policy_xml_filepath def read_policy_xml(policy_xml_filepath_or_filename: str, named_values: dict[str, str] = None, sample_name: str = None) -> str: """ Read and return the contents of a policy XML file, with optional named value formatting. - + Can work in two modes: 1. Legacy mode: Pass a full file path (backwards compatible) 2. Smart mode: Pass just a filename and auto-detect sample directory - + Args: policy_xml_filepath_or_filename (str): Full path to policy XML file OR just filename for auto-detection. named_values (dict[str, str], optional): Dictionary of named values to format in the policy XML. @@ -1309,14 +1312,14 @@ def read_policy_xml(policy_xml_filepath_or_filename: str, named_values: dict[str Examples: # Legacy usage - full path policy_xml = read_policy_xml('/path/to/policy.xml') - + # Smart usage - auto-detects sample directory policy_xml = read_policy_xml('hr_all_operations.xml', { 'jwt_signing_key': jwt_key_name, 'hr_member_role_id': 'HRMemberRoleId' }) """ - + policy_xml_filepath = determine_policy_path(policy_xml_filepath_or_filename, sample_name) # print(f'šŸ“„ Reading policy XML from : {policy_xml_filepath}') # debug @@ -1330,7 +1333,7 @@ def read_policy_xml(policy_xml_filepath_or_filename: str, named_values: dict[str formatted_replacements = {} for placeholder, named_value in named_values.items(): formatted_replacements[placeholder] = '{{' + named_value + '}}' - + # Apply the replacements policy_template_xml = policy_template_xml.format(**formatted_replacements) @@ -1340,28 +1343,28 @@ def read_policy_xml(policy_xml_filepath_or_filename: str, named_values: dict[str def _cleanup_resources_thread_safe(deployment_name: str, rg_name: str, thread_prefix: str, thread_color: str) -> tuple[bool, str]: """ Thread-safe wrapper for _cleanup_resources with formatted output. - + Args: deployment_name (str): The deployment name (string). rg_name (str): The resource group name. thread_prefix (str): The thread prefix for output formatting. thread_color (str): ANSI color code for this thread. - + Returns: tuple[bool, str]: (success, error_message) """ try: with _print_lock: _print_log(f"{thread_prefix}Starting cleanup for resource group: {rg_name}", 'šŸ‘‰šŸ½ ', thread_color) - + # Create a modified version of _cleanup_resources that uses thread-safe printing _cleanup_resources_with_thread_safe_printing(deployment_name, rg_name, thread_prefix, thread_color) - + with _print_lock: _print_log(f"{thread_prefix}Completed cleanup for resource group: {rg_name}", 'šŸ‘‰šŸ½ ', thread_color) - + return True, "" - + except Exception as e: error_msg = f'An error occurred during cleanup of {rg_name}: {str(e)}' with _print_lock: @@ -1390,43 +1393,43 @@ def _cleanup_resources_with_thread_safe_printing(deployment_name: str, rg_name: _print_log(f"{thread_prefix}Resource group : {rg_name}", 'šŸ‘‰šŸ½ ', thread_color) # Show the deployment details - output = run(f'az deployment group show --name {deployment_name} -g {rg_name} -o json', 'Deployment retrieved', 'Failed to retrieve the deployment', print_command_to_run = False) + output = run(f'az deployment group show --name {deployment_name} -g {rg_name} -o json', 'Deployment retrieved', 'Failed to retrieve the deployment', print_command_to_run = False, print_errors = False) if output.success and output.json_data: # Delete and purge CognitiveService accounts - output = run(f' az cognitiveservices account list -g {rg_name}', f'Listed CognitiveService accounts', f'Failed to list CognitiveService accounts', print_command_to_run = False) + output = run(f' az cognitiveservices account list -g {rg_name}', f'Listed CognitiveService accounts', f'Failed to list CognitiveService accounts', print_command_to_run = False, print_errors = False) if output.success and output.json_data: for resource in output.json_data: with _print_lock: _print_log(f"{thread_prefix}Deleting and purging Cognitive Service Account '{resource['name']}'...", 'šŸ‘‰šŸ½ ', thread_color) - output = run(f"az cognitiveservices account delete -g {rg_name} -n {resource['name']}", f"Cognitive Services '{resource['name']}' deleted", f"Failed to delete Cognitive Services '{resource['name']}'", print_command_to_run = False) - output = run(f"az cognitiveservices account purge -g {rg_name} -n {resource['name']} --location \"{resource['location']}\"", f"Cognitive Services '{resource['name']}' purged", f"Failed to purge Cognitive Services '{resource['name']}'", print_command_to_run = False) + output = run(f"az cognitiveservices account delete -g {rg_name} -n {resource['name']}", f"Cognitive Services '{resource['name']}' deleted", f"Failed to delete Cognitive Services '{resource['name']}'", print_command_to_run = False, print_errors = False) + output = run(f"az cognitiveservices account purge -g {rg_name} -n {resource['name']} --location \"{resource['location']}\"", f"Cognitive Services '{resource['name']}' purged", f"Failed to purge Cognitive Services '{resource['name']}'", print_command_to_run = False, print_errors = False) # Delete and purge APIM resources - output = run(f' az apim list -g {rg_name}', f'Listed APIM resources', f'Failed to list APIM resources', print_command_to_run = False) + output = run(f' az apim list -g {rg_name}', f'Listed APIM resources', f'Failed to list APIM resources', print_command_to_run = False, print_errors = False) if output.success and output.json_data: for resource in output.json_data: with _print_lock: _print_log(f"{thread_prefix}Deleting and purging API Management '{resource['name']}'...", 'šŸ‘‰šŸ½ ', thread_color) - output = run(f"az apim delete -n {resource['name']} -g {rg_name} -y", f"API Management '{resource['name']}' deleted", f"Failed to delete API Management '{resource['name']}'", print_command_to_run = False) - output = run(f"az apim deletedservice purge --service-name {resource['name']} --location \"{resource['location']}\"", f"API Management '{resource['name']}' purged", f"Failed to purge API Management '{resource['name']}'", print_command_to_run = False) + output = run(f"az apim delete -n {resource['name']} -g {rg_name} -y", f"API Management '{resource['name']}' deleted", f"Failed to delete API Management '{resource['name']}'", print_command_to_run = False, print_errors = False) + output = run(f"az apim deletedservice purge --service-name {resource['name']} --location \"{resource['location']}\"", f"API Management '{resource['name']}' purged", f"Failed to purge API Management '{resource['name']}'", print_command_to_run = False, print_errors = False) # Delete and purge Key Vault resources - output = run(f' az keyvault list -g {rg_name}', f'Listed Key Vault resources', f'Failed to list Key Vault resources', print_command_to_run = False) - + output = run(f' az keyvault list -g {rg_name}', f'Listed Key Vault resources', f'Failed to list Key Vault resources', print_command_to_run = False, print_errors = False) + if output.success and output.json_data: for resource in output.json_data: with _print_lock: _print_log(f"{thread_prefix}Deleting and purging Key Vault '{resource['name']}'...", 'šŸ‘‰šŸ½ ', thread_color) - output = run(f"az keyvault delete -n {resource['name']} -g {rg_name}", f"Key Vault '{resource['name']}' deleted", f"Failed to delete Key Vault '{resource['name']}'", print_command_to_run = False) - output = run(f"az keyvault purge -n {resource['name']} --location \"{resource['location']}\"", f"Key Vault '{resource['name']}' purged", f"Failed to purge Key Vault '{resource['name']}'", print_command_to_run = False) + output = run(f"az keyvault delete -n {resource['name']} -g {rg_name}", f"Key Vault '{resource['name']}' deleted", f"Failed to delete Key Vault '{resource['name']}'", print_command_to_run = False, print_errors = False) + output = run(f"az keyvault purge -n {resource['name']} --location \"{resource['location']}\"", f"Key Vault '{resource['name']}' purged", f"Failed to purge Key Vault '{resource['name']}'", print_command_to_run = False, print_errors = False) # Delete the resource group last with _print_lock: _print_log(f"{thread_prefix}Deleting resource group '{rg_name}'...", 'ā„¹ļø ', thread_color, show_time=True) - output = run(f'az group delete --name {rg_name} -y', f"Resource group '{rg_name}' deleted', f'Failed to delete resource group '{rg_name}'", print_command_to_run = False) + output = run(f'az group delete --name {rg_name} -y', f"Resource group '{rg_name}' deleted', f'Failed to delete resource group '{rg_name}'", print_command_to_run = False, print_errors = False) with _print_lock: _print_log(f"{thread_prefix}Cleanup completed.", 'ā„¹ļø ', thread_color, show_time=True) @@ -1461,7 +1464,6 @@ def cleanup_infra_deployments(deployment: INFRASTRUCTURE, indexes: int | list[in print_info(f'Cleaning up resources for {deployment.value} - {idx}', True) rg_name = get_infra_rg_name(deployment, idx) _cleanup_resources(deployment.value, rg_name) - print_ok('Cleanup completed!') return # For multiple indexes, run in parallel @@ -1472,13 +1474,13 @@ def cleanup_infra_deployments(deployment: INFRASTRUCTURE, indexes: int | list[in # Determine max workers (reasonable limit to avoid overwhelming the system) max_workers = min(len(indexes_list), 4) # Cap at 4 concurrent threads - + cleanup_tasks = [] for i, idx in enumerate(indexes_list): rg_name = get_infra_rg_name(deployment, idx) thread_color = THREAD_COLORS[i % len(THREAD_COLORS)] thread_prefix = f"{thread_color}[{deployment.value}-{idx}]{RESET}: " - + cleanup_tasks.append({ 'deployment_name': deployment.value, 'rg_name': rg_name, @@ -1499,18 +1501,18 @@ def cleanup_infra_deployments(deployment: INFRASTRUCTURE, indexes: int | list[in task['thread_color'] ): task for task in cleanup_tasks } - + # Track results completed_count = 0 failed_count = 0 - + # Wait for completion and handle results for future in as_completed(future_to_task): task = future_to_task[future] try: success, error_msg = future.result() completed_count += 1 - + if success: with _print_lock: print_ok(f"Completed cleanup for {deployment.value}-{task['index']} ({completed_count}/{len(indexes_list)})") @@ -1518,7 +1520,7 @@ def cleanup_infra_deployments(deployment: INFRASTRUCTURE, indexes: int | list[in failed_count += 1 with _print_lock: print_error(f"āŒ Failed cleanup for {deployment.value}-{task['index']}: {error_msg}") - + except Exception as e: failed_count += 1 with _print_lock: @@ -1531,7 +1533,7 @@ def cleanup_infra_deployments(deployment: INFRASTRUCTURE, indexes: int | list[in print_warning(f'Completed with {failed_count} failures out of {len(indexes_list)} total cleanups.') if completed_count > 0: print_info(f'{completed_count} cleanups succeeded.') - + print_ok('All done!') def extract_json(text: str) -> Any: @@ -1557,7 +1559,7 @@ def extract_json(text: str) -> Any: try: return json.loads(text) except json.JSONDecodeError: - # If JSON parsing fails despite is_string_json returning True, + # If JSON parsing fails despite is_string_json returning True, # fall through to substring search pass @@ -1608,29 +1610,32 @@ def is_string_json(text: str) -> bool: return False -def get_account_info() -> Tuple[str, str, str]: +def get_account_info() -> Tuple[str, str, str, str]: """ Retrieve the current Azure account information using the Azure CLI. Returns: - tuple: (current_user, tenant_id, subscription_id) + tuple: (current_user, current_user_id, tenant_id, subscription_id) Raises: Exception: If account information cannot be retrieved. """ - output = run('az account show', 'Retrieved az account', 'Failed to get the current az account') + account_show_output = run('az account show', 'Retrieved az account', 'Failed to get the current az account', print_command_to_run = False) + ad_user_show_output = run('az ad signed-in-user show', 'Retrieved az ad signed-in-user', 'Failed to get the current az ad signed-in-user', print_command_to_run = False) - if output.success and output.json_data: - current_user = output.json_data['user']['name'] - tenant_id = output.json_data['tenantId'] - subscription_id = output.json_data['id'] + if account_show_output.success and account_show_output.json_data and ad_user_show_output.success and ad_user_show_output.json_data: + current_user = account_show_output.json_data['user']['name'] + tenant_id = account_show_output.json_data['tenantId'] + subscription_id = account_show_output.json_data['id'] + current_user_id = ad_user_show_output.json_data['id'] print_val('Current user', current_user) + print_val('Current user ID', current_user_id) print_val('Tenant ID', tenant_id) print_val('Subscription ID', subscription_id) - return current_user, tenant_id, subscription_id + return current_user, current_user_id, tenant_id, subscription_id else: error = 'Failed to retrieve account information. Please ensure the Azure CLI is installed, you are logged in, and the subscription is set correctly.' print_error(error) @@ -1649,7 +1654,7 @@ def get_deployment_name() -> str: if not notebook_path: raise RuntimeError('Notebook path could not be determined.') - + print_val('Deployment name', notebook_path) return notebook_path @@ -1691,6 +1696,87 @@ def get_frontdoor_url(deployment_name: INFRASTRUCTURE, rg_name: str) -> str | No return afd_endpoint_url + +def get_apim_url(rg_name: str) -> str | None: + """ + Retrieve the gateway URL for the API Management service in the specified resource group. + + Args: + rg_name (str): The name of the resource group containing the APIM service. + + Returns: + str | None: The gateway URL (https) of the APIM service if found, otherwise None. + """ + + apim_endpoint_url: str | None = None + + output = run(f'az apim list -g {rg_name} -o json', print_command_to_run = False) + + if output.success and output.json_data: + apim_gateway_url = output.json_data[0]['gatewayUrl'] + print_ok(f'APIM Service Name: {output.json_data[0]["name"]}', blank_above = False) + + if apim_gateway_url: + apim_endpoint_url = apim_gateway_url + + if apim_endpoint_url: + print_ok(f'APIM Gateway URL: {apim_endpoint_url}', blank_above = False) + else: + print_warning('No APIM gateway URL found.') + + return apim_endpoint_url + + +def get_appgw_endpoint(rg_name: str) -> tuple[str | None, str | None]: + """ + Retrieve the hostname and public IP address for the Application Gateway in the specified resource group. + + Args: + rg_name (str): The name of the resource group containing the Application Gateway. + + Returns: + tuple[str | None, str | None]: A tuple containing (hostname, public_ip) if found, otherwise (None, None). + """ + + hostname: str | None = None + public_ip: str | None = None + + # Get Application Gateway details + output = run(f'az network application-gateway list -g {rg_name} -o json', print_command_to_run = False) + + if output.success and output.json_data: + appgw_name = output.json_data[0]['name'] + print_ok(f'Application Gateway Name: {appgw_name}', blank_above = False) + + # Get hostname + http_listeners = output.json_data[0].get('httpListeners', []) + + for listener in http_listeners: + # Assume that only a single hostname is used, not the hostnames array + if listener.get('hostName'): + hostname = listener['hostName'] + + # Get frontend IP configuration to find public IP reference + frontend_ip_configs = output.json_data[0].get('frontendIPConfigurations', []) + public_ip_id = None + + for config in frontend_ip_configs: + if config.get('publicIPAddress'): + public_ip_id = config['publicIPAddress']['id'] + break + + if public_ip_id: + # Extract public IP name from the resource ID + public_ip_name = public_ip_id.split('/')[-1] + + # Get public IP details + ip_output = run(f'az network public-ip show -g {rg_name} -n {public_ip_name} -o json', print_command_to_run = False) + + if ip_output.success and ip_output.json_data: + public_ip = ip_output.json_data.get('ipAddress') + + return hostname, public_ip + def get_infra_rg_name(deployment_name: INFRASTRUCTURE, index: int | None = None) -> str: """ Generate a resource group name for infrastructure deployments, optionally with an index. @@ -1710,6 +1796,56 @@ def get_infra_rg_name(deployment_name: INFRASTRUCTURE, index: int | None = None) return rg_name +def get_unique_suffix_for_resource_group(rg_name: str) -> str: + """ + Get the exact uniqueString value that Bicep/ARM generates for a resource group. + + Uses a minimal ARM deployment to ensure the value matches exactly what + Bicep's uniqueString(subscription().id, resourceGroup().id) produces. + + Args: + rg_name (str): The resource group name (must already exist). + + Returns: + str: The 13-character unique string matching Bicep's uniqueString output. + """ + + # Minimal ARM template that just outputs the uniqueString + template = json.dumps({ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "suffix": { + "type": "string", + "value": "[uniqueString(subscription().id, resourceGroup().id)]" + } + } + }) + + # Write template to temp file + with tempfile.NamedTemporaryFile(mode = 'w', suffix = '.json', delete = False) as f: + f.write(template) + template_path = f.name + + try: + deployment_name = f'get-suffix-{int(time.time())}' + output = run( + f'az deployment group create --name {deployment_name} --resource-group {rg_name} --template-file "{template_path}" --query "properties.outputs.suffix.value" -o tsv', + print_command_to_run = False, + print_errors = False + ) + + if output.success and output.text.strip(): + return output.text.strip() + + print_error('Could not get uniqueString from Azure.') + finally: + try: + temp_os.unlink(template_path) + except Exception: + pass + def get_rg_name(deployment_name: str, index: int | None = None) -> str: """ Generate a resource group name for a sample deployment, optionally with an index. @@ -1764,7 +1900,7 @@ def run(command: str, ok_message: str = '', error_message: str = '', print_outpu # Handles both CalledProcessError and any custom/other exceptions (for test mocks) output_text = getattr(e, 'output', b'').decode('utf-8') if hasattr(e, 'output') and isinstance(e.output, (bytes, bytearray)) else str(e) success = False - + if print_errors: print_error(f'Command failed with error: {output_text}', duration = f'[{int((time.time() - start_time) // 60)}m:{int((time.time() - start_time) % 60)}s]') traceback.print_exc() @@ -1816,7 +1952,7 @@ def validate_infrastructure(infra: INFRASTRUCTURE, supported_infras: list[INFRAS if infra not in supported_infras: supported_names = ', '.join([i.value for i in supported_infras]) raise ValueError(f'Unsupported infrastructure: {infra}. Supported infrastructures are: {supported_names}') - + def generate_signing_key() -> tuple[str, str]: """ Generate a random signing key string of length 32ā€“100 using [A-Za-z0-9], and return: @@ -1847,22 +1983,22 @@ def check_apim_blob_permissions(apim_name: str, storage_account_name: str, resou """ Check if APIM's managed identity has Storage Blob Data Reader permissions on the storage account. Waits for role assignments to propagate across Azure AD, which can take several minutes. - + Args: apim_name (str): The name of the API Management service. storage_account_name (str): The name of the storage account. resource_group_name (str): The name of the resource group. max_wait_minutes (int, optional): Maximum time to wait for permissions to propagate. Defaults to 10. - + Returns: bool: True if APIM has the required permissions, False otherwise. """ - + print_info(f"šŸ” Checking if APIM '{apim_name}' has Storage Blob Data Reader permissions on '{storage_account_name}' in resource group '{resource_group_name}'...") - + # Storage Blob Data Reader role definition ID blob_reader_role_id = get_azure_role_guid('StorageBlobDataReader') - + # Get APIM's managed identity principal ID print_info('Getting APIM managed identity...') apim_identity_output = run( @@ -1870,11 +2006,11 @@ def check_apim_blob_permissions(apim_name: str, storage_account_name: str, resou error_message='Failed to get APIM managed identity', print_command_to_run=True ) - + if not apim_identity_output.success or not apim_identity_output.text.strip(): print_error('Could not retrieve APIM managed identity principal ID') return False - + principal_id = apim_identity_output.text.strip() print_info(f'APIM managed identity principal ID: {principal_id}') # Get storage account resource ID # Remove suppression flags to get raw output, then extract resource ID with regex @@ -1883,28 +2019,28 @@ def check_apim_blob_permissions(apim_name: str, storage_account_name: str, resou error_message='Failed to get storage account resource ID', print_command_to_run=True ) - + if not storage_account_output.success: print_error('Could not retrieve storage account resource ID') return False - + # Extract resource ID using regex pattern, ignoring any warning text resource_id_pattern = r'/subscriptions/[a-f0-9-]+/resourceGroups/[^/]+/providers/Microsoft\.Storage/storageAccounts/[^/\s]+' match = re.search(resource_id_pattern, storage_account_output.text) - + if not match: print_error('Could not parse storage account resource ID from output') return False - + storage_account_id = match.group(0) - + # Check for role assignment with retry logic for propagation max_wait_seconds = max_wait_minutes * 60 wait_interval = 30 # Check every 30 seconds elapsed_time = 0 - + print_info(f'Checking role assignment (will wait up to {max_wait_minutes} minute(s) for propagation)...') - + while elapsed_time < max_wait_seconds: # Check if role assignment exists role_assignment_output = run( @@ -1913,10 +2049,10 @@ def check_apim_blob_permissions(apim_name: str, storage_account_name: str, resou print_command_to_run=True, print_errors=False ) - + if role_assignment_output.success and role_assignment_output.text.strip(): print_success(f'Role assignment found! APIM managed identity has Storage Blob Data Reader permissions.') - + # Additional check: try to test blob access using the managed identity print_info('Testing actual blob access...') test_access_output = run( @@ -1925,57 +2061,57 @@ def check_apim_blob_permissions(apim_name: str, storage_account_name: str, resou print_command_to_run=True, print_errors=False ) - + if test_access_output.success and test_access_output.text.strip() != 'access-test-failed': print_success('Blob access test successful!') return True else: print_warning('Role assignment exists but blob access test failed. Permissions may still be propagating...') - + if elapsed_time == 0: print_info(f'Role assignment not found yet. Waiting for Azure AD propagation...') else: print_info(f'Still waiting... ({elapsed_time // 60}m {elapsed_time % 60}s elapsed)') - + if elapsed_time + wait_interval >= max_wait_seconds: break - + time.sleep(wait_interval) elapsed_time += wait_interval - + print_error(f'Timeout: Role assignment not found after {max_wait_minutes} minutes.') print_info('This is likely due to Azure AD propagation delays. You can:') print_info('1. Wait a few more minutes and try again') print_info('2. Manually verify the role assignment in the Azure portal') print_info('3. Check the deployment logs for any errors') - + return False def wait_for_apim_blob_permissions(apim_name: str, storage_account_name: str, resource_group_name: str, max_wait_minutes: int = 15) -> bool: """ Wait for APIM's managed identity to have Storage Blob Data Reader permissions on the storage account. This is a user-friendly wrapper that provides clear feedback during the wait process. - + Args: apim_name (str): The name of the API Management service. storage_account_name (str): The name of the storage account. resource_group_name (str): The name of the resource group. max_wait_minutes (int, optional): Maximum time to wait for permissions. Defaults to 15. - + Returns: bool: True if permissions are available, False if timeout or error occurred. """ - + print_info('Azure role assignments can take several minutes to propagate across Azure AD. This check will verify that APIM can access the blob storage before proceeding with tests.\n') - + success = check_apim_blob_permissions(apim_name, storage_account_name, resource_group_name, max_wait_minutes) - + if success: print_success('Permission check passed! Ready to proceed with secure blob access tests.') else: print_error('Permission check failed. Please check the deployment and try again later.') print_info('Tip: You can also run the verify-permissions.ps1 script to manually check role assignments.') - + print('') return success @@ -1996,70 +2132,81 @@ def test_url_preflight_check(deployment: INFRASTRUCTURE, rg_name: str, apim_gate return endpoint_url + + +def get_endpoints(deployment: INFRASTRUCTURE, rg_name: str) -> Endpoints: + print_message(f'Identifying possible endpoints for infrastructure {deployment}...') + + endpoints = Endpoints(deployment) + + endpoints.afd_endpoint_url = get_frontdoor_url(deployment, rg_name) + endpoints.apim_endpoint_url = get_apim_url(rg_name) + endpoints.appgw_hostname, endpoints.appgw_public_ip = get_appgw_endpoint(rg_name) + + return endpoints + def cleanup_old_jwt_signing_keys(apim_name: str, resource_group_name: str, current_jwt_key_name: str) -> bool: """ Clean up old JWT signing keys from APIM named values for the same sample folder, keeping only the current key. Uses regex matching to identify keys that belong to the same sample folder by extracting the sample folder name from the current key and matching against the pattern 'JwtSigningKey-{sample_folder}-{timestamp}'. - + Args: apim_name (str): Name of the APIM service resource_group_name (str): Name of the resource group containing APIM current_jwt_key_name (str): Name of the current JWT key to preserve (format: JwtSigningKey-{sample_folder}-{timestamp}) - + Returns: bool: True if cleanup was successful, False otherwise """ - + try: - import re - print_message('šŸ§¹ Cleaning up old JWT signing keys for the same sample folder...', blank_above = True) - + # Extract sample folder name from current JWT key using regex # Pattern: JwtSigningKey-{sample_folder}-{timestamp} current_key_pattern = r'^JwtSigningKey-(.+)-\d+$' current_key_match = re.match(current_key_pattern, current_jwt_key_name) - + if not current_key_match: print_error(f"Current JWT key name '{current_jwt_key_name}' does not match expected pattern 'JwtSigningKey-{{sample_folder}}-{{timestamp}}'") return False - + sample_folder = current_key_match.group(1) print_info(f"Identified sample folder: '{sample_folder}'") - + # Get all named values that start with 'JwtSigningKey' print_info(f"Getting all JWT signing key named values from APIM '{apim_name}'...") - + output = run( f'az apim nv list --service-name "{apim_name}" --resource-group "{resource_group_name}" --query "[?contains(name, \'JwtSigningKey\')].name" -o tsv', 'Retrieved JWT signing keys', 'Failed to retrieve JWT signing keys' ) - + if not output.success: print_error('Failed to retrieve JWT signing keys from APIM') return False - + if not output.text.strip(): print_info('No JWT signing keys found. Nothing to clean up.') return True - + # Parse the list of JWT keys jwt_keys = [key.strip() for key in output.text.strip().split('\n') if key.strip()] - + # print_info(f'Found {len(jwt_keys)} total JWT signing keys.') - + # Filter keys that belong to the same sample folder using regex sample_key_pattern = rf'^JwtSigningKey-{re.escape(sample_folder)}-\d+$' sample_folder_keys = [key for key in jwt_keys if re.match(sample_key_pattern, key)] - + print_info(f"Found {len(sample_folder_keys)} JWT signing keys for sample folder '{sample_folder}'.") - + # Process each JWT key for this sample folder deleted_count = 0 kept_count = 0 - + for jwt_key in sample_folder_keys: if jwt_key == current_jwt_key_name: print_info(f'Keeping current JWT key: {jwt_key}') @@ -2072,29 +2219,29 @@ def cleanup_old_jwt_signing_keys(apim_name: str, resource_group_name: str, curre f'Failed to delete JWT key: {jwt_key}', print_errors = False ) - + if delete_output.success: deleted_count += 1 - + # Summary print_success(f"JWT signing key cleanup completed for sample '{sample_folder}'. Deleted {deleted_count} old key(s), kept {kept_count}.", blank_above = True) return True - + except Exception as e: print_error(f'Error during JWT key cleanup: {str(e)}') return False - + def get_json(input: str) -> Any: """ Safely parse a JSON string or file content into a Python object. - + Args: input (str): The JSON string or file content to parse. - + Returns: Any: The parsed JSON object, or None if parsing fails. """ - + # If the result is a string, try to parse it as JSON if isinstance(input, str): # First try JSON parsing (handles double quotes) @@ -2111,4 +2258,4 @@ def get_json(input: str) -> Any: pass # Return the original result if it's not a string or can't be parsed - return input \ No newline at end of file + return input diff --git a/tests/python/.pylintrc b/tests/python/.pylintrc index 6bada50..11ab6fd 100644 --- a/tests/python/.pylintrc +++ b/tests/python/.pylintrc @@ -1,10 +1,34 @@ +[MASTER] +jobs = 0 +persistent = no + [MESSAGES CONTROL] +enable = all disable = + C0301, # Line too long + C0302, # Too many lines in module C0305, # Trailing newlines C0114, # Missing module docstring C0115, # Missing class docstring C0116, # Missing function or method docstring + E0401, # Import error W0212, # Access to a protected member _ of a client class R0903, # Too few public methods + R0911, # Too many return statements R0913, # Too many arguments + R0917, # Too many nested blocks + W0511, # TODO/FIXME comments + W0613, # Unused argument W0621, # Redefining name from outer scope + W0718, # Exception arguments are of wrong type + W0719 # Exception raised is not a subclass of BaseException + +[REPORTS] +output-format = colorized +reports = yes +score = yes +msg-template = {path}:{line}:{column}: [{msg_id}({symbol}), {obj}] {msg} + +[FORMAT] +max-line-length = 120 +expected-line-ending-format = LF diff --git a/tests/python/run_pylint.ps1 b/tests/python/run_pylint.ps1 new file mode 100644 index 0000000..d73acfa --- /dev/null +++ b/tests/python/run_pylint.ps1 @@ -0,0 +1,97 @@ +#!/usr/bin/env pwsh +<# +.SYNOPSIS + Run pylint on the Apim-Samples project with comprehensive reporting. + +.DESCRIPTION + Executes pylint with multiple output formats for better visibility: + - Colorized console output + - JSON report for automated processing + - Text report for detailed analysis + - Statistics summary + +.PARAMETER Target + Path to analyze. Defaults to all Python files in infrastructure, samples, setup, shared, and tests. + +.PARAMETER ShowReport + Display the full text report after completion. + +.EXAMPLE + .\run_pylint.ps1 + Run pylint on all repository Python files with default settings + +.EXAMPLE + .\run_pylint.ps1 -Target "../../samples" -ShowReport + Run on samples folder and show detailed report +#> + +param( + [string]$Target = "../../infrastructure ../../samples ../../setup ../../shared ../../tests", + [switch]$ShowReport +) + +$ErrorActionPreference = "Continue" +$ReportDir = "pylint/reports" +$Timestamp = Get-Date -Format "yyyyMMdd_HHmmss" + +# Ensure report directory exists +if (-not (Test-Path $ReportDir)) { + New-Item -ItemType Directory -Path $ReportDir -Force | Out-Null +} + +Write-Host "`nšŸ” Running pylint analysis..." -ForegroundColor Cyan +Write-Host " Target: $Target" -ForegroundColor Gray +Write-Host " Reports: $ReportDir`n" -ForegroundColor Gray + +# Run pylint with multiple output formats +$JsonReport = "$ReportDir/pylint_${Timestamp}.json" +$TextReport = "$ReportDir/pylint_${Timestamp}.txt" +$LatestJson = "$ReportDir/latest.json" +$LatestText = "$ReportDir/latest.txt" + +# Execute pylint +pylint --rcfile .pylintrc ` + --output-format=json:$JsonReport,colorized,text:$TextReport ` + $Target + +$ExitCode = $LASTEXITCODE + +# Create symlinks to latest reports +if (Test-Path $JsonReport) { + Copy-Item $JsonReport $LatestJson -Force + Copy-Item $TextReport $LatestText -Force +} + +# Display summary +Write-Host "`nšŸ“Š Pylint Summary" -ForegroundColor Cyan +Write-Host " Exit code: $ExitCode" -ForegroundColor $(if ($ExitCode -eq 0) { "Green" } else { "Yellow" }) +Write-Host " JSON report: $JsonReport" -ForegroundColor Gray +Write-Host " Text report: $TextReport" -ForegroundColor Gray + +# Parse and display top issues from JSON +if (Test-Path $JsonReport) { + $Issues = Get-Content $JsonReport | ConvertFrom-Json + $GroupedIssues = $Issues | Group-Object -Property symbol | Sort-Object Count -Descending | Select-Object -First 10 + + if ($GroupedIssues) { + Write-Host "`nšŸ” Top 10 Issues:" -ForegroundColor Cyan + foreach ($Group in $GroupedIssues) { + $Sample = $Issues | Where-Object { $_.symbol -eq $Group.Name } | Select-Object -First 1 + Write-Host " [$($Group.Count.ToString().PadLeft(3))] " -NoNewline -ForegroundColor Yellow + Write-Host "$($Group.Name) " -NoNewline -ForegroundColor White + Write-Host "($($Sample.'message-id'))" -ForegroundColor Gray + Write-Host " $($Sample.message)" -ForegroundColor DarkGray + } + } else { + Write-Host "`nāœ… No issues found!" -ForegroundColor Green + } +} + +# Show full report if requested +if ($ShowReport -and (Test-Path $TextReport)) { + Write-Host "`nšŸ“„ Full Report:" -ForegroundColor Cyan + Get-Content $TextReport +} + +Write-Host "" +exit $ExitCode diff --git a/tests/python/run_pylint.sh b/tests/python/run_pylint.sh new file mode 100644 index 0000000..923c8f9 --- /dev/null +++ b/tests/python/run_pylint.sh @@ -0,0 +1,73 @@ +#!/bin/bash +# Run pylint on the Apim-Samples project with comprehensive reporting + +set -e + +TARGET="${1:-../../infrastructure ../../samples ../../setup ../../shared ../../tests}" +REPORT_DIR="pylint/reports" +TIMESTAMP=$(date +"%Y%m%d_%H%M%S") + +# Ensure report directory exists +mkdir -p "$REPORT_DIR" + +echo "" +echo "šŸ” Running pylint analysis..." +echo " Target: All repository Python files" +echo " Reports: $REPORT_DIR" +echo "" + +# Run pylint with multiple output formats +JSON_REPORT="$REPORT_DIR/pylint_${TIMESTAMP}.json" +TEXT_REPORT="$REPORT_DIR/pylint_${TIMESTAMP}.txt" +LATEST_JSON="$REPORT_DIR/latest.json" +LATEST_TEXT="$REPORT_DIR/latest.txt" + +# Execute pylint (allow non-zero exit for reporting) +set +e +pylint --rcfile .pylintrc \ + --output-format=json:"$JSON_REPORT",colorized,text:"$TEXT_REPORT" \ + "$TARGET" +EXIT_CODE=$? +set -e + +# Create symlinks to latest reports +if [ -f "$JSON_REPORT" ]; then + cp "$JSON_REPORT" "$LATEST_JSON" + cp "$TEXT_REPORT" "$LATEST_TEXT" +fi + +# Display summary +echo "" +echo "šŸ“Š Pylint Summary" +if [ $EXIT_CODE -eq 0 ]; then + echo " Exit code: $EXIT_CODE āœ…" +else + echo " Exit code: $EXIT_CODE āš ļø" +fi +echo " JSON report: $JSON_REPORT" +echo " Text report: $TEXT_REPORT" + +# Parse and display top issues from JSON +if [ -f "$JSON_REPORT" ] && command -v jq &> /dev/null; then + echo "" + echo "šŸ” Top 10 Issues:" + jq -r 'group_by(.symbol) | map({symbol: .[0].symbol, msgid: .[0]."message-id", msg: .[0].message, count: length}) | sort_by(-.count) | limit(10; .[]) | " [\(.count | tostring | tonumber)] \(.symbol) (\(.msgid))\n \(.msg)"' "$JSON_REPORT" +elif [ -f "$JSON_REPORT" ]; then + ISSUE_COUNT=$(grep -c '"symbol"' "$JSON_REPORT" || true) + echo "" + if [ "$ISSUE_COUNT" -eq 0 ]; then + echo "āœ… No issues found!" + else + echo " $ISSUE_COUNT issue(s) found. Install jq for detailed summary." + fi +fi + +# Optionally show full report +if [ "${2}" = "--show-report" ] && [ -f "$TEXT_REPORT" ]; then + echo "" + echo "šŸ“„ Full Report:" + cat "$TEXT_REPORT" +fi + +echo "" +exit $EXIT_CODE diff --git a/tests/python/test_apimrequests.py b/tests/python/test_apimrequests.py index bcd3cff..bee1728 100644 --- a/tests/python/test_apimrequests.py +++ b/tests/python/test_apimrequests.py @@ -1,37 +1,36 @@ -import pytest -import requests -import time from unittest.mock import patch, MagicMock +import requests +import pytest from apimrequests import ApimRequests from apimtypes import SUBSCRIPTION_KEY_PARAMETER_NAME, HTTP_VERB # Sample values for tests -default_url = 'https://example.com/apim/' -default_key = 'test-key' -default_path = '/test' -default_headers = {'Custom-Header': 'Value'} -default_data = {'foo': 'bar'} +DEFAULT_URL = 'https://example.com/apim/' +DEFAULT_KEY = 'test-KEY' +DEFAULT_PATH = '/test' +DEFAULT_HEADERS = {'Custom-Header': 'Value'} +DEFAULT_DATA = {'foo': 'bar'} @pytest.fixture def apim(): - return ApimRequests(default_url, default_key) + return ApimRequests(DEFAULT_URL, DEFAULT_KEY) @pytest.mark.unit def test_init_sets_headers(): - """Test that headers are set correctly when subscription key is provided.""" - apim = ApimRequests(default_url, default_key) - assert apim.url == default_url - assert apim.apimSubscriptionKey == default_key - assert apim.headers[SUBSCRIPTION_KEY_PARAMETER_NAME] == default_key + """Test that headers are set correctly when subscription KEY is provided.""" + apim = ApimRequests(DEFAULT_URL, DEFAULT_KEY) + assert apim._url == DEFAULT_URL + assert apim.subscriptionKey == DEFAULT_KEY + assert apim.headers[SUBSCRIPTION_KEY_PARAMETER_NAME] == DEFAULT_KEY @pytest.mark.unit def test_init_no_key(): - """Test that headers are set correctly when no subscription key is provided.""" - apim = ApimRequests(default_url) - assert apim.url == default_url - assert apim.apimSubscriptionKey is None + """Test that headers are set correctly when no subscription KEY is provided.""" + apim = ApimRequests(DEFAULT_URL) + assert apim._url == DEFAULT_URL + assert apim.subscriptionKey is None assert 'Ocp-Apim-Subscription-Key' not in apim.headers assert apim.headers['Accept'] == 'application/json' @@ -50,7 +49,7 @@ def test_single_get_success(mock_print_error, mock_print_info, mock_print_messag mock_request.return_value = mock_response with patch.object(apim, '_print_response') as mock_print_response: - result = apim.singleGet(default_path, printResponse=True) + result = apim.singleGet(DEFAULT_PATH, printResponse=True) assert result == '{\n "result": "ok"\n}' mock_print_response.assert_called_once_with(mock_response) mock_print_error.assert_not_called() @@ -62,7 +61,7 @@ def test_single_get_success(mock_print_error, mock_print_info, mock_print_messag @patch('apimrequests.utils.print_error') def test_single_get_error(mock_print_error, mock_print_info, mock_print_message, mock_request, apim): mock_request.side_effect = requests.exceptions.RequestException('fail') - result = apim.singleGet(default_path, printResponse=True) + result = apim.singleGet(DEFAULT_PATH, printResponse=True) assert result is None mock_print_error.assert_called_once() @@ -81,7 +80,7 @@ def test_single_post_success(mock_print_error, mock_print_info, mock_print_messa mock_request.return_value = mock_response with patch.object(apim, '_print_response') as mock_print_response: - result = apim.singlePost(default_path, data=default_data, printResponse=True) + result = apim.singlePost(DEFAULT_PATH, data=DEFAULT_DATA, printResponse=True) assert result == '{\n "created": true\n}' mock_print_response.assert_called_once_with(mock_response) mock_print_error.assert_not_called() @@ -102,7 +101,7 @@ def test_multi_get_success(mock_print_info, mock_print_message, mock_session, ap mock_session.return_value = mock_sess with patch.object(apim, '_print_response_code') as mock_print_code: - result = apim.multiGet(default_path, runs=2, printResponse=True) + result = apim.multiGet(DEFAULT_PATH, runs=2, printResponse=True) assert len(result) == 2 for run in result: assert run['status_code'] == 200 @@ -121,25 +120,24 @@ def test_multi_get_error(mock_print_info, mock_print_message, mock_session, apim with patch.object(apim, '_print_response_code'): # Should raise inside the loop and propagate the exception, ensuring the session is closed with pytest.raises(requests.exceptions.RequestException): - apim.multiGet(default_path, runs=1, printResponse=True) + apim.multiGet(DEFAULT_PATH, runs=1, printResponse=True) # Sample values for tests -url = 'https://example.com/apim/' -key = 'test-key' -path = '/test' +URL = 'https://example.com/apim/' +KEY = 'test-KEY' +PATH = '/test' def make_apim(): - return ApimRequests(url, key) + return ApimRequests(URL, KEY) @pytest.mark.http def test_single_post_error(): apim = make_apim() with patch('apimrequests.requests.request') as mock_request, \ patch('apimrequests.utils.print_error') as mock_print_error: - import requests mock_request.side_effect = requests.RequestException('fail') - result = apim.singlePost(path, data={'foo': 'bar'}, printResponse=True) + result = apim.singlePost(PATH, data={'foo': 'bar'}, printResponse=True) assert result is None mock_print_error.assert_called() @@ -156,7 +154,7 @@ def test_multi_get_non_json(): mock_sess.request.return_value = mock_response mock_session.return_value = mock_sess with patch.object(apim, '_print_response_code'): - result = apim.multiGet(path, runs=1, printResponse=True) + result = apim.multiGet(PATH, runs=1, printResponse=True) assert result[0]['response'] == 'not json' @pytest.mark.http @@ -173,7 +171,7 @@ def test_request_header_merging(): # Custom header should override default custom_headers = {'Accept': 'application/xml', 'X-Test': '1'} with patch.object(apim, '_print_response'): - apim.singleGet(path, headers=custom_headers, printResponse=True) + apim.singleGet(PATH, headers=custom_headers, printResponse=True) called_headers = mock_request.call_args[1]['headers'] assert called_headers['Accept'] == 'application/xml' assert called_headers['X-Test'] == '1' @@ -199,12 +197,12 @@ class DummyResponse: # ------------------------------ def test_headers_property_allows_external_modification(): - apim = ApimRequests(default_url, default_key) + apim = ApimRequests(DEFAULT_URL, DEFAULT_KEY) apim.headers['X-Test'] = 'value' assert apim.headers['X-Test'] == 'value' def test_headers_property_is_dict_reference(): - apim = ApimRequests(default_url, default_key) + apim = ApimRequests(DEFAULT_URL, DEFAULT_KEY) h = apim.headers h['X-Ref'] = 'ref' assert apim.headers['X-Ref'] == 'ref' @@ -222,10 +220,10 @@ def test_request_with_custom_headers(mock_request, apim): mock_response.json.return_value = {'result': 'ok'} mock_response.raise_for_status.return_value = None mock_request.return_value = mock_response - + custom_headers = {'Custom': 'value'} - result = apim.singleGet(default_path, headers=custom_headers) - + apim.singleGet(DEFAULT_PATH, headers=custom_headers) + # Verify custom headers were merged with default headers call_kwargs = mock_request.call_args[1] assert 'Custom' in call_kwargs['headers'] @@ -236,9 +234,9 @@ def test_request_with_custom_headers(mock_request, apim): def test_request_timeout_error(mock_request, apim): """Test request with timeout error.""" mock_request.side_effect = requests.exceptions.Timeout() - - result = apim.singleGet(default_path) - + + result = apim.singleGet(DEFAULT_PATH) + assert result is None @pytest.mark.unit @@ -246,9 +244,9 @@ def test_request_timeout_error(mock_request, apim): def test_request_connection_error(mock_request, apim): """Test request with connection error.""" mock_request.side_effect = requests.exceptions.ConnectionError() - - result = apim.singleGet(default_path) - + + result = apim.singleGet(DEFAULT_PATH) + assert result is None @pytest.mark.unit @@ -262,7 +260,7 @@ def test_request_http_error(mock_request, apim): mock_response.text = 'Resource not found' mock_request.return_value = mock_response - result = apim.singleGet(default_path) + result = apim.singleGet(DEFAULT_PATH) # The method returns the response body even for error status codes assert result == 'Resource not found' @@ -278,7 +276,7 @@ def test_request_non_json_response(mock_request, apim): mock_response.text = 'Plain text response' mock_request.return_value = mock_response - result = apim.singleGet(default_path) + result = apim.singleGet(DEFAULT_PATH) # Should return text response when JSON parsing fails assert result == 'Plain text response' @@ -295,7 +293,7 @@ def test_request_with_data(mock_request, apim): mock_request.return_value = mock_response data = {'name': 'test', 'value': 'data'} - result = apim.singlePost(default_path, data=data) + result = apim.singlePost(DEFAULT_PATH, data=data) # Verify data was passed correctly call_kwargs = mock_request.call_args[1] @@ -305,11 +303,11 @@ def test_request_with_data(mock_request, apim): @pytest.mark.unit def test_apim_requests_without_subscription_key(): - """Test ApimRequests initialization without subscription key.""" - apim = ApimRequests(default_url) - - assert apim.url == default_url - assert apim.apimSubscriptionKey is None + """Test ApimRequests initialization without subscription KEY.""" + apim = ApimRequests(DEFAULT_URL) + + assert apim._url == DEFAULT_URL + assert apim.subscriptionKey is None assert SUBSCRIPTION_KEY_PARAMETER_NAME not in apim.headers assert apim.headers['Accept'] == 'application/json' @@ -345,7 +343,7 @@ def test_request_with_message(mock_print_info, mock_print_message, mock_request, @patch('apimrequests.requests.request') @patch('apimrequests.utils.print_info') def test_request_path_without_leading_slash(mock_print_info, mock_request, apim): - """Test _request method with path without leading slash.""" + """Test _request method with PATH without leading slash.""" mock_response = MagicMock() mock_response.status_code = 200 mock_response.headers = {'Content-Type': 'application/json'} @@ -357,9 +355,9 @@ def test_request_path_without_leading_slash(mock_print_info, mock_request, apim) apim._request(HTTP_VERB.GET, 'test') # Should call with the corrected URL - expected_url = default_url + '/test' + expected_url = DEFAULT_URL + '/test' mock_request.assert_called_once() - args, kwargs = mock_request.call_args + args, _kwargs = mock_request.call_args assert args[1] == expected_url @@ -371,7 +369,7 @@ def test_multi_request_with_message(mock_print_info, mock_print_message, mock_se """Test _multiRequest method with message parameter.""" mock_session = MagicMock() mock_session_class.return_value = mock_session - + mock_response = MagicMock() mock_response.status_code = 200 mock_response.headers = {'Content-Type': 'application/json'} @@ -390,10 +388,10 @@ def test_multi_request_with_message(mock_print_info, mock_print_message, mock_se @patch('apimrequests.requests.Session') @patch('apimrequests.utils.print_info') def test_multi_request_path_without_leading_slash(mock_print_info, mock_session_class, apim): - """Test _multiRequest method with path without leading slash.""" + """Test _multiRequest method with PATH without leading slash.""" mock_session = MagicMock() mock_session_class.return_value = mock_session - + mock_response = MagicMock() mock_response.status_code = 200 mock_response.headers = {'Content-Type': 'application/json'} @@ -405,9 +403,9 @@ def test_multi_request_path_without_leading_slash(mock_print_info, mock_session_ apim._multiRequest(HTTP_VERB.GET, 'test', 1) # Should call with the corrected URL - expected_url = default_url + '/test' + expected_url = DEFAULT_URL + '/test' mock_session.request.assert_called_once() - args, kwargs = mock_session.request.call_args + args, _kwargs = mock_session.request.call_args assert args[1] == expected_url @@ -418,7 +416,7 @@ def test_multi_request_non_json_response(mock_print_info, mock_session_class, ap """Test _multiRequest method with non-JSON response.""" mock_session = MagicMock() mock_session_class.return_value = mock_session - + mock_response = MagicMock() mock_response.status_code = 200 mock_response.headers = {'Content-Type': 'text/plain'} @@ -524,7 +522,7 @@ def test_poll_async_operation_timeout(mock_sleep, mock_time, mock_print_error, m """Test _poll_async_operation method with timeout.""" # Mock time to simulate timeout mock_time.side_effect = [0, 30, 61] # start, first check, timeout check - + mock_response = MagicMock() mock_response.status_code = 202 mock_get.return_value = mock_response @@ -545,14 +543,14 @@ def test_single_post_async_success_with_location(mock_print_info, mock_print_mes initial_response = MagicMock() initial_response.status_code = 202 initial_response.headers = {'Location': 'http://example.com/operation/123'} - + # Mock final 200 response final_response = MagicMock() final_response.status_code = 200 final_response.headers = {'Content-Type': 'application/json'} final_response.json.return_value = {'result': 'completed'} final_response.text = '{"result": "completed"}' - + mock_request.return_value = initial_response with patch.object(apim, '_poll_async_operation', return_value=final_response) as mock_poll: @@ -638,7 +636,7 @@ def test_single_post_async_failed_polling(mock_print_error, mock_request, apim): @patch('apimrequests.requests.request') @patch('apimrequests.utils.print_info') def test_single_post_async_path_without_leading_slash(mock_print_info, mock_request, apim): - """Test singlePostAsync method with path without leading slash.""" + """Test singlePostAsync method with PATH without leading slash.""" mock_response = MagicMock() mock_response.status_code = 200 mock_response.headers = {'Content-Type': 'application/json'} @@ -650,9 +648,9 @@ def test_single_post_async_path_without_leading_slash(mock_print_info, mock_requ apim.singlePostAsync('test') # Should call with the corrected URL - expected_url = default_url + '/test' + expected_url = DEFAULT_URL + '/test' mock_request.assert_called_once() - args, kwargs = mock_request.call_args + args, _kwargs = mock_request.call_args assert args[1] == expected_url @@ -670,4 +668,4 @@ def test_single_post_async_non_json_response(mock_print_info, mock_request, apim with patch.object(apim, '_print_response'): result = apim.singlePostAsync('/test') - assert result == 'Plain text result' \ No newline at end of file + assert result == 'Plain text result' diff --git a/tests/python/test_apimtesting.py b/tests/python/test_apimtesting.py index d072595..1900363 100644 --- a/tests/python/test_apimtesting.py +++ b/tests/python/test_apimtesting.py @@ -2,16 +2,15 @@ Unit tests for the ApimTesting module. """ -import pytest -from unittest.mock import patch, MagicMock +from unittest.mock import patch import sys import os +from apimtesting import ApimTesting +from apimtypes import INFRASTRUCTURE # Add the shared/python directory to the Python path sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..', '..', 'shared', 'python')) -from apimtesting import ApimTesting -from apimtypes import INFRASTRUCTURE # ------------------------------ @@ -21,13 +20,13 @@ def test_apimtesting_init_default(): """Test ApimTesting initialization with default parameters.""" testing = ApimTesting() - + assert testing.test_suite_name == 'APIM Tests' assert testing.sample_name is None assert testing.deployment is None - assert testing.tests_passed == 0 - assert testing.tests_failed == 0 - assert testing.total_tests == 0 + assert not testing.tests_passed + assert not testing.tests_failed + assert not testing.total_tests assert testing.errors == [] @@ -38,13 +37,13 @@ def test_apimtesting_init_with_parameters(): sample_name='test-sample', deployment=INFRASTRUCTURE.SIMPLE_APIM ) - + assert testing.test_suite_name == 'Custom Tests' assert testing.sample_name == 'test-sample' assert testing.deployment == INFRASTRUCTURE.SIMPLE_APIM - assert testing.tests_passed == 0 - assert testing.tests_failed == 0 - assert testing.total_tests == 0 + assert not testing.tests_passed + assert not testing.tests_failed + assert not testing.total_tests assert testing.errors == [] @@ -55,27 +54,26 @@ def test_apimtesting_init_with_parameters(): def test_verify_success(): """Test the verify method with matching values.""" testing = ApimTesting() - + with patch('builtins.print') as mock_print: result = testing.verify(5, 5) - + assert result is True assert testing.tests_passed == 1 - assert testing.tests_failed == 0 + assert not testing.tests_failed assert testing.total_tests == 1 - assert len(testing.errors) == 0 mock_print.assert_called_with('āœ… Test 1: PASS') def test_verify_failure(): """Test the verify method with non-matching values.""" testing = ApimTesting() - + with patch('builtins.print') as mock_print: result = testing.verify(5, 10) - + assert result is False - assert testing.tests_passed == 0 + assert not testing.tests_passed assert testing.tests_failed == 1 assert testing.total_tests == 1 assert len(testing.errors) == 1 @@ -86,7 +84,7 @@ def test_verify_failure(): def test_verify_multiple_tests(): """Test the verify method with multiple test cases.""" testing = ApimTesting() - + with patch('builtins.print'): # Test 1: Pass result1 = testing.verify('hello', 'hello') @@ -94,7 +92,7 @@ def test_verify_multiple_tests(): result2 = testing.verify(1, 2) # Test 3: Pass result3 = testing.verify([1, 2, 3], [1, 2, 3]) - + assert result1 is True assert result2 is False assert result3 is True @@ -107,7 +105,7 @@ def test_verify_multiple_tests(): def test_verify_different_types(): """Test the verify method with different data types.""" testing = ApimTesting() - + with patch('builtins.print'): # String assert testing.verify('test', 'test') is True @@ -121,15 +119,15 @@ def test_verify_different_types(): assert testing.verify({'a': 1}, {'a': 1}) is True # None assert testing.verify(None, None) is True - + assert testing.tests_passed == 6 - assert testing.tests_failed == 0 + assert not testing.tests_failed def test_verify_none_vs_empty(): """Test the verify method with None vs empty values.""" testing = ApimTesting() - + with patch('builtins.print'): # None vs empty string should fail assert testing.verify(None, '') is False @@ -137,8 +135,8 @@ def test_verify_none_vs_empty(): assert testing.verify(None, []) is False # Empty string vs empty list should fail assert testing.verify('', []) is False - - assert testing.tests_passed == 0 + + assert not testing.tests_passed assert testing.tests_failed == 3 @@ -149,21 +147,21 @@ def test_verify_none_vs_empty(): def test_print_summary_all_passed(): """Test print_summary when all tests pass.""" testing = ApimTesting('Test Suite', 'sample-1', INFRASTRUCTURE.SIMPLE_APIM) - + with patch('builtins.print') as mock_print: # Simulate some passing tests testing.tests_passed = 5 testing.total_tests = 5 - + testing.print_summary() - + # Check that the right messages were printed calls = [call.args[0] for call in mock_print.call_args_list if call.args] - + # Should contain success message success_messages = [call for call in calls if 'ALL TESTS PASSED' in call] assert len(success_messages) > 0 - + # Should contain statistics stats_messages = [call for call in calls if 'Tests Passed' in call] assert len(stats_messages) > 0 @@ -172,23 +170,23 @@ def test_print_summary_all_passed(): def test_print_summary_some_failed(): """Test print_summary when some tests fail.""" testing = ApimTesting('Test Suite', 'sample-1', INFRASTRUCTURE.SIMPLE_APIM) - + with patch('builtins.print') as mock_print: # Simulate mixed results testing.tests_passed = 3 testing.tests_failed = 2 testing.total_tests = 5 testing.errors = ['Error 1', 'Error 2'] - + testing.print_summary() - + # Check that the right messages were printed calls = [call.args[0] for call in mock_print.call_args_list if call.args] - + # Should contain failure message failure_messages = [call for call in calls if 'SOME TESTS FAILED' in call] assert len(failure_messages) > 0 - + # Should contain error details error_messages = [call for call in calls if 'Detailed Error Analysis' in call] assert len(error_messages) > 0 @@ -197,13 +195,13 @@ def test_print_summary_some_failed(): def test_print_summary_no_tests(): """Test print_summary when no tests were executed.""" testing = ApimTesting('Test Suite') - + with patch('builtins.print') as mock_print: testing.print_summary() - + # Check that the right messages were printed calls = [call.args[0] for call in mock_print.call_args_list if call.args] - + # Should contain no tests message no_tests_messages = [call for call in calls if 'NO TESTS EXECUTED' in call] assert len(no_tests_messages) > 0 @@ -212,15 +210,15 @@ def test_print_summary_no_tests(): def test_print_summary_success_rate_calculation(): """Test that success rate is calculated correctly.""" testing = ApimTesting() - + with patch('builtins.print') as mock_print: # Simulate 3 passed, 2 failed = 60% success rate testing.tests_passed = 3 testing.tests_failed = 2 testing.total_tests = 5 - + testing.print_summary() - + # Check that 60% appears in the output calls = [call.args[0] for call in mock_print.call_args_list if call.args] success_rate_messages = [call for call in calls if '60.0%' in call] @@ -230,13 +228,13 @@ def test_print_summary_success_rate_calculation(): def test_print_summary_with_none_values(): """Test print_summary with None values for sample_name and deployment.""" testing = ApimTesting() - + with patch('builtins.print') as mock_print: testing.total_tests = 1 testing.tests_passed = 1 - + testing.print_summary() - + # Check that N/A appears for None values calls = [call.args[0] for call in mock_print.call_args_list if call.args] na_messages = [call for call in calls if 'N/A' in call] @@ -250,7 +248,7 @@ def test_print_summary_with_none_values(): def test_full_testing_workflow(): """Test a complete testing workflow with mixed results.""" testing = ApimTesting('Integration Test', 'test-sample', INFRASTRUCTURE.APIM_ACA) - + with patch('builtins.print'): # Run several tests testing.verify(200, 200) # Pass @@ -258,16 +256,16 @@ def test_full_testing_workflow(): testing.verify(404, 200) # Fail testing.verify({'status': 'success'}, {'status': 'success'}) # Pass testing.verify(None, 'something') # Fail - + # Check final state assert testing.total_tests == 5 assert testing.tests_passed == 3 assert testing.tests_failed == 2 assert len(testing.errors) == 2 - + # Test summary testing.print_summary() - + # Verify final state hasn't changed assert testing.total_tests == 5 assert testing.tests_passed == 3 @@ -277,17 +275,17 @@ def test_full_testing_workflow(): def test_edge_cases(): """Test edge cases and unusual inputs.""" testing = ApimTesting() - + with patch('builtins.print'): # Large numbers assert testing.verify(999999999, 999999999) is True - + # Negative numbers assert testing.verify(-42, -42) is True - + # Special float values assert testing.verify(float('inf'), float('inf')) is True - + # Complex data structures complex_dict = { 'nested': { @@ -296,9 +294,9 @@ def test_edge_cases(): } } assert testing.verify(complex_dict, complex_dict) is True - + # Unicode strings assert testing.verify('굋čƕ', '굋čƕ') is True - + assert testing.tests_passed == 5 - assert testing.tests_failed == 0 + assert not testing.tests_failed diff --git a/tests/python/test_apimtypes.py b/tests/python/test_apimtypes.py index 80bdc75..9b4a79a 100644 --- a/tests/python/test_apimtypes.py +++ b/tests/python/test_apimtypes.py @@ -2,10 +2,12 @@ Unit tests for apimtypes.py. """ +from pathlib import Path import pytest import apimtypes + # ------------------------------ # CONSTANTS # ------------------------------ @@ -152,7 +154,7 @@ def test_api_with_both_tags_and_product_names(): ) assert api.tags == tags assert api.productNames == product_names - + d = api.to_dict() assert d['tags'] == tags assert d['productNames'] == product_names @@ -393,7 +395,7 @@ def test_product_creation(): assert product.displayName == 'Human Resources' assert product.description == 'HR product description' assert product.state == 'published' # default value - assert product.subscriptionRequired == True # default value + assert product.subscriptionRequired is True # default value assert product.policyXml is not None # should have default policy @@ -414,7 +416,7 @@ def test_product_creation_with_custom_values(): assert product.displayName == 'Test Product' assert product.description == 'Test description' assert product.state == 'notPublished' - assert product.subscriptionRequired == False + assert product.subscriptionRequired is False assert product.policyXml == custom_policy @@ -433,8 +435,8 @@ def test_product_creation_with_approval_required(): assert product.displayName == 'Premium Human Resources' assert product.description == 'Premium HR product requiring approval' assert product.state == 'published' # default value - assert product.subscriptionRequired == True - assert product.approvalRequired == True + assert product.subscriptionRequired is True + assert product.approvalRequired is True assert product.policyXml is not None # should have default policy @@ -451,12 +453,12 @@ def test_product_to_dict(): policyXml = custom_policy ) d = product.to_dict() - + assert d['name'] == 'hr' assert d['displayName'] == 'Human Resources' assert d['description'] == 'HR product' assert d['state'] == 'published' - assert d['subscriptionRequired'] == True + assert d['subscriptionRequired'] is True assert d['policyXml'] == custom_policy @@ -471,13 +473,13 @@ def test_product_to_dict_includes_approval_required(): approvalRequired = True ) d = product.to_dict() - + assert d['name'] == 'premium-hr' assert d['displayName'] == 'Premium Human Resources' assert d['description'] == 'Premium HR product' assert d['state'] == 'published' - assert d['subscriptionRequired'] == True - assert d['approvalRequired'] == True + assert d['subscriptionRequired'] is True + assert d['approvalRequired'] is True assert 'policyXml' in d @@ -489,10 +491,10 @@ def test_product_approval_required_default_false(): displayName = 'Basic Human Resources', description = 'Basic HR product' ) - - assert product.approvalRequired == False + + assert product.approvalRequired is False d = product.to_dict() - assert d['approvalRequired'] == False + assert d['approvalRequired'] is False @pytest.mark.unit @@ -543,7 +545,7 @@ def test_api_subscription_required_default(): policyXml = EXAMPLE_POLICY_XML, operations = None ) - assert api.subscriptionRequired == True + assert api.subscriptionRequired is True @pytest.mark.unit def test_api_subscription_required_explicit_false(): @@ -557,7 +559,7 @@ def test_api_subscription_required_explicit_false(): operations = None, subscriptionRequired = False ) - assert api.subscriptionRequired == False + assert api.subscriptionRequired is False @pytest.mark.unit def test_api_subscription_required_explicit_true(): @@ -571,7 +573,7 @@ def test_api_subscription_required_explicit_true(): operations = None, subscriptionRequired = True ) - assert api.subscriptionRequired == True + assert api.subscriptionRequired is True @pytest.mark.unit def test_api_to_dict_includes_subscription_required_when_true(): @@ -587,7 +589,7 @@ def test_api_to_dict_includes_subscription_required_when_true(): ) d = api.to_dict() assert 'subscriptionRequired' in d - assert d['subscriptionRequired'] == True + assert d['subscriptionRequired'] is True @pytest.mark.unit def test_api_to_dict_includes_subscription_required_when_false(): @@ -603,7 +605,7 @@ def test_api_to_dict_includes_subscription_required_when_false(): ) d = api.to_dict() assert 'subscriptionRequired' in d - assert d['subscriptionRequired'] == False + assert d['subscriptionRequired'] is False @pytest.mark.unit def test_api_equality_with_subscription_required(): @@ -635,10 +637,10 @@ def test_api_equality_with_subscription_required(): operations = None, subscriptionRequired = False ) - + # Same subscriptionRequired values should be equal assert api1 == api2 - + # Different subscriptionRequired values should not be equal assert api1 != api3 @@ -658,7 +660,7 @@ def test_api_with_all_properties(): productNames = product_names, subscriptionRequired = True ) - + assert api.name == EXAMPLE_NAME assert api.displayName == EXAMPLE_DISPLAY_NAME assert api.path == EXAMPLE_PATH @@ -667,8 +669,8 @@ def test_api_with_all_properties(): assert api.operations == [] assert api.tags == tags assert api.productNames == product_names - assert api.subscriptionRequired == True - + assert api.subscriptionRequired is True + d = api.to_dict() assert d['name'] == EXAMPLE_NAME assert d['displayName'] == EXAMPLE_DISPLAY_NAME @@ -677,7 +679,7 @@ def test_api_with_all_properties(): assert d['policyXml'] == EXAMPLE_POLICY_XML assert d['tags'] == tags assert d['productNames'] == product_names - assert d['subscriptionRequired'] == True + assert d['subscriptionRequired'] is True # ------------------------------ @@ -694,7 +696,7 @@ def test_named_value_creation(): assert nv.name == 'test-nv' assert nv.value == 'test-value' assert nv.isSecret is True - + # Test to_dict method d = nv.to_dict() assert d['name'] == 'test-nv' @@ -715,7 +717,7 @@ def test_policy_fragment_creation(): assert pf.name == 'test-fragment' assert pf.description == 'Test fragment' assert pf.policyXml == '' - + # Test to_dict method d = pf.to_dict() assert d['name'] == 'test-fragment' @@ -724,7 +726,7 @@ def test_policy_fragment_creation(): def test_policy_fragment_defaults(): """Test PolicyFragment default values.""" pf = apimtypes.PolicyFragment(name='test', policyXml='') - assert pf.description == '' # default value + assert not pf.description # default value def test_product_defaults(): """Test Product default values.""" @@ -774,7 +776,7 @@ def test_api_operation_equality(): description='Test op', policyXml='' ) - + assert op1 == op2 assert op1 != op3 @@ -792,13 +794,6 @@ def test_api_operation_repr(): assert 'APIOperation' in result assert 'test' in result -def test_product_repr(): - """Test Product __repr__ method.""" - product = apimtypes.Product(name='test-product', displayName='Test Product', description='Test') - result = repr(product) - assert 'Product' in result - assert 'test-product' in result - def test_named_value_repr(): """Test NamedValue __repr__ method.""" nv = apimtypes.NamedValue(name='test-nv', value='value') @@ -820,9 +815,7 @@ def test_policy_fragment_repr(): def test_get_project_root_functionality(): """Test _get_project_root function comprehensively.""" - import os - from pathlib import Path - + # This function should return the project root root = apimtypes._get_project_root() assert isinstance(root, Path) @@ -833,15 +826,15 @@ def test_api_edge_cases(): """Test API class with edge cases and full coverage.""" # Test with all None/empty values api = apimtypes.API('', '', '', '', '', operations=None, tags=None, productNames=None) - assert api.name == '' + assert not api.name assert api.operations == [] assert api.tags == [] assert api.productNames == [] - + # Test subscription required variations api_sub_true = apimtypes.API('test', 'Test', '/test', 'desc', 'policy', subscriptionRequired=True) assert api_sub_true.subscriptionRequired is True - + api_sub_false = apimtypes.API('test', 'Test', '/test', 'desc', 'policy', subscriptionRequired=False) assert api_sub_false.subscriptionRequired is False @@ -858,10 +851,10 @@ def test_product_edge_cases(): assert product.approvalRequired is False # Policy XML should contain some content, not be empty assert product.policyXml is not None and len(product.policyXml) > 0 - + # Test with all parameters product_full = apimtypes.Product( - 'full', 'Full Product', 'Description', 'notPublished', + 'full', 'Full Product', 'Description', 'notPublished', True, True, '' ) assert product_full.state == 'notPublished' @@ -877,7 +870,7 @@ def test_named_value_edge_cases(): assert nv.name == 'key' assert nv.value == 'value' assert nv.isSecret is False # Use correct attribute name - + # Test with secret nv_secret = apimtypes.NamedValue('secret-key', 'secret-value', True) assert nv_secret.isSecret is True # Use correct attribute name @@ -889,8 +882,8 @@ def test_policy_fragment_edge_cases(): pf = apimtypes.PolicyFragment('frag', '') assert pf.name == 'frag' assert pf.policyXml == '' # Use correct attribute name - assert pf.description == '' - + assert not pf.description + # Test with description pf_desc = apimtypes.PolicyFragment('frag', '', 'Test fragment') assert pf_desc.description == 'Test fragment' @@ -901,7 +894,7 @@ def test_api_operation_comprehensive(): # Test invalid HTTP method with pytest.raises(ValueError, match='Invalid HTTP_VERB'): apimtypes.APIOperation('test', 'Test', '/test', 'INVALID', 'Test description', '') - + # Test all valid methods for method in ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'HEAD', 'OPTIONS']: # Get HTTP_VERB enum value @@ -918,7 +911,7 @@ def test_convenience_functions(): assert get_op.method == apimtypes.HTTP_VERB.GET assert get_op.displayName == 'GET' # displayName is set to 'GET', not the description assert get_op.description == 'Get data' # description parameter goes to description field - + post_op = apimtypes.POST_APIOperation('Post data', '') assert post_op.method == apimtypes.HTTP_VERB.POST assert post_op.displayName == 'POST' # displayName is set to 'POST', not the description @@ -931,15 +924,15 @@ def test_enum_edge_cases(): assert hasattr(apimtypes.INFRASTRUCTURE, 'SIMPLE_APIM') assert hasattr(apimtypes.INFRASTRUCTURE, 'AFD_APIM_PE') assert hasattr(apimtypes.INFRASTRUCTURE, 'APIM_ACA') - + assert hasattr(apimtypes.APIM_SKU, 'DEVELOPER') assert hasattr(apimtypes.APIM_SKU, 'BASIC') assert hasattr(apimtypes.APIM_SKU, 'STANDARD') assert hasattr(apimtypes.APIM_SKU, 'PREMIUM') - + assert hasattr(apimtypes.APIMNetworkMode, 'EXTERNAL_VNET') # Correct enum name assert hasattr(apimtypes.APIMNetworkMode, 'INTERNAL_VNET') # Correct enum name - + assert hasattr(apimtypes.HTTP_VERB, 'GET') assert hasattr(apimtypes.HTTP_VERB, 'POST') @@ -961,7 +954,7 @@ def test_to_dict_comprehensive(): operations=[op], tags=['tag1', 'tag2'], productNames=['prod1'], subscriptionRequired=True ) - + api_dict = api.to_dict() assert api_dict['name'] == 'test-api' assert api_dict['displayName'] == 'Test API' @@ -972,7 +965,7 @@ def test_to_dict_comprehensive(): assert api_dict['tags'] == ['tag1', 'tag2'] assert api_dict['productNames'] == ['prod1'] assert api_dict['subscriptionRequired'] is True - + # Test Product to_dict product = apimtypes.Product('prod', 'Product', 'Desc', 'published', True, True, '') prod_dict = product.to_dict() @@ -983,14 +976,14 @@ def test_to_dict_comprehensive(): assert prod_dict['subscriptionRequired'] is True assert prod_dict['approvalRequired'] is True assert prod_dict['policyXml'] == '' - + # Test NamedValue to_dict nv = apimtypes.NamedValue('key', 'value', True) nv_dict = nv.to_dict() assert nv_dict['name'] == 'key' assert nv_dict['value'] == 'value' assert nv_dict['isSecret'] is True # Use correct key name - + # Test PolicyFragment to_dict pf = apimtypes.PolicyFragment('frag', '', 'Fragment desc') pf_dict = pf.to_dict() @@ -1004,38 +997,38 @@ def test_equality_and_repr_comprehensive(): api1 = apimtypes.API('test', 'Test', '/test', 'desc', 'policy') api2 = apimtypes.API('test', 'Test', '/test', 'desc', 'policy') api3 = apimtypes.API('different', 'Different', '/diff', 'desc', 'policy') - + assert api1 == api2 assert api1 != api3 assert api1 != 'not an api' - + # Test repr repr_str = repr(api1) assert 'API' in repr_str assert 'test' in repr_str - + # Test Product equality and repr prod1 = apimtypes.Product('prod', 'Product', 'Product description') prod2 = apimtypes.Product('prod', 'Product', 'Product description') prod3 = apimtypes.Product('other', 'Other', 'Other description') - + assert prod1 == prod2 assert prod1 != prod3 assert prod1 != 'not a product' - + repr_str = repr(prod1) assert 'Product' in repr_str assert 'prod' in repr_str - + # Test APIOperation equality and repr op1 = apimtypes.GET_APIOperation('Get', '') op2 = apimtypes.GET_APIOperation('Get', '') op3 = apimtypes.POST_APIOperation('Post', '') - + assert op1 == op2 assert op1 != op3 assert op1 != 'not an operation' - + repr_str = repr(op1) assert 'APIOperation' in repr_str assert 'GET' in repr_str @@ -1048,7 +1041,7 @@ def test_constants_accessibility(): assert isinstance(apimtypes.HELLO_WORLD_XML_POLICY_PATH, str) assert isinstance(apimtypes.REQUEST_HEADERS_XML_POLICY_PATH, str) assert isinstance(apimtypes.BACKEND_XML_POLICY_PATH, str) - + # Test other constants assert isinstance(apimtypes.SUBSCRIPTION_KEY_PARAMETER_NAME, str) assert isinstance(apimtypes.SLEEP_TIME_BETWEEN_REQUESTS_MS, int) diff --git a/tests/python/test_authfactory.py b/tests/python/test_authfactory.py index 6c1ca3d..e8792af 100644 --- a/tests/python/test_authfactory.py +++ b/tests/python/test_authfactory.py @@ -1,8 +1,8 @@ """ Unit tests for authfactory.py. """ -import pytest import time +import pytest from authfactory import JwtPayload, SymmetricJwtToken, AuthFactory from users import User @@ -59,8 +59,7 @@ def test_create_jwt_payload_for_user_no_user(): def test_jwt_payload_edge_cases(): """Test JwtPayload with edge cases.""" - import time - + # Test with empty roles payload = JwtPayload('test-user', 'Test User', roles=[]) payload_dict = payload.to_dict() @@ -69,12 +68,12 @@ def test_jwt_payload_edge_cases(): assert payload_dict['name'] == 'Test User' assert 'iat' in payload_dict assert 'exp' in payload_dict - + # Test with None roles payload_none = JwtPayload('test-user', 'Test User', roles=None) payload_dict_none = payload_none.to_dict() assert 'roles' not in payload_dict_none - + # Test expiration time current_time = int(time.time()) payload = JwtPayload('test', 'Test', roles=['role1']) @@ -88,18 +87,18 @@ def test_symmetric_jwt_token_edge_cases(): """Test SymmetricJwtToken with edge cases.""" # Test with valid payload and different keys payload = JwtPayload('test', 'Test', roles=['role1']) - + # Test that different keys produce different tokens token1 = SymmetricJwtToken('key1', payload) token2 = SymmetricJwtToken('key2', payload) - + encoded1 = token1.encode() encoded2 = token2.encode() - + assert encoded1 != encoded2 # Different keys should produce different tokens assert isinstance(encoded1, str) assert isinstance(encoded2, str) - + # Test with same key should produce same token token3 = SymmetricJwtToken('key1', payload) encoded3 = token3.encode() @@ -109,11 +108,11 @@ def test_symmetric_jwt_token_edge_cases(): def test_auth_factory_edge_cases(): """Test AuthFactory with various edge cases.""" user = User('test', 'Test User', ['role1', 'role2']) - + # Test with empty key with pytest.raises(ValueError): AuthFactory.create_symmetric_jwt_token_for_user(user, '') - + # Test with None user with pytest.raises(ValueError): AuthFactory.create_symmetric_jwt_token_for_user(None, 'test-key') @@ -122,12 +121,12 @@ def test_auth_factory_edge_cases(): def test_create_jwt_payload_for_user(): """Test create_jwt_payload_for_user method.""" user = User('test-id', 'Test User', ['admin', 'user']) - + payload = AuthFactory.create_jwt_payload_for_user(user) assert payload['sub'] == 'test-id' assert payload['name'] == 'Test User' assert payload['roles'] == ['admin', 'user'] - + # Test with None user with pytest.raises(ValueError): AuthFactory.create_jwt_payload_for_user(None) @@ -137,25 +136,24 @@ def test_jwt_token_structure(): """Test that generated JWT tokens have correct structure.""" user = User('test', 'Test User', ['role1']) token = AuthFactory.create_symmetric_jwt_token_for_user(user, 'test-secret-key') - + # JWT should have 3 parts separated by dots parts = token.split('.') assert len(parts) == 3 - + def test_jwt_payload_time_handling(): """Test JwtPayload time handling.""" - import time - + before_time = int(time.time()) payload = JwtPayload('test', 'Test', roles=['role']) after_time = int(time.time()) - + payload_dict = payload.to_dict() - + # iat should be around current time assert payload_dict['iat'] >= before_time assert payload_dict['iat'] <= after_time - + # exp should be iat + 86400 (24 hours) assert payload_dict['exp'] == payload_dict['iat'] + 86400 diff --git a/tests/python/test_charts.py b/tests/python/test_charts.py index a555e81..ec20824 100644 --- a/tests/python/test_charts.py +++ b/tests/python/test_charts.py @@ -2,16 +2,15 @@ Unit tests for the Charts module. """ -import pytest -from unittest.mock import patch, MagicMock, call +from unittest.mock import patch, MagicMock import sys import os -import json +import pytest +from charts import BarChart # Add the shared/python directory to the Python path sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..', '..', 'shared', 'python')) -from charts import BarChart # ------------------------------ @@ -93,14 +92,14 @@ def empty_api_results(): def test_barchart_init_basic(): """Test BarChart initialization with basic parameters.""" api_results = [{'run': 1, 'response_time': 0.1, 'status_code': 200, 'response': '{}'}] - + chart = BarChart( title='Test Chart', x_label='Request Number', y_label='Response Time', api_results=api_results ) - + assert chart.title == 'Test Chart' assert chart.x_label == 'Request Number' assert chart.y_label == 'Response Time' @@ -112,7 +111,7 @@ def test_barchart_init_with_fig_text(): """Test BarChart initialization with figure text.""" api_results = [{'run': 1, 'response_time': 0.1, 'status_code': 200, 'response': '{}'}] fig_text = 'This is additional chart information' - + chart = BarChart( title='Test Chart', x_label='X Axis', @@ -120,7 +119,7 @@ def test_barchart_init_with_fig_text(): api_results=api_results, fig_text=fig_text ) - + assert chart.fig_text == fig_text @@ -132,7 +131,7 @@ def test_barchart_init_empty_results(): y_label='Y Axis', api_results=[] ) - + assert chart.api_results == [] @@ -145,7 +144,7 @@ def test_barchart_init_empty_results(): def test_plot_calls_internal_method(mock_dataframe, mock_plt, sample_api_results): """Test that plot() calls the internal _plot_barchart method.""" chart = BarChart('Test', 'X', 'Y', sample_api_results) - + with patch.object(chart, '_plot_barchart') as mock_plot_barchart: chart.plot() mock_plot_barchart.assert_called_once_with(sample_api_results) @@ -169,17 +168,17 @@ def test_plot_barchart_data_processing(mock_dataframe, mock_plt, sample_api_resu mock_df.empty = False mock_df.quantile.return_value = 200 mock_df.mean.return_value = 150 - + chart = BarChart('Test', 'X', 'Y', sample_api_results) chart._plot_barchart(sample_api_results) - + # Verify DataFrame was created with correct data structure mock_dataframe.assert_called_once() call_args = mock_dataframe.call_args[0][0] # Get the data passed to DataFrame - + # Check that data was processed correctly assert len(call_args) == 5 # Should have 5 rows from sample data - + # Check first row data first_row = call_args[0] assert first_row['Run'] == 1 @@ -201,14 +200,14 @@ def test_plot_barchart_malformed_json_handling(mock_dataframe, mock_plt, malform mock_df.empty = False mock_df.quantile.return_value = 200 mock_df.mean.return_value = 150 - + chart = BarChart('Test', 'X', 'Y', malformed_api_results) chart._plot_barchart(malformed_api_results) - + # Verify DataFrame was created mock_dataframe.assert_called_once() call_args = mock_dataframe.call_args[0][0] - + # All malformed responses should have backend_index = 99 for row in call_args: assert row['Backend Index'] == 99 @@ -232,7 +231,7 @@ def test_plot_barchart_error_status_codes(mock_dataframe, mock_plt): 'response': 'Internal Server Error' } ] - + mock_df = MagicMock() mock_dataframe.return_value = mock_df mock_df.__getitem__.return_value = mock_df @@ -240,14 +239,14 @@ def test_plot_barchart_error_status_codes(mock_dataframe, mock_plt): mock_df.iterrows.return_value = iter([]) mock_df.plot.return_value = MagicMock() mock_df.empty = False - + chart = BarChart('Test', 'X', 'Y', error_results) chart._plot_barchart(error_results) - + # Verify DataFrame was created mock_dataframe.assert_called_once() call_args = mock_dataframe.call_args[0][0] - + # Error responses should have backend_index = 99 for row in call_args: assert row['Backend Index'] == 99 @@ -271,15 +270,15 @@ def test_plot_barchart_matplotlib_calls(mock_dataframe, mock_plt, sample_api_res mock_df.empty = False mock_df.quantile.return_value = 200 mock_df.mean.return_value = 150 - + # Mock unique() method for backend indexes mock_unique = MagicMock() mock_unique.unique.return_value = [1, 2] mock_df.__getitem__.return_value = mock_unique - + chart = BarChart('Test Chart', 'X Label', 'Y Label', sample_api_results) chart._plot_barchart(sample_api_results) - + # Verify matplotlib calls mock_plt.title.assert_called_with('Test Chart') mock_plt.xlabel.assert_called_with('X Label') @@ -298,19 +297,19 @@ def test_plot_barchart_empty_data(mock_dataframe, mock_plt, empty_api_results): mock_df.iterrows.return_value = iter([]) mock_df.plot.return_value = MagicMock() mock_df.empty = True - + chart = BarChart('Empty Chart', 'X', 'Y', empty_api_results) - + # Should not raise an exception chart._plot_barchart(empty_api_results) - + # Should still call basic matplotlib functions mock_plt.title.assert_called_with('Empty Chart') mock_plt.show.assert_called_once() @patch('charts.plt') -@patch('charts.pd.DataFrame') +@patch('charts.pd.DataFrame') def test_plot_barchart_figure_text(mock_dataframe, mock_plt, sample_api_results): """Test that _plot_barchart adds figure text when provided.""" mock_df = MagicMock() @@ -320,11 +319,11 @@ def test_plot_barchart_figure_text(mock_dataframe, mock_plt, sample_api_results) mock_df.iterrows.return_value = iter([]) mock_df.plot.return_value = MagicMock() mock_df.empty = False - + fig_text = 'This is test figure text' chart = BarChart('Test', 'X', 'Y', sample_api_results, fig_text) chart._plot_barchart(sample_api_results) - + # Verify figtext was called with the provided text mock_plt.figtext.assert_called_once() call_args = mock_plt.figtext.call_args[1] # Get keyword arguments @@ -345,7 +344,7 @@ def test_color_mapping_logic(mock_dataframe, mock_plt): {'run': 3, 'response_time': 0.3, 'status_code': 500, 'response': 'Error'}, {'run': 4, 'response_time': 0.4, 'status_code': 200, 'response': '{"index": 1}'}, ] - + mock_df = MagicMock() mock_dataframe.return_value = mock_df mock_df.__getitem__.return_value = mock_df @@ -355,18 +354,18 @@ def test_color_mapping_logic(mock_dataframe, mock_plt): (2, {'Status Code': 500, 'Backend Index': 99}), (3, {'Status Code': 200, 'Backend Index': 1}), ]) - + # Mock the unique backend indexes for 200 responses mock_200_df = MagicMock() mock_200_df.unique.return_value = [1, 2] # Sorted unique backend indexes mock_df.__getitem__.return_value = mock_200_df # For df[df['Status Code'] == 200]['Backend Index'] - + mock_df.plot.return_value = MagicMock() mock_df.empty = False - + chart = BarChart('Test', 'X', 'Y', mixed_results) chart._plot_barchart(mixed_results) - + # Verify that plot was called with colors parameter mock_df.plot.assert_called_once() call_kwargs = mock_df.plot.call_args[1] @@ -381,7 +380,7 @@ def test_full_chart_workflow(sample_api_results): """Test the complete chart creation workflow.""" with patch('charts.plt') as mock_plt, \ patch('charts.pd.DataFrame') as mock_dataframe: - + # Setup mock DataFrame mock_df = MagicMock() mock_dataframe.return_value = mock_df @@ -392,7 +391,7 @@ def test_full_chart_workflow(sample_api_results): mock_df.empty = False mock_df.quantile.return_value = 200 mock_df.mean.return_value = 150 - + # Create and plot chart chart = BarChart( title='Performance Chart', @@ -401,9 +400,9 @@ def test_full_chart_workflow(sample_api_results): api_results=sample_api_results, fig_text='Performance analysis results' ) - + chart.plot() - + # Verify the complete workflow assert mock_dataframe.called assert mock_plt.title.called @@ -424,7 +423,7 @@ def test_backend_index_edge_cases(): # Non-200 status with valid JSON {'run': 4, 'response_time': 0.4, 'status_code': 404, 'response': '{"index": 5}'}, ] - + with patch('charts.plt'), patch('charts.pd.DataFrame') as mock_dataframe: mock_df = MagicMock() mock_dataframe.return_value = mock_df @@ -433,16 +432,16 @@ def test_backend_index_edge_cases(): mock_df.iterrows.return_value = iter([]) mock_df.plot.return_value = MagicMock() mock_df.empty = False - + chart = BarChart('Test', 'X', 'Y', edge_case_results) chart._plot_barchart(edge_case_results) - + # Verify DataFrame creation mock_dataframe.assert_called_once() call_args = mock_dataframe.call_args[0][0] - + # Check backend index assignments - assert call_args[0]['Backend Index'] == 0 # Valid index 0 + assert not call_args[0]['Backend Index'] # Valid index 0 assert call_args[1]['Backend Index'] == 99 # Missing index field assert call_args[2]['Backend Index'] == 99 # Empty JSON assert call_args[3]['Backend Index'] == 99 # Non-200 status diff --git a/tests/python/test_infrastructures.py b/tests/python/test_infrastructures.py index 7c30c8e..a5264e9 100644 --- a/tests/python/test_infrastructures.py +++ b/tests/python/test_infrastructures.py @@ -2,14 +2,11 @@ Unit tests for infrastructures.py. """ +from unittest.mock import Mock, patch, MagicMock import pytest -from unittest.mock import Mock, patch, call, MagicMock -import json -import os -from pathlib import Path import infrastructures -from apimtypes import INFRASTRUCTURE, APIM_SKU, APIMNetworkMode, API, PolicyFragment, HTTP_VERB, GET_APIOperation +from apimtypes import INFRASTRUCTURE, APIM_SKU, APIMNetworkMode, API, PolicyFragment, HTTP_VERB # ------------------------------ @@ -36,7 +33,9 @@ def mock_utils(): mock_utils.determine_shared_policy_path.return_value = '/mock/path/policy.xml' mock_utils.create_resource_group.return_value = None mock_utils.verify_infrastructure.return_value = True - + mock_utils.get_account_info.return_value = ('test_user', 'test_user_id', 'test_tenant', 'test_subscription') + mock_utils.get_unique_suffix_for_resource_group.return_value = 'abc123def456' + # Mock the run command with proper return object mock_output = Mock() mock_output.success = True @@ -44,7 +43,7 @@ def mock_utils(): mock_output.get.return_value = 'https://test-apim.azure-api.net' mock_output.getJson.return_value = ['api1', 'api2'] mock_utils.run.return_value = mock_output - + yield mock_utils @pytest.fixture @@ -76,7 +75,7 @@ def test_infrastructure_creation_basic(mock_utils): index=TEST_INDEX, rg_location=TEST_LOCATION ) - + assert infra.infra == INFRASTRUCTURE.SIMPLE_APIM assert infra.index == TEST_INDEX assert infra.rg_location == TEST_LOCATION @@ -95,7 +94,7 @@ def test_infrastructure_creation_with_custom_values(mock_utils): apim_sku=APIM_SKU.PREMIUM, networkMode=APIMNetworkMode.EXTERNAL_VNET ) - + assert infra.infra == INFRASTRUCTURE.APIM_ACA assert infra.index == 2 assert infra.rg_location == 'westus2' @@ -111,10 +110,10 @@ def test_infrastructure_creation_with_custom_policy_fragments(mock_utils, mock_p rg_location=TEST_LOCATION, infra_pfs=mock_policy_fragments ) - + # Initialize policy fragments pfs = infra._define_policy_fragments() - + # Should have base policy fragments + custom ones assert len(pfs) == 8 # 6 base + 2 custom assert any(pf.name == 'Test-Fragment-1' for pf in pfs) @@ -130,10 +129,10 @@ def test_infrastructure_creation_with_custom_apis(mock_utils, mock_apis): rg_location=TEST_LOCATION, infra_apis=mock_apis ) - + # Initialize APIs apis = infra._define_apis() - + # Should have base APIs + custom ones assert len(apis) == 3 # 1 base (hello-world) + 2 custom assert any(api.name == 'test-api-1' for api in infra.apis) @@ -148,14 +147,14 @@ def test_infrastructure_creation_calls_utils_functions(mock_utils): index=TEST_INDEX, rg_location=TEST_LOCATION ) - + mock_utils.get_infra_rg_name.assert_called_once_with(INFRASTRUCTURE.SIMPLE_APIM, TEST_INDEX) mock_utils.build_infrastructure_tags.assert_called_once_with(INFRASTRUCTURE.SIMPLE_APIM) - + # Initialize policy fragments to trigger utils calls infra._define_policy_fragments() infra._define_apis() - + # Should call read_policy_xml for base policy fragments and APIs assert mock_utils.read_policy_xml.call_count >= 6 # 5 base policy fragments + 1 hello-world API assert mock_utils.determine_shared_policy_path.call_count >= 5 @@ -168,10 +167,10 @@ def test_infrastructure_base_policy_fragments_creation(mock_utils): index=TEST_INDEX, rg_location=TEST_LOCATION ) - + # Initialize policy fragments infra._define_policy_fragments() - + # Check that all base policy fragments are created expected_fragment_names = [ 'AuthZ-Match-All', @@ -180,7 +179,7 @@ def test_infrastructure_base_policy_fragments_creation(mock_utils): 'Product-Match-Any', 'Remove-Request-Headers' ] - + base_fragment_names = [pf.name for pf in infra.base_pfs] for expected_name in expected_fragment_names: assert expected_name in base_fragment_names @@ -193,16 +192,16 @@ def test_infrastructure_base_apis_creation(mock_utils): index=TEST_INDEX, rg_location=TEST_LOCATION ) - + # Initialize APIs infra._define_apis() - + # Check that hello-world API is created assert len(infra.base_apis) == 1 hello_world_api = infra.base_apis[0] assert hello_world_api.name == 'hello-world' assert hello_world_api.displayName == 'Hello World' - assert hello_world_api.path == '' + assert not hello_world_api.path assert len(hello_world_api.operations) == 1 assert hello_world_api.operations[0].method == HTTP_VERB.GET @@ -220,10 +219,10 @@ def test_define_policy_fragments_with_none_input(mock_utils): rg_location=TEST_LOCATION, infra_pfs=None ) - + # Initialize policy fragments pfs = infra._define_policy_fragments() - + # Should only have base policy fragments assert len(pfs) == 6 assert all(pf.name in ['Api-Id', 'AuthZ-Match-All', 'AuthZ-Match-Any', 'Http-Response-200', 'Product-Match-Any', 'Remove-Request-Headers'] for pf in pfs) @@ -237,10 +236,10 @@ def test_define_policy_fragments_with_custom_input(mock_utils, mock_policy_fragm rg_location=TEST_LOCATION, infra_pfs=mock_policy_fragments ) - + # Initialize policy fragments pfs = infra._define_policy_fragments() - + # Should have base + custom policy fragments assert len(pfs) == 8 # 6 base + 2 custom fragment_names = [pf.name for pf in infra.pfs] @@ -262,10 +261,10 @@ def test_define_apis_with_none_input(mock_utils): rg_location=TEST_LOCATION, infra_apis=None ) - + # Initialize APIs apis = infra._define_apis() - + # Should only have base APIs assert len(apis) == 1 assert apis[0].name == 'hello-world' @@ -279,10 +278,10 @@ def test_define_apis_with_custom_input(mock_utils, mock_apis): rg_location=TEST_LOCATION, infra_apis=mock_apis ) - + # Initialize APIs apis = infra._define_apis() - + # Should have base + custom APIs assert len(apis) == 3 # 1 base + 2 custom api_names = [api.name for api in apis] @@ -303,20 +302,20 @@ def test_define_bicep_parameters(mock_utils): index=TEST_INDEX, rg_location=TEST_LOCATION ) - + # Initialize APIs and policy fragments first infra._define_policy_fragments() infra._define_apis() - + bicep_params = infra._define_bicep_parameters() - + assert 'apimSku' in bicep_params assert bicep_params['apimSku']['value'] == APIM_SKU.BASICV2.value - + assert 'apis' in bicep_params assert isinstance(bicep_params['apis']['value'], list) assert len(bicep_params['apis']['value']) == 1 # hello-world API - + assert 'policyFragments' in bicep_params assert isinstance(bicep_params['policyFragments']['value'], list) assert len(bicep_params['policyFragments']['value']) == 6 # base policy fragments @@ -334,29 +333,29 @@ def test_base_infrastructure_verification_success(mock_utils): index=TEST_INDEX, rg_location=TEST_LOCATION ) - + # Mock successful resource group check mock_utils.does_resource_group_exist.return_value = True - + # Mock successful APIM service check mock_apim_output = Mock() mock_apim_output.success = True mock_apim_output.json_data = {'name': 'test-apim'} - + # Mock successful API count check mock_api_output = Mock() mock_api_output.success = True mock_api_output.text = '5' # 5 APIs - + # Mock successful subscription check mock_sub_output = Mock() mock_sub_output.success = True mock_sub_output.text = 'test-subscription-key' - + mock_utils.run.side_effect = [mock_apim_output, mock_api_output, mock_sub_output] - + result = infra._verify_infrastructure('test-rg') - + assert result is True mock_utils.does_resource_group_exist.assert_called_once_with('test-rg') assert mock_utils.run.call_count >= 2 # At least APIM list and API count @@ -369,12 +368,12 @@ def test_base_infrastructure_verification_missing_rg(mock_utils): index=TEST_INDEX, rg_location=TEST_LOCATION ) - + # Mock missing resource group mock_utils.does_resource_group_exist.return_value = False - + result = infra._verify_infrastructure('test-rg') - + assert result is False mock_utils.does_resource_group_exist.assert_called_once_with('test-rg') @@ -386,19 +385,19 @@ def test_base_infrastructure_verification_missing_apim(mock_utils): index=TEST_INDEX, rg_location=TEST_LOCATION ) - + # Mock successful resource group check mock_utils.does_resource_group_exist.return_value = True - + # Mock failed APIM service check mock_apim_output = Mock() mock_apim_output.success = False mock_apim_output.json_data = None - + mock_utils.run.return_value = mock_apim_output - + result = infra._verify_infrastructure('test-rg') - + assert result is False @pytest.mark.unit @@ -409,10 +408,10 @@ def test_infrastructure_specific_verification_base(mock_utils): index=TEST_INDEX, rg_location=TEST_LOCATION ) - + # Base implementation should always return True result = infra._verify_infrastructure_specific('test-rg') - + assert result is True # ------------------------------ @@ -427,20 +426,20 @@ def test_apim_aca_infrastructure_verification_success(mock_utils): index=TEST_INDEX, apim_sku=APIM_SKU.BASICV2 ) - + # Mock successful Container Apps check mock_aca_output = Mock() mock_aca_output.success = True mock_aca_output.text = '3' # 3 Container Apps - + mock_utils.run.return_value = mock_aca_output - + result = infra._verify_infrastructure_specific('test-rg') - + assert result is True mock_utils.run.assert_called_once_with( - 'az containerapp list -g test-rg --query "length(@)"', - print_command_to_run=False, + 'az containerapp list -g test-rg --query "length(@)"', + print_command_to_run=False, print_errors=False ) @@ -452,15 +451,15 @@ def test_apim_aca_infrastructure_verification_failure(mock_utils): index=TEST_INDEX, apim_sku=APIM_SKU.BASICV2 ) - + # Mock failed Container Apps check mock_aca_output = Mock() mock_aca_output.success = False - + mock_utils.run.return_value = mock_aca_output - + result = infra._verify_infrastructure_specific('test-rg') - + assert result is False @@ -476,26 +475,26 @@ def test_afd_apim_infrastructure_verification_success(mock_utils): index=TEST_INDEX, apim_sku=APIM_SKU.STANDARDV2 ) - + # Mock successful Front Door check mock_afd_output = Mock() mock_afd_output.success = True mock_afd_output.json_data = {'name': 'test-afd'} - + # Mock successful Container Apps check mock_aca_output = Mock() mock_aca_output.success = True mock_aca_output.text = '2' # 2 Container Apps - + # Mock successful APIM check for private endpoints (optional third call) mock_apim_output = Mock() mock_apim_output.success = True mock_apim_output.text = 'apim-resource-id' - + mock_utils.run.side_effect = [mock_afd_output, mock_aca_output, mock_apim_output] - + result = infra._verify_infrastructure_specific('test-rg') - + assert result is True # Allow for 2-3 calls (3rd call is optional for private endpoint verification) assert mock_utils.run.call_count >= 2 @@ -508,16 +507,16 @@ def test_afd_apim_infrastructure_verification_no_afd(mock_utils): index=TEST_INDEX, apim_sku=APIM_SKU.STANDARDV2 ) - + # Mock failed Front Door check mock_afd_output = Mock() mock_afd_output.success = False mock_afd_output.json_data = None - + mock_utils.run.return_value = mock_afd_output - + result = infra._verify_infrastructure_specific('test-rg') - + assert result is False @pytest.mark.unit @@ -527,39 +526,39 @@ def test_afd_apim_infrastructure_bicep_parameters(mock_utils): custom_apis = [ API('test-api', 'Test API', '/test', 'Test API description') ] - + infra = infrastructures.AfdApimAcaInfrastructure( rg_location=TEST_LOCATION, index=TEST_INDEX, apim_sku=APIM_SKU.STANDARDV2, infra_apis=custom_apis ) - + # Initialize components infra._define_policy_fragments() infra._define_apis() - + bicep_params = infra._define_bicep_parameters() - + # Check AFD-specific parameters assert 'apimPublicAccess' in bicep_params assert bicep_params['apimPublicAccess']['value'] is True assert 'useACA' in bicep_params assert bicep_params['useACA']['value'] is True # Should be True due to custom APIs - + # Test without custom APIs (should disable ACA) infra_no_apis = infrastructures.AfdApimAcaInfrastructure( rg_location=TEST_LOCATION, index=TEST_INDEX, apim_sku=APIM_SKU.STANDARDV2 ) - + # Initialize components infra_no_apis._define_policy_fragments() infra_no_apis._define_apis() - + bicep_params_no_apis = infra_no_apis._define_bicep_parameters() - + # Should disable ACA when no custom APIs assert bicep_params_no_apis['useACA']['value'] is False @@ -575,12 +574,12 @@ def test_all_concrete_infrastructure_classes_have_verification(mock_utils): simple_infra = infrastructures.SimpleApimInfrastructure(TEST_LOCATION, TEST_INDEX) assert hasattr(simple_infra, '_verify_infrastructure_specific') assert callable(simple_infra._verify_infrastructure_specific) - + # Test APIM-ACA (has custom verification) aca_infra = infrastructures.ApimAcaInfrastructure(TEST_LOCATION, TEST_INDEX) assert hasattr(aca_infra, '_verify_infrastructure_specific') assert callable(aca_infra._verify_infrastructure_specific) - + # Test AFD-APIM-PE (has custom verification) afd_infra = infrastructures.AfdApimAcaInfrastructure(TEST_LOCATION, TEST_INDEX) assert hasattr(afd_infra, '_verify_infrastructure_specific') @@ -593,7 +592,7 @@ def test_all_concrete_infrastructure_classes_have_verification(mock_utils): @pytest.mark.unit @patch('os.getcwd') -@patch('os.chdir') +@patch('os.chdir') @patch('pathlib.Path') def test_deploy_infrastructure_success(mock_path_class, mock_chdir, mock_getcwd, mock_utils): """Test successful infrastructure deployment.""" @@ -603,42 +602,42 @@ def test_deploy_infrastructure_success(mock_path_class, mock_chdir, mock_getcwd, mock_path_instance = Mock() mock_path_instance.parent = mock_infra_dir mock_path_class.return_value = mock_path_instance - + # Create a concrete subclass for testing class TestInfrastructure(infrastructures.Infrastructure): def verify_infrastructure(self) -> bool: return True - + # Mock file writing and JSON dumps to avoid MagicMock serialization issues mock_open = MagicMock() - + with patch('builtins.open', mock_open), \ patch('json.dumps', return_value='{"mocked": "params"}') as mock_json_dumps: - + infra = TestInfrastructure( infra=INFRASTRUCTURE.SIMPLE_APIM, index=TEST_INDEX, rg_location=TEST_LOCATION ) - + result = infra.deploy_infrastructure() - + # Verify the deployment process mock_utils.create_resource_group.assert_called_once() # The utils.run method is now called multiple times (deployment + verification steps) assert mock_utils.run.call_count >= 1 # At least one call for deployment # Note: utils.verify_infrastructure is currently commented out in the actual code # mock_utils.verify_infrastructure.assert_called_once() - + # Verify directory changes - just check that chdir was called twice (to infra dir and back) assert mock_chdir.call_count == 2 # Second call should restore original path mock_chdir.assert_any_call('/original/path') - + # Verify file writing (open will be called multiple times - for reading policies and writing params) assert mock_open.call_count >= 1 # At least called once for writing params.json mock_json_dumps.assert_called_once() - + assert result.success is True @pytest.mark.unit @@ -653,40 +652,40 @@ def test_deploy_infrastructure_failure(mock_path_class, mock_chdir, mock_getcwd, mock_path_instance = Mock() mock_path_instance.parent = mock_infra_dir mock_path_class.return_value = mock_path_instance - + # Mock failed deployment mock_output = Mock() mock_output.success = False mock_utils.run.return_value = mock_output - + # Create a concrete subclass for testing class TestInfrastructure(infrastructures.Infrastructure): def verify_infrastructure(self) -> bool: return True - + # Mock file operations to prevent actual file writes and JSON serialization issues with patch('builtins.open', MagicMock()), \ patch('json.dumps', return_value='{"mocked": "params"}'): - + infra = TestInfrastructure( infra=INFRASTRUCTURE.SIMPLE_APIM, index=TEST_INDEX, rg_location=TEST_LOCATION ) - + result = infra.deploy_infrastructure() - + # Verify the deployment process was attempted mock_utils.create_resource_group.assert_called_once() mock_utils.run.assert_called_once() # Note: utils.verify_infrastructure is currently commented out in the actual code # mock_utils.verify_infrastructure.assert_not_called() # Should not be called on failure - - # Verify directory changes (should restore even on failure) + + # Verify directory changes (should restore even on failure) assert mock_chdir.call_count == 2 # Second call should restore original path mock_chdir.assert_any_call('/original/path') - + assert result.success is False @@ -702,7 +701,7 @@ def test_simple_apim_infrastructure_creation(mock_utils): index=TEST_INDEX, apim_sku=APIM_SKU.DEVELOPER ) - + assert infra.infra == INFRASTRUCTURE.SIMPLE_APIM assert infra.index == TEST_INDEX assert infra.rg_location == TEST_LOCATION @@ -716,7 +715,7 @@ def test_simple_apim_infrastructure_defaults(mock_utils): rg_location=TEST_LOCATION, index=TEST_INDEX ) - + assert infra.apim_sku == APIM_SKU.BASICV2 # default value @pytest.mark.unit @@ -727,7 +726,7 @@ def test_apim_aca_infrastructure_creation(mock_utils): index=TEST_INDEX, apim_sku=APIM_SKU.STANDARD ) - + assert infra.infra == INFRASTRUCTURE.APIM_ACA assert infra.index == TEST_INDEX assert infra.rg_location == TEST_LOCATION @@ -742,7 +741,7 @@ def test_afd_apim_aca_infrastructure_creation(mock_utils): index=TEST_INDEX, apim_sku=APIM_SKU.PREMIUM ) - + assert infra.infra == INFRASTRUCTURE.AFD_APIM_PE assert infra.index == TEST_INDEX assert infra.rg_location == TEST_LOCATION @@ -762,18 +761,18 @@ def test_infrastructure_end_to_end_simple(mock_utils): index=1, apim_sku=APIM_SKU.DEVELOPER ) - + # Initialize components infra._define_policy_fragments() infra._define_apis() - + # Verify all components are created correctly assert infra.infra == INFRASTRUCTURE.SIMPLE_APIM assert len(infra.base_pfs) == 6 assert len(infra.pfs) == 6 assert len(infra.base_apis) == 1 assert len(infra.apis) == 1 - + # Verify bicep parameters bicep_params = infra._define_bicep_parameters() assert bicep_params['apimSku']['value'] == 'Developer' @@ -792,17 +791,17 @@ def test_infrastructure_with_all_custom_components(mock_utils, mock_policy_fragm infra_pfs=mock_policy_fragments, infra_apis=mock_apis ) - + # Initialize components infra._define_policy_fragments() infra._define_apis() - + # Verify all components are combined correctly assert len(infra.base_pfs) == 6 assert len(infra.pfs) == 8 # 6 base + 2 custom assert len(infra.base_apis) == 1 assert len(infra.apis) == 3 # 1 base + 2 custom - + # Verify bicep parameters include all components bicep_params = infra._define_bicep_parameters() assert bicep_params['apimSku']['value'] == 'Premium' @@ -819,7 +818,7 @@ def test_infrastructure_missing_required_params(): """Test Infrastructure creation with missing required parameters.""" with pytest.raises(TypeError): infrastructures.Infrastructure() - + with pytest.raises(TypeError): infrastructures.Infrastructure(infra=INFRASTRUCTURE.SIMPLE_APIM) @@ -828,7 +827,7 @@ def test_concrete_infrastructure_missing_params(): """Test concrete infrastructure classes with missing parameters.""" with pytest.raises(TypeError): infrastructures.SimpleApimInfrastructure() - + with pytest.raises(TypeError): infrastructures.SimpleApimInfrastructure(rg_location=TEST_LOCATION) @@ -842,7 +841,7 @@ def test_infrastructure_empty_custom_lists(mock_utils): """Test Infrastructure with empty custom lists.""" empty_pfs = [] empty_apis = [] - + infra = infrastructures.Infrastructure( infra=INFRASTRUCTURE.SIMPLE_APIM, index=TEST_INDEX, @@ -850,11 +849,11 @@ def test_infrastructure_empty_custom_lists(mock_utils): infra_pfs=empty_pfs, infra_apis=empty_apis ) - + # Initialize components infra._define_policy_fragments() infra._define_apis() - + # Empty lists should behave the same as None assert len(infra.pfs) == 6 # Only base policy fragments assert len(infra.apis) == 1 # Only base APIs @@ -867,7 +866,7 @@ def test_infrastructure_attribute_access(mock_utils): index=TEST_INDEX, rg_location=TEST_LOCATION ) - + # Test constructor attributes are accessible assert hasattr(infra, 'infra') assert hasattr(infra, 'index') @@ -876,11 +875,11 @@ def test_infrastructure_attribute_access(mock_utils): assert hasattr(infra, 'networkMode') assert hasattr(infra, 'rg_name') assert hasattr(infra, 'rg_tags') - + # Initialize components to create the lazily-loaded attributes infra._define_policy_fragments() infra._define_apis() - + # Test that lazy-loaded attributes are now accessible assert hasattr(infra, 'base_pfs') assert hasattr(infra, 'pfs') @@ -898,7 +897,7 @@ def test_infrastructure_string_representation(mock_utils): index=TEST_INDEX, rg_location=TEST_LOCATION ) - + # Test that the object can be converted to string without error str_repr = str(infra) assert isinstance(str_repr, str) @@ -910,10 +909,10 @@ def test_all_infrastructure_types_coverage(mock_utils): # Test all concrete infrastructure classes simple_infra = infrastructures.SimpleApimInfrastructure(TEST_LOCATION, TEST_INDEX) assert simple_infra.infra == INFRASTRUCTURE.SIMPLE_APIM - + aca_infra = infrastructures.ApimAcaInfrastructure(TEST_LOCATION, TEST_INDEX) assert aca_infra.infra == INFRASTRUCTURE.APIM_ACA - + afd_infra = infrastructures.AfdApimAcaInfrastructure(TEST_LOCATION, TEST_INDEX) assert afd_infra.infra == INFRASTRUCTURE.AFD_APIM_PE @@ -930,17 +929,17 @@ def test_policy_fragment_creation_robustness(mock_utils): '', # Added for the new Api-Id policy fragment '' ] - + infra = infrastructures.Infrastructure( infra=INFRASTRUCTURE.SIMPLE_APIM, index=TEST_INDEX, rg_location=TEST_LOCATION ) - + # Initialize policy fragments infra._define_policy_fragments() infra._define_apis() - + # Verify all policy fragments were created with different XML policy_xmls = [pf.policyXml for pf in infra.base_pfs] assert '' in policy_xmls diff --git a/tests/python/test_users.py b/tests/python/test_users.py index f8e36a7..abc1300 100644 --- a/tests/python/test_users.py +++ b/tests/python/test_users.py @@ -2,8 +2,8 @@ Unit tests for the User class in users.py. """ -import pytest import random +import pytest from users import User, Users, UserHelper from apimtypes import Role @@ -37,9 +37,6 @@ def test_user_repr(): # __repr__ is not defined, so fallback to default, but check type assert isinstance(repr(user), str) -""" -Unit tests for User.get_user_by_role in users.py. -""" # ------------------------------ # CONSTANTS @@ -141,13 +138,13 @@ def test_user_edge_cases(): """Test User class with edge cases.""" # Test with empty/None values user_empty = User('', '', []) - assert user_empty.id == '' - assert user_empty.name == '' + assert not user_empty.id + assert not user_empty.name assert user_empty.roles == [] - + user_none_roles = User('test', 'Test', None) assert user_none_roles.roles == [] - + # Test role modification after creation user = User('test', 'Test', ['role1']) user.roles.append('role2') @@ -159,9 +156,8 @@ def test_user_helper_edge_cases(): # Test with roles that don't exist in any user result = UserHelper.get_user_by_role('nonexistent_role') assert result is None - + # Test with multiple users having the same role - from users import Users users_with_same_role = [u for u in Users if 'hr_member' in u.roles] if len(users_with_same_role) > 1: # Should return one of them (random selection) @@ -175,17 +171,16 @@ def test_user_helper_role_variations(): # Test with role as single string vs list result_str = UserHelper.get_user_by_role('hr_administrator') result_list = UserHelper.get_user_by_role(['hr_administrator']) - + if result_str is not None: assert result_str.id == result_list.id def test_user_helper_users_list_integrity(): """Test that Users list has expected structure.""" - from users import Users assert isinstance(Users, list) assert len(Users) > 0 - + for user in Users: assert isinstance(user, User) assert isinstance(user.id, str) @@ -198,12 +193,12 @@ def test_user_equality_and_hashing(): user1 = User('test', 'Test User', ['role1']) user2 = User('test', 'Test User', ['role1']) user3 = User('different', 'Different User', ['role2']) - + # Test equality based on content assert user1.id == user2.id assert user1.name == user2.name assert user1.roles == user2.roles - + # Test inequality assert user1.id != user3.id assert user1.name != user3.name @@ -214,7 +209,7 @@ def test_user_repr_completeness(): """Test User __repr__ method provides useful information.""" user = User('test-id', 'Test User Name', ['admin', 'user']) repr_str = repr(user) - + assert 'User' in repr_str assert 'test-id' in repr_str assert 'Test User Name' in repr_str @@ -223,18 +218,15 @@ def test_user_repr_completeness(): def test_get_user_by_role_with_none_handling(): """Test get_user_by_role with None handling for users with no roles.""" # First, check if there's a user with no roles - from users import Users users_with_no_roles = [u for u in Users if not u.roles] - - if users_with_no_roles: + + if users_with_no_roles: # Test getting user with None role using Role.NONE - from apimtypes import Role result = UserHelper.get_user_by_role(Role.NONE) assert result is not None assert not result.roles # Should have empty roles list else: # If no users with empty roles, test should return None - from apimtypes import Role result = UserHelper.get_user_by_role(Role.NONE) assert result is None @@ -243,20 +235,19 @@ def test_user_helper_randomness_distribution(): """Test that get_user_by_role provides some randomness when multiple users match.""" # This test checks the randomness aspect mentioned in the existing tests matching_role = 'hr_member' # Assuming this role exists in multiple users - + results = set() for _ in range(10): # Try 10 times to see if we get different results user = UserHelper.get_user_by_role(matching_role) if user: results.add(user.id) - + # If there are multiple users with the same role, we might get different results # This is a probabilistic test, so we can't assert definitively - from users import Users if len([u for u in Users if matching_role in u.roles]) > 1: # With randomness, we might get different users pass # Can't assert much here due to randomness - + # At minimum, we should get valid results for _ in range(3): user = UserHelper.get_user_by_role(matching_role) @@ -268,11 +259,11 @@ def test_user_roles_mutability_safety(): """Test that user roles can be safely modified.""" user = User('test', 'Test', ['initial_role']) original_roles = user.roles.copy() - + # Modify roles user.roles.append('new_role') user.roles.remove('initial_role') - + assert 'new_role' in user.roles assert 'initial_role' not in user.roles assert user.roles != original_roles diff --git a/tests/python/test_utils.py b/tests/python/test_utils.py index 1cf44a3..c22ddff 100644 --- a/tests/python/test_utils.py +++ b/tests/python/test_utils.py @@ -1,11 +1,16 @@ -import pytest -from apimtypes import INFRASTRUCTURE import os +import io +import sys import builtins +import inspect +import base64 +import subprocess from pathlib import Path from unittest.mock import MagicMock, mock_open +import json +import pytest +from apimtypes import INFRASTRUCTURE, APIM_SKU import utils -from apimtypes import INFRASTRUCTURE # ------------------------------ # is_string_json @@ -36,10 +41,22 @@ def test_get_account_info_success(monkeypatch): 'tenantId': 'tenant', 'id': 'subid' } - mock_output = MagicMock(success=True, json_data=mock_json) - monkeypatch.setattr(utils, 'run', lambda *a, **kw: mock_output) + mock_ad_json = { + 'id': 'userid' + } + + # Mock both calls that get_account_info makes + call_count = [0] + def mock_run_multiple(*args, **kwargs): + call_count[0] += 1 + if call_count[0] == 1: # First call: az account show + return MagicMock(success=True, json_data=mock_json) + else: # Second call: az ad signed-in-user show + return MagicMock(success=True, json_data=mock_ad_json) + + monkeypatch.setattr(utils, 'run', mock_run_multiple) result = utils.get_account_info() - assert result == ('testuser', 'tenant', 'subid') + assert result == ('testuser', 'userid', 'tenant', 'subid') def test_get_account_info_failure(monkeypatch): mock_output = MagicMock(success=False, json_data=None) @@ -133,7 +150,7 @@ def test_create_resource_group(monkeypatch): monkeypatch.setattr(utils, 'print_info', lambda *a, **kw: called.setdefault('info', True)) monkeypatch.setattr(utils, 'run', lambda *a, **kw: called.setdefault('run', True)) utils.create_resource_group('foo', 'bar') - assert called['info'] and called['run'] + assert called['run'] # ------------------------------ # read_policy_xml @@ -161,14 +178,14 @@ def test_read_policy_xml_empty_file(monkeypatch): m = mock_open(read_data='') monkeypatch.setattr(builtins, 'open', m) result = utils.read_policy_xml('/path/to/empty.xml') - assert result == '' + assert not result def test_read_policy_xml_with_named_values(monkeypatch): """Test reading policy XML with named values formatting.""" xml_content = '{jwt_signing_key}' m = mock_open(read_data=xml_content) monkeypatch.setattr(builtins, 'open', m) - + # Mock the auto-detection to return 'authX' def mock_inspect_currentframe(): frame = MagicMock() @@ -176,14 +193,14 @@ def mock_inspect_currentframe(): caller_frame.f_globals = {'__file__': '/project/samples/authX/create.ipynb'} frame.f_back = caller_frame return frame - + monkeypatch.setattr('inspect.currentframe', mock_inspect_currentframe) monkeypatch.setattr('apimtypes._get_project_root', lambda: Path('/project')) - + named_values = { 'jwt_signing_key': 'JwtSigningKey123' } - + result = utils.read_policy_xml('hr_all_operations.xml', named_values) expected = '{{JwtSigningKey123}}' assert result == expected @@ -201,7 +218,7 @@ def test_read_policy_xml_auto_detection_failure(monkeypatch): xml_content = '' m = mock_open(read_data=xml_content) monkeypatch.setattr(builtins, 'open', m) - + # Mock the auto-detection to fail def mock_inspect_currentframe(): frame = MagicMock() @@ -209,9 +226,9 @@ def mock_inspect_currentframe(): caller_frame.f_globals = {'__file__': '/project/notsamples/test/create.ipynb'} frame.f_back = caller_frame return frame - + monkeypatch.setattr('inspect.currentframe', mock_inspect_currentframe) - + with pytest.raises(ValueError, match='Could not auto-detect sample name'): utils.read_policy_xml('policy.xml', {'key': 'value'}) @@ -234,26 +251,26 @@ def test_cleanup_resources_smoke(monkeypatch): def test_cleanup_resources_missing_parameters(monkeypatch): """Test _cleanup_resources with missing parameters.""" print_calls = [] - + def mock_print_error(message, *args, **kwargs): print_calls.append(message) - + monkeypatch.setattr(utils, 'print_error', mock_print_error) - + # Test missing deployment name utils._cleanup_resources('', 'valid-rg') assert 'Missing deployment name parameter.' in print_calls - + # Test missing resource group name print_calls.clear() utils._cleanup_resources('valid-deployment', '') assert 'Missing resource group name parameter.' in print_calls - + # Test None deployment name print_calls.clear() utils._cleanup_resources(None, 'valid-rg') assert 'Missing deployment name parameter.' in print_calls - + # Test None resource group name print_calls.clear() utils._cleanup_resources('valid-deployment', None) @@ -263,36 +280,36 @@ def mock_print_error(message, *args, **kwargs): def test_cleanup_resources_with_resources(monkeypatch): """Test _cleanup_resources with various resource types present.""" run_commands = [] - + def mock_run(command, ok_message='', error_message='', print_command_to_run=True, print_errors=True, print_warnings=True): run_commands.append(command) - + # Mock deployment show response if 'deployment group show' in command: return utils.Output(success=True, text='{"properties": {"provisioningState": "Succeeded"}}') - + # Mock cognitive services list response if 'cognitiveservices account list' in command: return utils.Output(success=True, text='[{"name": "cog-service-1", "location": "eastus"}, {"name": "cog-service-2", "location": "westus"}]') - + # Mock APIM list response if 'apim list' in command: return utils.Output(success=True, text='[{"name": "apim-service-1", "location": "eastus"}, {"name": "apim-service-2", "location": "westus"}]') - + # Mock Key Vault list response if 'keyvault list' in command: return utils.Output(success=True, text='[{"name": "kv-vault-1", "location": "eastus"}, {"name": "kv-vault-2", "location": "westus"}]') - + # Default successful response for delete/purge operations return utils.Output(success=True, text='Operation completed') - + monkeypatch.setattr(utils, 'run', mock_run) monkeypatch.setattr(utils, 'print_info', lambda *a, **kw: None) monkeypatch.setattr(utils, 'print_message', lambda *a, **kw: None) - + # Execute cleanup utils._cleanup_resources('test-deployment', 'test-rg') - + # Verify all expected commands were called command_patterns = [ 'az deployment group show --name test-deployment -g test-rg', @@ -313,7 +330,7 @@ def mock_run(command, ok_message='', error_message='', print_command_to_run=True 'az keyvault purge -n kv-vault-2 --location "westus"', 'az group delete --name test-rg -y' ] - + for pattern in command_patterns: assert any(pattern in cmd for cmd in run_commands), f"Expected command pattern not found: {pattern}" @@ -321,28 +338,28 @@ def mock_run(command, ok_message='', error_message='', print_command_to_run=True def test_cleanup_resources_no_resources(monkeypatch): """Test _cleanup_resources when no resources exist.""" run_commands = [] - + def mock_run(command, ok_message='', error_message='', print_command_to_run=True, print_errors=True, print_warnings=True): run_commands.append(command) - + # Mock deployment show response if 'deployment group show' in command: return utils.Output(success=True, text='{"properties": {"provisioningState": "Succeeded"}}') - + # Mock empty resource lists if any(x in command for x in ['cognitiveservices account list', 'apim list', 'keyvault list']): return utils.Output(success=True, text='[]') - + # Default successful response return utils.Output(success=True, text='Operation completed') - + monkeypatch.setattr(utils, 'run', mock_run) monkeypatch.setattr(utils, 'print_info', lambda *a, **kw: None) monkeypatch.setattr(utils, 'print_message', lambda *a, **kw: None) - + # Execute cleanup utils._cleanup_resources('test-deployment', 'test-rg') - + # Verify only listing and resource group deletion commands were called expected_commands = [ 'az deployment group show --name test-deployment -g test-rg', @@ -351,10 +368,10 @@ def mock_run(command, ok_message='', error_message='', print_command_to_run=True 'az keyvault list -g test-rg', 'az group delete --name test-rg -y' ] - + for expected in expected_commands: assert any(expected in cmd for cmd in run_commands), f"Expected command not found: {expected}" - + # Verify no delete/purge commands for individual resources delete_purge_patterns = ['delete -n', 'purge -n', 'deletedservice purge'] for pattern in delete_purge_patterns: @@ -363,19 +380,19 @@ def mock_run(command, ok_message='', error_message='', print_command_to_run=True def test_cleanup_resources_command_failures(monkeypatch): """Test _cleanup_resources when commands fail.""" - + def mock_run(command, ok_message='', error_message='', print_command_to_run=True, print_errors=True, print_warnings=True): # Mock deployment show failure if 'deployment group show' in command: return utils.Output(success=False, text='Deployment not found') - + # All other commands succeed return utils.Output(success=True, json_data=[]) - + monkeypatch.setattr(utils, 'run', mock_run) monkeypatch.setattr(utils, 'print_info', lambda *a, **kw: None) monkeypatch.setattr(utils, 'print_message', lambda *a, **kw: None) - + # Should not raise exception even when deployment show fails utils._cleanup_resources('test-deployment', 'test-rg') @@ -383,22 +400,22 @@ def mock_run(command, ok_message='', error_message='', print_command_to_run=True def test_cleanup_resources_exception_handling(monkeypatch): """Test _cleanup_resources exception handling.""" exception_caught = [] - + def mock_run(command, ok_message='', error_message='', print_command_to_run=True, print_errors=True, print_warnings=True): raise Exception("Simulated Azure CLI error") - + def mock_print(message): exception_caught.append(message) - + monkeypatch.setattr(utils, 'run', mock_run) monkeypatch.setattr(utils, 'print_info', lambda *a, **kw: None) monkeypatch.setattr(utils, 'print_message', lambda *a, **kw: None) monkeypatch.setattr('builtins.print', mock_print) monkeypatch.setattr('traceback.print_exc', lambda: None) - + # Should handle exception gracefully utils._cleanup_resources('test-deployment', 'test-rg') - + # Verify exception was caught and printed assert any('An error occurred during cleanup:' in msg for msg in exception_caught) @@ -412,36 +429,36 @@ def test_cleanup_infra_deployment_single(monkeypatch): def test_cleanup_infra_deployments_parallel_mode(monkeypatch): """Test cleanup_infra_deployments with multiple indexes using parallel execution.""" cleanup_calls = [] - + def mock_cleanup_resources_thread_safe(deployment_name, rg_name, thread_prefix, thread_color): cleanup_calls.append((deployment_name, rg_name, thread_prefix, thread_color)) return True, "" # Return success - + def mock_get_infra_rg_name(deployment, index): return f'apim-infra-{deployment.value}-{index}' if index else f'apim-infra-{deployment.value}' - + monkeypatch.setattr(utils, '_cleanup_resources_thread_safe', mock_cleanup_resources_thread_safe) monkeypatch.setattr(utils, 'get_infra_rg_name', mock_get_infra_rg_name) monkeypatch.setattr(utils, 'print_info', lambda *a, **kw: None) monkeypatch.setattr(utils, 'print_ok', lambda *a, **kw: None) - + # Test with multiple indexes (should use parallel mode) utils.cleanup_infra_deployments(INFRASTRUCTURE.SIMPLE_APIM, [1, 2, 3]) - + # Verify all cleanup calls were made assert len(cleanup_calls) == 3 - + # Check that the correct resource groups were targeted expected_rgs = [ 'apim-infra-simple-apim-1', - 'apim-infra-simple-apim-2', + 'apim-infra-simple-apim-2', 'apim-infra-simple-apim-3' ] actual_rgs = [call[1] for call in cleanup_calls] assert set(actual_rgs) == set(expected_rgs) - + # Check that thread prefixes contain the correct infrastructure and index info - for deployment_name, rg_name, thread_prefix, thread_color in cleanup_calls: + for deployment_name, _rg_name, thread_prefix, thread_color in cleanup_calls: assert deployment_name == 'simple-apim' assert 'simple-apim' in thread_prefix assert thread_color in utils.THREAD_COLORS @@ -450,26 +467,26 @@ def mock_get_infra_rg_name(deployment, index): def test_cleanup_infra_deployments_parallel_with_failures(monkeypatch): """Test parallel cleanup handling when some threads fail.""" cleanup_calls = [] - + def mock_cleanup_resources_thread_safe(deployment_name, rg_name, thread_prefix, thread_color): cleanup_calls.append((deployment_name, rg_name)) # Simulate failure for index 2 if 'simple-apim-2' in rg_name: return False, "Simulated failure for testing" return True, "" - + def mock_get_infra_rg_name(deployment, index): return f'apim-infra-{deployment.value}-{index}' - + monkeypatch.setattr(utils, '_cleanup_resources_thread_safe', mock_cleanup_resources_thread_safe) monkeypatch.setattr(utils, 'get_infra_rg_name', mock_get_infra_rg_name) monkeypatch.setattr(utils, 'print_info', lambda *a, **kw: None) monkeypatch.setattr(utils, 'print_error', lambda *a, **kw: None) monkeypatch.setattr(utils, 'print_warning', lambda *a, **kw: None) - + # Test with multiple indexes where one fails utils.cleanup_infra_deployments(INFRASTRUCTURE.SIMPLE_APIM, [1, 2, 3]) - + # Verify all cleanup attempts were made despite failure assert len(cleanup_calls) == 3 @@ -477,19 +494,19 @@ def mock_get_infra_rg_name(deployment, index): def test_cleanup_resources_thread_safe_success(monkeypatch): """Test the thread-safe cleanup wrapper with successful execution.""" original_calls = [] - + def mock_cleanup_resources_with_thread_safe_printing(deployment_name, rg_name, thread_prefix, thread_color): original_calls.append((deployment_name, rg_name)) - + monkeypatch.setattr(utils, '_cleanup_resources_with_thread_safe_printing', mock_cleanup_resources_with_thread_safe_printing) - + # Test successful cleanup success, error_msg = utils._cleanup_resources_thread_safe( 'test-deployment', 'test-rg', '[TEST]: ', utils.BOLD_G ) - + assert success is True - assert error_msg == "" + assert not error_msg assert len(original_calls) == 1 assert original_calls[0] == ('test-deployment', 'test-rg') @@ -498,14 +515,14 @@ def test_cleanup_resources_thread_safe_failure(monkeypatch): """Test the thread-safe cleanup wrapper with exception handling.""" def mock_cleanup_resources_with_thread_safe_printing(deployment_name, rg_name, thread_prefix, thread_color): raise Exception("Simulated cleanup failure") - + monkeypatch.setattr(utils, '_cleanup_resources_with_thread_safe_printing', mock_cleanup_resources_with_thread_safe_printing) - + # Test failed cleanup success, error_msg = utils._cleanup_resources_thread_safe( 'test-deployment', 'test-rg', '[TEST]: ', utils.BOLD_G ) - + assert success is False assert "Simulated cleanup failure" in error_msg @@ -513,44 +530,44 @@ def mock_cleanup_resources_with_thread_safe_printing(deployment_name, rg_name, t def test_cleanup_infra_deployments_max_workers_limit(monkeypatch): """Test that parallel cleanup properly handles different numbers of indexes.""" cleanup_calls = [] - + def mock_cleanup_resources_thread_safe(deployment_name, rg_name, thread_prefix, thread_color): cleanup_calls.append((deployment_name, rg_name, thread_prefix, thread_color)) return True, "" - + def mock_get_infra_rg_name(deployment, index): return f'rg-{deployment.value}-{index}' - + # Mock Azure CLI calls to avoid real execution def mock_run(*args, **kwargs): return utils.Output(success=True, text='{}') - + monkeypatch.setattr(utils, '_cleanup_resources_thread_safe', mock_cleanup_resources_thread_safe) monkeypatch.setattr(utils, 'get_infra_rg_name', mock_get_infra_rg_name) monkeypatch.setattr(utils, 'run', mock_run) # Mock Azure CLI calls monkeypatch.setattr(utils, 'print_info', lambda *a, **kw: None) monkeypatch.setattr(utils, 'print_ok', lambda *a, **kw: None) - + # Test with 6 indexes (should use parallel mode and handle all indexes) utils.cleanup_infra_deployments(INFRASTRUCTURE.SIMPLE_APIM, [1, 2, 3, 4, 5, 6]) - + # Verify all 6 cleanup calls were made assert len(cleanup_calls) == 6, f"Expected 6 cleanup calls, got {len(cleanup_calls)}" - + # Check that the correct resource groups were targeted expected_rgs = [f'rg-simple-apim-{i}' for i in range(1, 7)] actual_rgs = [call[1] for call in cleanup_calls] assert set(actual_rgs) == set(expected_rgs), f"Expected RGs {expected_rgs}, got {actual_rgs}" - + # Test with 2 indexes (should use parallel mode) cleanup_calls.clear() utils.cleanup_infra_deployments(INFRASTRUCTURE.SIMPLE_APIM, [1, 2]) - + assert len(cleanup_calls) == 2, f"Expected 2 cleanup calls, got {len(cleanup_calls)}" - + # Test that thread prefixes and colors are assigned properly for call in cleanup_calls: - deployment_name, rg_name, thread_prefix, thread_color = call + deployment_name, _rg_name, thread_prefix, thread_color = call assert deployment_name == 'simple-apim' assert 'simple-apim' in thread_prefix assert thread_color in utils.THREAD_COLORS @@ -559,42 +576,39 @@ def mock_run(*args, **kwargs): def test_cleanup_infra_deployments_thread_color_assignment(monkeypatch): """Test that thread colors are assigned correctly and cycle through available colors.""" cleanup_calls = [] - + def mock_cleanup_resources_thread_safe(deployment_name, rg_name, thread_prefix, thread_color): cleanup_calls.append((deployment_name, rg_name, thread_prefix, thread_color)) return True, "" - + def mock_get_infra_rg_name(deployment, index): return f'apim-infra-{deployment.value}-{index}' - + # Mock Azure CLI calls to avoid real execution def mock_run(*args, **kwargs): return utils.Output(success=True, text='{}') - + monkeypatch.setattr(utils, '_cleanup_resources_thread_safe', mock_cleanup_resources_thread_safe) monkeypatch.setattr(utils, 'get_infra_rg_name', mock_get_infra_rg_name) monkeypatch.setattr(utils, 'run', mock_run) # Mock Azure CLI calls monkeypatch.setattr(utils, 'print_info', lambda *a, **kw: None) monkeypatch.setattr(utils, 'print_ok', lambda *a, **kw: None) - + # Test with more indexes than available colors to verify cycling num_colors = len(utils.THREAD_COLORS) test_indexes = list(range(1, num_colors + 3)) # More than available colors - + utils.cleanup_infra_deployments(INFRASTRUCTURE.SIMPLE_APIM, test_indexes) - - # Verify colors were assigned and cycled correctly - assigned_colors = [call[3] for call in cleanup_calls] - + # Sort the calls by the index extracted from the rg_name to check in deterministic order cleanup_calls_sorted = sorted(cleanup_calls, key=lambda x: int(x[1].split('-')[-1])) assigned_colors_sorted = [call[3] for call in cleanup_calls_sorted] - + # First num_colors should use each color once for i in range(num_colors): expected_color = utils.THREAD_COLORS[i % num_colors] assert assigned_colors_sorted[i] == expected_color - + # Additional colors should cycle back to the beginning if len(assigned_colors_sorted) > num_colors: assert assigned_colors_sorted[num_colors] == utils.THREAD_COLORS[0] @@ -604,22 +618,22 @@ def mock_run(*args, **kwargs): def test_cleanup_infra_deployments_all_infrastructure_types(monkeypatch): """Test cleanup_infra_deployments with all infrastructure types.""" cleanup_calls = [] - + def mock_cleanup_resources(deployment_name, rg_name): cleanup_calls.append((deployment_name, rg_name)) - + def mock_get_infra_rg_name(deployment, index): return f'apim-infra-{deployment.value}-{index}' if index else f'apim-infra-{deployment.value}' - + monkeypatch.setattr(utils, '_cleanup_resources', mock_cleanup_resources) monkeypatch.setattr(utils, 'get_infra_rg_name', mock_get_infra_rg_name) monkeypatch.setattr(utils, 'print_info', lambda *a, **kw: None) - + # Test all infrastructure types utils.cleanup_infra_deployments(INFRASTRUCTURE.SIMPLE_APIM, 1) utils.cleanup_infra_deployments(INFRASTRUCTURE.APIM_ACA, 2) utils.cleanup_infra_deployments(INFRASTRUCTURE.AFD_APIM_PE, 3) - + # Verify correct calls were made assert ('simple-apim', 'apim-infra-simple-apim-1') in cleanup_calls assert ('apim-aca', 'apim-infra-apim-aca-2') in cleanup_calls @@ -630,46 +644,46 @@ def test_cleanup_infra_deployments_index_scenarios(monkeypatch): """Test cleanup_infra_deployments with various index scenarios.""" cleanup_calls = [] thread_safe_calls = [] - + def mock_cleanup_resources(deployment_name, rg_name): cleanup_calls.append((deployment_name, rg_name)) - + def mock_cleanup_resources_thread_safe(deployment_name, rg_name, thread_prefix, thread_color): thread_safe_calls.append((deployment_name, rg_name, thread_prefix, thread_color)) return True, "" - + def mock_get_infra_rg_name(deployment, index): return f'apim-infra-{deployment.value}-{index}' if index else f'apim-infra-{deployment.value}' - + # Mock Azure CLI calls to avoid real execution def mock_run(*args, **kwargs): return utils.Output(success=True, text='{}') - + monkeypatch.setattr(utils, '_cleanup_resources', mock_cleanup_resources) monkeypatch.setattr(utils, '_cleanup_resources_thread_safe', mock_cleanup_resources_thread_safe) monkeypatch.setattr(utils, 'get_infra_rg_name', mock_get_infra_rg_name) monkeypatch.setattr(utils, 'run', mock_run) # Mock Azure CLI calls monkeypatch.setattr(utils, 'print_info', lambda *a, **kw: None) monkeypatch.setattr(utils, 'print_ok', lambda *a, **kw: None) - + # Test None index (sequential) utils.cleanup_infra_deployments(INFRASTRUCTURE.SIMPLE_APIM, None) - + # Test single integer index (sequential) utils.cleanup_infra_deployments(INFRASTRUCTURE.SIMPLE_APIM, 5) - + # Test single item list (sequential) utils.cleanup_infra_deployments(INFRASTRUCTURE.SIMPLE_APIM, [1]) - + # Test list of integers (parallel) utils.cleanup_infra_deployments(INFRASTRUCTURE.SIMPLE_APIM, [2, 3]) - + # Test tuple of integers (parallel) utils.cleanup_infra_deployments(INFRASTRUCTURE.SIMPLE_APIM, (4, 5)) - + # Test empty list (sequential, with no index) utils.cleanup_infra_deployments(INFRASTRUCTURE.SIMPLE_APIM, []) - + # Verify sequential calls expected_sequential_calls = [ ('simple-apim', 'apim-infra-simple-apim'), # None index @@ -677,10 +691,10 @@ def mock_run(*args, **kwargs): ('simple-apim', 'apim-infra-simple-apim-1'), # Single item list [1] ('simple-apim', 'apim-infra-simple-apim'), # Empty list (None index) ] - + for expected_call in expected_sequential_calls: assert expected_call in cleanup_calls, f"Expected sequential call {expected_call} not found in {cleanup_calls}" - + # Verify parallel calls (extract just the deployment and rg_name parts) parallel_calls = [(call[0], call[1]) for call in thread_safe_calls] expected_parallel_calls = [ @@ -689,7 +703,7 @@ def mock_run(*args, **kwargs): ('simple-apim', 'apim-infra-simple-apim-4'), # Tuple (4, 5) - first ('simple-apim', 'apim-infra-simple-apim-5'), # Tuple (4, 5) - second ] - + for expected_call in expected_parallel_calls: assert expected_call in parallel_calls, f"Expected parallel call {expected_call} not found in {parallel_calls}" @@ -737,7 +751,6 @@ def test_extract_json_edge_cases(input_val, expected): def test_extract_json_large_object(): """Test extract_json with a large JSON object.""" large_obj = {'a': list(range(1000)), 'b': {'c': 'x' * 1000}} - import json s = json.dumps(large_obj) assert utils.extract_json(s) == large_obj @@ -799,7 +812,7 @@ def test_build_infrastructure_tags_with_custom_tags(): result = utils.build_infrastructure_tags(INFRASTRUCTURE.APIM_ACA, custom_tags) expected = { 'infrastructure': 'apim-aca', - 'env': 'dev', + 'env': 'dev', 'team': 'platform' } assert result == expected @@ -834,9 +847,9 @@ def test_create_resource_group_not_exists_no_tags(monkeypatch): mock_run = MagicMock(return_value=MagicMock(success=True)) monkeypatch.setattr(utils, 'run', mock_run) monkeypatch.setattr(utils, 'print_info', MagicMock()) - + utils.create_resource_group('test-rg', 'eastus') - + # Verify the correct command was called expected_cmd = 'az group create --name test-rg --location eastus --tags source=apim-sample' mock_run.assert_called_once() @@ -849,10 +862,10 @@ def test_create_resource_group_not_exists_with_tags(monkeypatch): mock_run = MagicMock(return_value=MagicMock(success=True)) monkeypatch.setattr(utils, 'run', mock_run) monkeypatch.setattr(utils, 'print_info', MagicMock()) - + tags = {'infrastructure': 'simple-apim', 'env': 'dev'} utils.create_resource_group('test-rg', 'eastus', tags) - + # Verify the correct command was called with tags mock_run.assert_called_once() actual_cmd = mock_run.call_args[0][0] @@ -865,9 +878,9 @@ def test_create_resource_group_already_exists(monkeypatch): monkeypatch.setattr(utils, 'does_resource_group_exist', lambda x: True) mock_run = MagicMock() monkeypatch.setattr(utils, 'run', mock_run) - + utils.create_resource_group('existing-rg', 'eastus') - + # Verify run was not called since RG already exists mock_run.assert_not_called() @@ -877,10 +890,10 @@ def test_create_resource_group_tags_with_special_chars(monkeypatch): mock_run = MagicMock(return_value=MagicMock(success=True)) monkeypatch.setattr(utils, 'run', mock_run) monkeypatch.setattr(utils, 'print_info', MagicMock()) - + tags = {'description': 'This is a test environment', 'owner': 'john@company.com'} utils.create_resource_group('test-rg', 'eastus', tags) - + mock_run.assert_called_once() actual_cmd = mock_run.call_args[0][0] # Check that quotes are properly escaped @@ -893,10 +906,10 @@ def test_create_resource_group_tags_with_numeric_values(monkeypatch): mock_run = MagicMock(return_value=MagicMock(success=True)) monkeypatch.setattr(utils, 'run', mock_run) monkeypatch.setattr(utils, 'print_info', MagicMock()) - + tags = {'cost-center': 12345, 'version': 1.0} utils.create_resource_group('test-rg', 'eastus', tags) - + mock_run.assert_called_once() actual_cmd = mock_run.call_args[0][0] # Numeric values should be converted to strings @@ -921,17 +934,17 @@ def test_create_bicep_deployment_group_with_enum(monkeypatch): monkeypatch.setattr('os.getcwd', MagicMock(return_value='/test/dir')) monkeypatch.setattr('os.path.exists', MagicMock(return_value=True)) monkeypatch.setattr('os.path.basename', MagicMock(return_value='test-dir')) - + bicep_params = {'param1': {'value': 'test'}} rg_tags = {'infrastructure': 'simple-apim'} - + _result = utils.create_bicep_deployment_group( 'test-rg', 'eastus', INFRASTRUCTURE.SIMPLE_APIM, bicep_params, 'params.json', rg_tags ) - + # Verify create_resource_group was called with correct parameters mock_create_rg.assert_called_once_with('test-rg', 'eastus', rg_tags) - + # Verify deployment command was called with enum value mock_run.assert_called_once() actual_cmd = mock_run.call_args[0][0] @@ -952,16 +965,16 @@ def test_create_bicep_deployment_group_with_string(monkeypatch): monkeypatch.setattr('os.getcwd', MagicMock(return_value='/test/dir')) monkeypatch.setattr('os.path.exists', MagicMock(return_value=True)) monkeypatch.setattr('os.path.basename', MagicMock(return_value='test-dir')) - + bicep_params = {'param1': {'value': 'test'}} - + _result = utils.create_bicep_deployment_group( 'test-rg', 'eastus', 'custom-deployment', bicep_params ) - + # Verify create_resource_group was called without tags mock_create_rg.assert_called_once_with('test-rg', 'eastus', None) - + # Verify deployment command uses string deployment name mock_run.assert_called_once() actual_cmd = mock_run.call_args[0][0] @@ -976,39 +989,38 @@ def test_create_bicep_deployment_group_params_file_written(monkeypatch): mock_open_func = mock_open() monkeypatch.setattr(builtins, 'open', mock_open_func) monkeypatch.setattr(builtins, 'print', MagicMock()) - + # Mock os functions for file path operations # For this test, we want to simulate being in an infrastructure directory monkeypatch.setattr('os.getcwd', MagicMock(return_value='/test/dir/infrastructure/apim-aca')) - + def mock_exists(path): # Only return True for the main.bicep in the infrastructure directory, not in current dir if path.endswith('main.bicep') and 'infrastructure' in path: return True return False - + monkeypatch.setattr('os.path.exists', mock_exists) monkeypatch.setattr('os.path.basename', MagicMock(return_value='apim-aca')) - + bicep_params = { 'apiManagementName': {'value': 'test-apim'}, 'location': {'value': 'eastus'} } - + utils.create_bicep_deployment_group( 'test-rg', 'eastus', INFRASTRUCTURE.APIM_ACA, bicep_params, 'custom-params.json' ) - + # With our new logic, when current directory name matches infrastructure_dir, # it should use the current directory expected_path = os.path.join('/test/dir/infrastructure/apim-aca', 'custom-params.json') mock_open_func.assert_called_once_with(expected_path, 'w') - + # Verify the correct JSON structure was written written_content = ''.join(call.args[0] for call in mock_open_func().write.call_args_list) - import json written_data = json.loads(written_content) - + assert written_data['$schema'] == 'https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#' assert written_data['contentVersion'] == '1.0.0.0' assert written_data['parameters'] == bicep_params @@ -1028,9 +1040,9 @@ def test_create_bicep_deployment_group_no_tags(monkeypatch): monkeypatch.setattr('os.path.basename', MagicMock(return_value='test-dir')) bicep_params = {'param1': {'value': 'test'}} - + utils.create_bicep_deployment_group('test-rg', 'eastus', 'test-deployment', bicep_params) - + # Verify create_resource_group was called with None tags mock_create_rg.assert_called_once_with('test-rg', 'eastus', None) @@ -1049,12 +1061,12 @@ def test_create_bicep_deployment_group_deployment_failure(monkeypatch): monkeypatch.setattr('os.path.basename', MagicMock(return_value='test-dir')) bicep_params = {'param1': {'value': 'test'}} - + result = utils.create_bicep_deployment_group('test-rg', 'eastus', 'test-deployment', bicep_params) - + # Should still create resource group mock_create_rg.assert_called_once() - + # Result should indicate failure assert result.success is False @@ -1064,13 +1076,11 @@ def test_create_bicep_deployment_group_deployment_failure(monkeypatch): def test_print_functions_comprehensive(): """Test all print utility functions for coverage.""" - import io - import sys - + # Capture stdout captured_output = io.StringIO() sys.stdout = captured_output - + try: # Test all print functions utils.print_info('Test info message') @@ -1079,7 +1089,7 @@ def test_print_functions_comprehensive(): utils.print_error('Test error message') utils.print_message('Test message') utils.print_val('Test key', 'Test value') - + output = captured_output.getvalue() assert 'Test info message' in output assert 'Test success message' in output @@ -1096,7 +1106,7 @@ def test_test_url_preflight_check_with_frontdoor(monkeypatch): """Test URL preflight check when Front Door is available.""" monkeypatch.setattr(utils, 'get_frontdoor_url', lambda x, y: 'https://test.azurefd.net') monkeypatch.setattr(utils, 'print_message', lambda x, **kw: None) - + result = utils.test_url_preflight_check(INFRASTRUCTURE.AFD_APIM_PE, 'test-rg', 'https://apim.com') assert result == 'https://test.azurefd.net' @@ -1105,32 +1115,29 @@ def test_test_url_preflight_check_no_frontdoor(monkeypatch): """Test URL preflight check when Front Door is not available.""" monkeypatch.setattr(utils, 'get_frontdoor_url', lambda x, y: None) monkeypatch.setattr(utils, 'print_message', lambda x, **kw: None) - + result = utils.test_url_preflight_check(INFRASTRUCTURE.SIMPLE_APIM, 'test-rg', 'https://apim.com') assert result == 'https://apim.com' def test_determine_policy_path_filename_mode(monkeypatch): """Test determine_policy_path with filename mode.""" - import inspect - from pathlib import Path - + # Mock the project root mock_project_root = Path('/mock/project/root') monkeypatch.setattr('apimtypes._get_project_root', lambda: mock_project_root) - + # Mock current frame to simulate being in samples/test-sample class MockFrame: def __init__(self): self.f_globals = {'__file__': '/mock/project/root/samples/test-sample/create.ipynb'} - + def mock_currentframe(): frame = MockFrame() - frame.f_back = frame return frame - + monkeypatch.setattr(inspect, 'currentframe', mock_currentframe) - + result = utils.determine_policy_path('policy.xml', 'test-sample') expected = str(mock_project_root / 'samples' / 'test-sample' / 'policy.xml') assert result == expected @@ -1148,12 +1155,13 @@ def test_check_apim_blob_permissions_success(monkeypatch): def mock_run_success(cmd, **kwargs): if 'az apim show' in cmd and 'identity.principalId' in cmd: return utils.Output(success=True, text='12345678-1234-1234-1234-123456789012') - elif 'az storage account show' in cmd and '--query id' in cmd: + if 'az storage account show' in cmd and '--query id' in cmd: return utils.Output(success=True, text='/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/test-rg/providers/Microsoft.Storage/storageAccounts/test-storage') - elif 'az role assignment list' in cmd: + if 'az role assignment list' in cmd: return utils.Output(success=True, text='/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/test-rg/providers/Microsoft.Authorization/roleAssignments/test-assignment') - elif 'az storage blob list' in cmd: + if 'az storage blob list' in cmd: return utils.Output(success=True, text='test-blob.txt') + return utils.Output(success=True, text='{}') monkeypatch.setattr(utils, 'run', mock_run_success) @@ -1186,7 +1194,7 @@ def test_wait_for_apim_blob_permissions_success(monkeypatch): monkeypatch.setattr(utils, 'print_info', lambda x: None) monkeypatch.setattr(utils, 'print_success', lambda x: None) monkeypatch.setattr(utils, 'print_error', lambda x: None) - + result = utils.wait_for_apim_blob_permissions('test-apim', 'test-storage', 'test-rg', 1) assert result is True @@ -1197,21 +1205,20 @@ def test_wait_for_apim_blob_permissions_failure(monkeypatch): monkeypatch.setattr(utils, 'print_info', lambda x: None) monkeypatch.setattr(utils, 'print_success', lambda x: None) monkeypatch.setattr(utils, 'print_error', lambda x: None) - + result = utils.wait_for_apim_blob_permissions('test-apim', 'test-storage', 'test-rg', 1) assert result is False def test_read_policy_xml_with_sample_name_explicit(monkeypatch): """Test read_policy_xml with explicit sample name.""" - from pathlib import Path mock_project_root = Path('/mock/project/root') monkeypatch.setattr('apimtypes._get_project_root', lambda: mock_project_root) - + xml_content = '' m = mock_open(read_data=xml_content) monkeypatch.setattr(builtins, 'open', m) - + result = utils.read_policy_xml('policy.xml', sample_name='test-sample') assert result == xml_content @@ -1222,7 +1229,7 @@ def test_read_policy_xml_with_named_values_formatting(monkeypatch): expected = '{{JwtSigningKey}}' m = mock_open(read_data=xml_content) monkeypatch.setattr(builtins, 'open', m) - + named_values = {'jwt_key': 'JwtSigningKey'} result = utils.read_policy_xml('/path/to/policy.xml', named_values) assert result == expected @@ -1245,24 +1252,23 @@ def test_get_infra_rg_name_different_types(infra_type, expected_suffix, monkeypa def test_create_bicep_deployment_group_for_sample_success(monkeypatch): """Test create_bicep_deployment_group_for_sample success case.""" - import os mock_output = utils.Output(success=True, text='{"outputs": {"test": "value"}}') - + def mock_create_bicep(rg_name, rg_location, deployment, bicep_parameters, bicep_parameters_file='params.json', rg_tags=None, is_debug=False): return mock_output - + # Mock file system checks def mock_exists(path): return True # Pretend all paths exist - + def mock_chdir(path): pass # Do nothing - + monkeypatch.setattr(utils, 'create_bicep_deployment_group', mock_create_bicep) monkeypatch.setattr(utils, 'build_infrastructure_tags', lambda x: []) monkeypatch.setattr(os.path, 'exists', mock_exists) monkeypatch.setattr(os, 'chdir', mock_chdir) - + result = utils.create_bicep_deployment_group_for_sample('test-sample', 'test-rg', 'eastus', {}) assert result.success is True @@ -1278,17 +1284,17 @@ def test_extract_json_invalid_input(): def test_generate_signing_key_format(): """Test that generate_signing_key returns properly formatted keys.""" key, b64_key = utils.generate_signing_key() - + # Key should be a string of length 32-100 assert isinstance(key, str) assert 32 <= len(key) <= 100 # Length should be between 32 and 100 - + # Key should only contain alphanumeric characters assert key.isalnum() - + # Base64 key should be valid base64 assert isinstance(b64_key, str) - import base64 + try: decoded = base64.b64decode(b64_key) assert len(decoded) == len(key) # Decoded should match original length @@ -1303,7 +1309,7 @@ def test_output_class_functionality(): assert output.success is True assert output.get('test') == 'value' assert output.get('missing') is None # Should return None for missing key without label - + # Test failed output output = utils.Output(success=False, text='error') assert output.success is False @@ -1314,13 +1320,12 @@ def test_run_command_with_error_suppression(monkeypatch): """Test run command with error output suppression.""" def mock_subprocess_check_output(cmd, **kwargs): # Simulate a CalledProcessError with bytes output - import subprocess error = subprocess.CalledProcessError(1, cmd) error.output = b'test output' # Return bytes, as subprocess would raise error - + monkeypatch.setattr('subprocess.check_output', mock_subprocess_check_output) - + output = utils.run('test command', print_errors=False, print_output=False) assert output.success is False assert output.text == 'test output' @@ -1332,7 +1337,7 @@ def test_bicep_directory_determination_edge_cases(monkeypatch, tmp_path): empty_dir = tmp_path / 'empty' empty_dir.mkdir() monkeypatch.setattr(os, 'getcwd', lambda: str(empty_dir)) - + # Should fall back to current directory + infrastructure/nonexistent result = utils._determine_bicep_directory('nonexistent') expected = os.path.join(str(empty_dir), 'infrastructure', 'nonexistent') @@ -1343,14 +1348,14 @@ def test_create_resource_group_edge_cases(monkeypatch): """Test create resource group with edge cases.""" # Test with empty tags monkeypatch.setattr(utils, 'does_resource_group_exist', lambda x: False) - + def mock_run_with_tags(*args, **kwargs): cmd = args[0] assert '--tags' in cmd # Should include tags (with default source=apim-sample) return utils.Output(success=True, text='{}') - + monkeypatch.setattr(utils, 'run', mock_run_with_tags) - + utils.create_resource_group('test-rg', 'eastus', {}) # Empty dict, function doesn't return anything @@ -1365,18 +1370,18 @@ def test_get_azure_role_guid_comprehensive(monkeypatch): 'Storage Blob Data Reader': '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1', 'Storage Account Contributor': '17d1049b-9a84-46fb-8f53-869881c3d3ab' } - + m = mock_open(read_data=json.dumps(mock_roles)) monkeypatch.setattr(builtins, 'open', m) - + # Test valid role result = utils.get_azure_role_guid('Storage Blob Data Reader') assert result == '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1' - + # Test case sensitivity - function is case sensitive, so this should return None result = utils.get_azure_role_guid('storage blob data reader') assert result is None - + # Test invalid role result = utils.get_azure_role_guid('Nonexistent Role') assert result is None @@ -1385,41 +1390,40 @@ def test_get_azure_role_guid_comprehensive(monkeypatch): def test_cleanup_functions_comprehensive(monkeypatch): """Test cleanup functions with various scenarios.""" run_commands = [] - + def mock_run(command, ok_message='', error_message='', print_output=False, print_command_to_run=True, print_errors=True, print_warnings=True): run_commands.append(command) - + # Return appropriate mock responses if 'deployment group show' in command: return utils.Output(success=True, json_data={ 'properties': {'provisioningState': 'Succeeded'} }) - + # Return empty lists for resource queries to avoid complex mocking if any(x in command for x in ['list -g', 'list']): return utils.Output(success=True, json_data=[]) - + return utils.Output(success=True, text='{}') - + def mock_get_infra_rg_name(deployment, index): return f'test-rg-{deployment.value}-{index}' if index else f'test-rg-{deployment.value}' - + monkeypatch.setattr(utils, 'run', mock_run) monkeypatch.setattr(utils, 'get_infra_rg_name', mock_get_infra_rg_name) monkeypatch.setattr(utils, 'print_info', lambda *a, **kw: None) monkeypatch.setattr(utils, 'print_message', lambda *a, **kw: None) - + # Test _cleanup_resources (private function) utils._cleanup_resources('test-deployment', 'test-rg') # Should not raise - + # Test cleanup_infra_deployments with INFRASTRUCTURE enum (correct function name and parameter type) - from apimtypes import INFRASTRUCTURE - + # Test with all infrastructure types utils.cleanup_infra_deployments(INFRASTRUCTURE.SIMPLE_APIM) utils.cleanup_infra_deployments(INFRASTRUCTURE.APIM_ACA, 1) utils.cleanup_infra_deployments(INFRASTRUCTURE.AFD_APIM_PE, [1, 2]) - + # Verify commands were executed assert len(run_commands) > 0 @@ -1482,42 +1486,42 @@ def mock_run(*args, **kwargs): def test_cleanup_resources_partial_failures(monkeypatch): """Test _cleanup_resources when some operations fail.""" run_commands = [] - + def mock_run(command, ok_message='', error_message='', print_command_to_run=True, print_errors=True, print_warnings=True): run_commands.append(command) - + # Mock deployment show response if 'deployment group show' in command: return utils.Output(success=True, text='{"properties": {"provisioningState": "Failed"}}') - + # Mock resources exist if 'cognitiveservices account list' in command: return utils.Output(success=True, text='[{"name": "cog-service-1", "location": "eastus"}]') - + if 'apim list' in command: return utils.Output(success=True, text='[{"name": "apim-service-1", "location": "eastus"}]') - + if 'keyvault list' in command: return utils.Output(success=True, text='[{"name": "kv-vault-1", "location": "eastus"}]') - + # Simulate failure for delete operations but success for purge if 'delete' in command and ('cognitiveservices' in command or 'apim delete' in command or 'keyvault delete' in command): return utils.Output(success=False, text='Delete failed') - + # Simulate failure for purge operations if 'purge' in command: return utils.Output(success=False, text='Purge failed') - + # Resource group deletion succeeds return utils.Output(success=True, text='Operation completed') - + monkeypatch.setattr(utils, 'run', mock_run) monkeypatch.setattr(utils, 'print_info', lambda *a, **kw: None) monkeypatch.setattr(utils, 'print_message', lambda *a, **kw: None) - + # Should not raise exception even when individual operations fail utils._cleanup_resources('test-deployment', 'test-rg') - + # Verify all expected commands were attempted despite failures expected_patterns = [ 'deployment group show', @@ -1532,42 +1536,40 @@ def mock_run(command, ok_message='', error_message='', print_command_to_run=True 'keyvault purge', 'group delete' ] - + for pattern in expected_patterns: assert any(pattern in cmd for cmd in run_commands), f"Expected command pattern not found: {pattern}" def test_cleanup_resources_malformed_responses(monkeypatch): """Test _cleanup_resources with malformed API responses.""" - + def mock_run(command, ok_message='', error_message='', print_command_to_run=True, print_errors=True, print_warnings=True): - + # Mock deployment show with missing properties if 'deployment group show' in command: return utils.Output(success=True, text='{}') - + # Mock malformed resource responses (missing required fields) if 'cognitiveservices account list' in command: return utils.Output(success=True, text='[{"name": "cog-service-1"}, {"location": "eastus"}, {}]') - + if 'apim list' in command: return utils.Output(success=True, text='[{"name": "apim-service-1"}, {"location": "eastus"}]') - + if 'keyvault list' in command: return utils.Output(success=True, text='[{"name": "kv-vault-1"}]') - + # Default response for delete/purge operations return utils.Output(success=True, text='Operation completed') - + monkeypatch.setattr(utils, 'run', mock_run) monkeypatch.setattr(utils, 'print_info', lambda *a, **kw: None) monkeypatch.setattr(utils, 'print_message', lambda *a, **kw: None) - + # Should handle malformed responses gracefully without raising exceptions utils._cleanup_resources('test-deployment', 'test-rg') - -import json # ------------------------------ @@ -1578,16 +1580,16 @@ def test_find_infrastructure_instances_success(monkeypatch): """Test _find_infrastructure_instances with successful Azure query.""" # Create a mock NotebookHelper instance nb_helper = utils.NotebookHelper( - 'test-sample', 'test-rg', 'eastus', + 'test-sample', 'test-rg', 'eastus', INFRASTRUCTURE.SIMPLE_APIM, [INFRASTRUCTURE.SIMPLE_APIM] ) - + # Mock successful Azure CLI response mock_output = utils.Output(success=True, text='apim-infra-simple-apim-1\napim-infra-simple-apim-2\napim-infra-simple-apim') monkeypatch.setattr(utils, 'run', lambda *args, **kwargs: mock_output) - + result = nb_helper._find_infrastructure_instances(INFRASTRUCTURE.SIMPLE_APIM) - + expected = [ (INFRASTRUCTURE.SIMPLE_APIM, None), (INFRASTRUCTURE.SIMPLE_APIM, 1), @@ -1600,47 +1602,47 @@ def test_find_infrastructure_instances_success(monkeypatch): def test_find_infrastructure_instances_no_results(monkeypatch): """Test _find_infrastructure_instances with no matching resource groups.""" nb_helper = utils.NotebookHelper( - 'test-sample', 'test-rg', 'eastus', + 'test-sample', 'test-rg', 'eastus', INFRASTRUCTURE.SIMPLE_APIM, [INFRASTRUCTURE.SIMPLE_APIM] ) - + # Mock empty Azure CLI response mock_output = utils.Output(success=True, text='') monkeypatch.setattr(utils, 'run', lambda *args, **kwargs: mock_output) - + result = nb_helper._find_infrastructure_instances(INFRASTRUCTURE.SIMPLE_APIM) assert result == [] def test_find_infrastructure_instances_failure(monkeypatch): """Test _find_infrastructure_instances when Azure CLI fails.""" nb_helper = utils.NotebookHelper( - 'test-sample', 'test-rg', 'eastus', + 'test-sample', 'test-rg', 'eastus', INFRASTRUCTURE.SIMPLE_APIM, [INFRASTRUCTURE.SIMPLE_APIM] ) - + # Mock failed Azure CLI response mock_output = utils.Output(success=False, text='Error: Authentication failed') monkeypatch.setattr(utils, 'run', lambda *args, **kwargs: mock_output) - + result = nb_helper._find_infrastructure_instances(INFRASTRUCTURE.SIMPLE_APIM) assert result == [] def test_find_infrastructure_instances_invalid_names(monkeypatch): """Test _find_infrastructure_instances with invalid resource group names.""" nb_helper = utils.NotebookHelper( - 'test-sample', 'test-rg', 'eastus', + 'test-sample', 'test-rg', 'eastus', INFRASTRUCTURE.SIMPLE_APIM, [INFRASTRUCTURE.SIMPLE_APIM] ) - + # Mock Azure CLI response with valid and invalid names mock_output = utils.Output( - success=True, + success=True, text='apim-infra-simple-apim-1\napim-infra-simple-apim-invalid\napim-infra-simple-apim-2\napim-infra-different' ) monkeypatch.setattr(utils, 'run', lambda *args, **kwargs: mock_output) - + result = nb_helper._find_infrastructure_instances(INFRASTRUCTURE.SIMPLE_APIM) - + # Should only include valid names and skip invalid ones expected = [ (INFRASTRUCTURE.SIMPLE_APIM, 1), @@ -1653,19 +1655,19 @@ def test_find_infrastructure_instances_invalid_names(monkeypatch): def test_find_infrastructure_instances_mixed_formats(monkeypatch): """Test _find_infrastructure_instances with mixed indexed and non-indexed names.""" nb_helper = utils.NotebookHelper( - 'test-sample', 'test-rg', 'eastus', + 'test-sample', 'test-rg', 'eastus', INFRASTRUCTURE.APIM_ACA, [INFRASTRUCTURE.APIM_ACA] ) - + # Mock Azure CLI response with mixed formats mock_output = utils.Output( - success=True, + success=True, text='apim-infra-apim-aca\napim-infra-apim-aca-1\napim-infra-apim-aca-5' ) monkeypatch.setattr(utils, 'run', lambda *args, **kwargs: mock_output) - + result = nb_helper._find_infrastructure_instances(INFRASTRUCTURE.APIM_ACA) - + expected = [ (INFRASTRUCTURE.APIM_ACA, None), (INFRASTRUCTURE.APIM_ACA, 1), @@ -1678,25 +1680,25 @@ def test_find_infrastructure_instances_mixed_formats(monkeypatch): def test_query_and_select_infrastructure_no_options(monkeypatch): """Test _query_and_select_infrastructure when no infrastructures are available.""" nb_helper = utils.NotebookHelper( - 'test-sample', 'test-rg', 'eastus', + 'test-sample', 'test-rg', 'eastus', INFRASTRUCTURE.SIMPLE_APIM, [INFRASTRUCTURE.SIMPLE_APIM, INFRASTRUCTURE.APIM_ACA] ) - + # Mock empty results for all infrastructure types monkeypatch.setattr(nb_helper, '_find_infrastructure_instances', lambda x: []) monkeypatch.setattr(utils, 'print_info', lambda *args, **kwargs: None) monkeypatch.setattr(utils, 'print_warning', lambda *args, **kwargs: None) monkeypatch.setattr(utils, 'print_success', lambda *args, **kwargs: None) - + # Mock the infrastructure creation to succeed def mock_infrastructure_creation(self, bypass_check=True): return True - + monkeypatch.setattr(utils.InfrastructureNotebookHelper, 'create_infrastructure', mock_infrastructure_creation) - + # When no infrastructures are available, it should automatically create new infrastructure result = nb_helper._query_and_select_infrastructure() - + # Expect it to return the desired infrastructure and None index (since 'test-rg' doesn't match the expected pattern) assert result == (INFRASTRUCTURE.SIMPLE_APIM, None) @@ -1705,20 +1707,20 @@ def test_query_and_select_infrastructure_single_option(monkeypatch): # Set up nb_helper with a resource group name that doesn't match the desired pattern # This forces the method to show the selection menu instead of finding existing desired infrastructure nb_helper = utils.NotebookHelper( - 'test-sample', 'test-rg', 'eastus', + 'test-sample', 'test-rg', 'eastus', INFRASTRUCTURE.SIMPLE_APIM, [INFRASTRUCTURE.SIMPLE_APIM, INFRASTRUCTURE.APIM_ACA] ) - + # Mock single result that doesn't match the desired infrastructure def mock_find_instances(infra): if infra == INFRASTRUCTURE.SIMPLE_APIM: return [(INFRASTRUCTURE.SIMPLE_APIM, 2)] # Different index than expected return [] - + # Mock the infrastructure creation to succeed def mock_infrastructure_creation(self, bypass_check=True): return True - + monkeypatch.setattr(nb_helper, '_find_infrastructure_instances', mock_find_instances) monkeypatch.setattr(utils, 'print_info', lambda *args, **kwargs: None) monkeypatch.setattr(utils, 'print_success', lambda *args, **kwargs: None) @@ -1730,29 +1732,29 @@ def mock_infrastructure_creation(self, bypass_check=True): # Mock user input to select option 2 (the existing infrastructure, since option 1 is "create new") monkeypatch.setattr('builtins.input', lambda prompt: '2') - + result = nb_helper._query_and_select_infrastructure() assert result == (INFRASTRUCTURE.SIMPLE_APIM, 2) def test_query_and_select_infrastructure_multiple_options(monkeypatch): """Test _query_and_select_infrastructure with multiple available options.""" nb_helper = utils.NotebookHelper( - 'test-sample', 'test-rg', 'eastus', + 'test-sample', 'test-rg', 'eastus', INFRASTRUCTURE.SIMPLE_APIM, [INFRASTRUCTURE.SIMPLE_APIM, INFRASTRUCTURE.APIM_ACA] ) - + # Mock multiple results def mock_find_instances(infra): if infra == INFRASTRUCTURE.SIMPLE_APIM: return [(INFRASTRUCTURE.SIMPLE_APIM, 1), (INFRASTRUCTURE.SIMPLE_APIM, 2)] - elif infra == INFRASTRUCTURE.APIM_ACA: + if infra == INFRASTRUCTURE.APIM_ACA: return [(INFRASTRUCTURE.APIM_ACA, None)] return [] # Mock the infrastructure creation to succeed def mock_infrastructure_creation(self, bypass_check=True): return True - + monkeypatch.setattr(nb_helper, '_find_infrastructure_instances', mock_find_instances) monkeypatch.setattr(utils, 'print_info', lambda *args, **kwargs: None) monkeypatch.setattr(utils, 'print_success', lambda *args, **kwargs: None) @@ -1760,48 +1762,48 @@ def mock_infrastructure_creation(self, bypass_check=True): monkeypatch.setattr(utils, 'get_resource_group_location', lambda rg_name: 'eastus') monkeypatch.setattr(utils.InfrastructureNotebookHelper, 'create_infrastructure', mock_infrastructure_creation) monkeypatch.setattr('builtins.print', lambda *args, **kwargs: None) - - # Options are sorted: + + # Options are sorted: # 1. Create new simple-apim (index: 1 since nb_helper._get_current_index() returns 1 for 'test-rg') - # 2. apim-aca (no index) - sorted first alphabetically + # 2. apim-aca (no index) - sorted first alphabetically # 3. simple-apim (index: 1) # 4. simple-apim (index: 2) # Select option 2 (first existing infrastructure: APIM_ACA with no index) monkeypatch.setattr('builtins.input', lambda prompt: '2') - + result = nb_helper._query_and_select_infrastructure() assert result == (INFRASTRUCTURE.APIM_ACA, None) def test_query_and_select_infrastructure_user_cancellation(monkeypatch): """Test _query_and_select_infrastructure when user cancels selection.""" nb_helper = utils.NotebookHelper( - 'test-sample', 'test-rg', 'eastus', + 'test-sample', 'test-rg', 'eastus', INFRASTRUCTURE.SIMPLE_APIM, [INFRASTRUCTURE.SIMPLE_APIM] ) - + # Mock single result def mock_find_instances(infra): return [(INFRASTRUCTURE.SIMPLE_APIM, 1)] - + monkeypatch.setattr(nb_helper, '_find_infrastructure_instances', mock_find_instances) monkeypatch.setattr(utils, 'print_info', lambda *args, **kwargs: None) monkeypatch.setattr(utils, 'print_warning', lambda *args, **kwargs: None) monkeypatch.setattr(utils, 'get_infra_rg_name', lambda infra, idx: f'apim-infra-{infra.value}-{idx}') monkeypatch.setattr('builtins.print', lambda *args, **kwargs: None) - + # Mock user input to press Enter (cancel) monkeypatch.setattr('builtins.input', lambda prompt: '') - + result = nb_helper._query_and_select_infrastructure() assert result == (None, None) def test_query_and_select_infrastructure_invalid_input_then_valid(monkeypatch): """Test _query_and_select_infrastructure with invalid input followed by valid input.""" nb_helper = utils.NotebookHelper( - 'test-sample', 'test-rg', 'eastus', + 'test-sample', 'test-rg', 'eastus', INFRASTRUCTURE.SIMPLE_APIM, [INFRASTRUCTURE.SIMPLE_APIM] ) - + # Mock single result that doesn't match the desired infrastructure def mock_find_instances(infra): return [(INFRASTRUCTURE.SIMPLE_APIM, 2)] # Different index @@ -1809,7 +1811,7 @@ def mock_find_instances(infra): # Mock the infrastructure creation to succeed def mock_infrastructure_creation(self, bypass_check=True): return True - + monkeypatch.setattr(nb_helper, '_find_infrastructure_instances', mock_find_instances) monkeypatch.setattr(utils, 'print_info', lambda *args, **kwargs: None) monkeypatch.setattr(utils, 'print_error', lambda *args, **kwargs: None) @@ -1818,11 +1820,11 @@ def mock_infrastructure_creation(self, bypass_check=True): monkeypatch.setattr(utils, 'get_resource_group_location', lambda rg_name: 'eastus') monkeypatch.setattr(utils.InfrastructureNotebookHelper, 'create_infrastructure', mock_infrastructure_creation) monkeypatch.setattr('builtins.print', lambda *args, **kwargs: None) - + # Mock user input sequence: invalid number, invalid text, then valid choice (option 2 = existing infrastructure) inputs = iter(['99', 'abc', '2']) monkeypatch.setattr('builtins.input', lambda prompt: next(inputs)) - + result = nb_helper._query_and_select_infrastructure() assert result == (INFRASTRUCTURE.SIMPLE_APIM, 2) @@ -1834,14 +1836,14 @@ def mock_infrastructure_creation(self, bypass_check=True): def test_prompt_for_infrastructure_update_option_1(monkeypatch): """Test _prompt_for_infrastructure_update when user selects option 1 (update).""" monkeypatch.setattr('builtins.input', lambda prompt: '1') - + result = utils._prompt_for_infrastructure_update('test-rg') assert result == (True, None) def test_prompt_for_infrastructure_update_option_1_default(monkeypatch): """Test _prompt_for_infrastructure_update when user presses Enter (defaults to option 1).""" monkeypatch.setattr('builtins.input', lambda prompt: '') - + result = utils._prompt_for_infrastructure_update('test-rg') assert result == (True, None) @@ -1849,7 +1851,7 @@ def test_prompt_for_infrastructure_update_option_2_valid_index(monkeypatch): """Test _prompt_for_infrastructure_update when user selects option 2 with valid index.""" inputs = iter(['2', '5']) # Option 2, then index 5 monkeypatch.setattr('builtins.input', lambda prompt: next(inputs)) - + result = utils._prompt_for_infrastructure_update('test-rg') assert result == (False, 5) @@ -1857,14 +1859,14 @@ def test_prompt_for_infrastructure_update_option_2_invalid_then_valid_index(monk """Test _prompt_for_infrastructure_update when user provides invalid index then valid one.""" inputs = iter(['2', '', '0', '-1', 'abc', '3']) # Option 2, then empty, zero, negative, non-number, finally valid monkeypatch.setattr('builtins.input', lambda prompt: next(inputs)) - + result = utils._prompt_for_infrastructure_update('test-rg') assert result == (False, 3) def test_prompt_for_infrastructure_update_option_3(monkeypatch): """Test _prompt_for_infrastructure_update when user selects option 3 (delete first).""" monkeypatch.setattr('builtins.input', lambda prompt: '3') - + result = utils._prompt_for_infrastructure_update('test-rg') assert result == (False, None) @@ -1872,7 +1874,7 @@ def test_prompt_for_infrastructure_update_invalid_choice_then_valid(monkeypatch) """Test _prompt_for_infrastructure_update with invalid choice followed by valid choice.""" inputs = iter(['4', '0', 'invalid', '1']) # Invalid choices, then option 1 monkeypatch.setattr('builtins.input', lambda prompt: next(inputs)) - + result = utils._prompt_for_infrastructure_update('test-rg') assert result == (True, None) @@ -1883,10 +1885,9 @@ def test_prompt_for_infrastructure_update_invalid_choice_then_valid(monkeypatch) def test_infrastructure_notebook_helper_create_with_index_retry(monkeypatch): """Test InfrastructureNotebookHelper.create_infrastructure with option 2 (different index) retry.""" - from apimtypes import INFRASTRUCTURE, APIM_SKU - + helper = utils.InfrastructureNotebookHelper('eastus', INFRASTRUCTURE.SIMPLE_APIM, 1, APIM_SKU.BASICV2) - + # Mock resource group existence to return True initially call_count = 0 def mock_rg_exists(rg_name): @@ -1894,26 +1895,26 @@ def mock_rg_exists(rg_name): call_count += 1 # First call (index 1) returns True, second call (index 3) returns False return call_count == 1 - + # Mock the prompt to return option 2 with index 3 monkeypatch.setattr(utils, '_prompt_for_infrastructure_update', lambda rg_name: (False, 3)) monkeypatch.setattr(utils, 'does_resource_group_exist', mock_rg_exists) - + # Mock subprocess execution to succeed class MockProcess: def __init__(self, *args, **kwargs): self.returncode = 0 self.stdout = iter(['Mock deployment output\n', 'Success!\n']) - + def wait(self): pass - + monkeypatch.setattr('subprocess.Popen', MockProcess) monkeypatch.setattr(utils, 'find_project_root', lambda: 'c:\\mock\\root') - + # Mock print functions to avoid output during testing monkeypatch.setattr('builtins.print', lambda *args, **kwargs: None) - + # Should succeed after retrying with index 3 result = helper.create_infrastructure() assert result is True @@ -1921,21 +1922,19 @@ def wait(self): def test_infrastructure_notebook_helper_create_with_recursive_retry(monkeypatch): """Test InfrastructureNotebookHelper.create_infrastructure with multiple recursive retries.""" - from apimtypes import INFRASTRUCTURE, APIM_SKU - + helper = utils.InfrastructureNotebookHelper('eastus', INFRASTRUCTURE.SIMPLE_APIM, 1, APIM_SKU.BASICV2) - + # Mock resource group existence for multiple indexes - rg_checks = {} def mock_rg_exists(rg_name): # Parse index from resource group name if 'simple-apim-1' in rg_name: return True # Index 1 exists - elif 'simple-apim-2' in rg_name: + if 'simple-apim-2' in rg_name: return True # Index 2 also exists - else: - return False # Index 3 doesn't exist - + + return False # Index 3 doesn't exist + # Mock the prompt to first return index 2, then index 3 prompt_calls = 0 def mock_prompt(rg_name): @@ -1943,25 +1942,25 @@ def mock_prompt(rg_name): prompt_calls += 1 if prompt_calls == 1: return (False, 2) # First retry with index 2 - else: - return (False, 3) # Second retry with index 3 - + + return (False, 3) # Second retry with index 3 + monkeypatch.setattr(utils, '_prompt_for_infrastructure_update', mock_prompt) monkeypatch.setattr(utils, 'does_resource_group_exist', mock_rg_exists) - + # Mock subprocess execution to succeed class MockProcess: def __init__(self, *args, **kwargs): self.returncode = 0 self.stdout = iter(['Mock deployment output\n']) - + def wait(self): pass - + monkeypatch.setattr('subprocess.Popen', MockProcess) monkeypatch.setattr(utils, 'find_project_root', lambda: 'c:\\mock\\root') monkeypatch.setattr('builtins.print', lambda *args, **kwargs: None) - + # Should succeed after retrying with index 3 result = helper.create_infrastructure() assert result is True @@ -1969,101 +1968,95 @@ def wait(self): def test_infrastructure_notebook_helper_create_user_cancellation(monkeypatch): """Test InfrastructureNotebookHelper.create_infrastructure when user cancels during retry.""" - from apimtypes import INFRASTRUCTURE, APIM_SKU - import pytest - + helper = utils.InfrastructureNotebookHelper('eastus', INFRASTRUCTURE.SIMPLE_APIM, 1, APIM_SKU.BASICV2) - + # Mock resource group to exist (triggering prompt) monkeypatch.setattr(utils, 'does_resource_group_exist', lambda rg_name: True) - + # Mock the prompt to return cancellation (option 3) monkeypatch.setattr(utils, '_prompt_for_infrastructure_update', lambda rg_name: (False, None)) monkeypatch.setattr('builtins.print', lambda *args, **kwargs: None) - + # Should raise SystemExit when user cancels with pytest.raises(SystemExit) as exc_info: helper.create_infrastructure() - + assert "User cancelled deployment" in str(exc_info.value) def test_infrastructure_notebook_helper_create_keyboard_interrupt_during_prompt(monkeypatch): """Test InfrastructureNotebookHelper.create_infrastructure when KeyboardInterrupt occurs during prompt.""" - from apimtypes import INFRASTRUCTURE, APIM_SKU - import pytest - + helper = utils.InfrastructureNotebookHelper('eastus', INFRASTRUCTURE.SIMPLE_APIM, 1, APIM_SKU.BASICV2) - + # Mock resource group to exist (triggering prompt) monkeypatch.setattr(utils, 'does_resource_group_exist', lambda rg_name: True) - + # Mock the prompt to raise KeyboardInterrupt def mock_prompt(rg_name): raise KeyboardInterrupt() - + monkeypatch.setattr(utils, '_prompt_for_infrastructure_update', mock_prompt) monkeypatch.setattr('builtins.print', lambda *args, **kwargs: None) - + # Should raise SystemExit when KeyboardInterrupt occurs with pytest.raises(SystemExit) as exc_info: helper.create_infrastructure() - + assert "User cancelled deployment" in str(exc_info.value) def test_infrastructure_notebook_helper_create_eof_error_during_prompt(monkeypatch): """Test InfrastructureNotebookHelper.create_infrastructure when EOFError occurs during prompt.""" - from apimtypes import INFRASTRUCTURE, APIM_SKU - import pytest - + helper = utils.InfrastructureNotebookHelper('eastus', INFRASTRUCTURE.SIMPLE_APIM, 1, APIM_SKU.BASICV2) - + # Mock resource group to exist (triggering prompt) monkeypatch.setattr(utils, 'does_resource_group_exist', lambda rg_name: True) - + # Mock the prompt to raise EOFError def mock_prompt(rg_name): raise EOFError() - + monkeypatch.setattr(utils, '_prompt_for_infrastructure_update', mock_prompt) monkeypatch.setattr('builtins.print', lambda *args, **kwargs: None) - + # Should raise SystemExit when EOFError occurs with pytest.raises(SystemExit) as exc_info: helper.create_infrastructure() - + assert "User cancelled deployment" in str(exc_info.value) def test_deploy_sample_with_infrastructure_selection(monkeypatch): """Test deploy_sample method with infrastructure selection when original doesn't exist.""" nb_helper = utils.NotebookHelper( - 'test-sample', 'test-rg', 'eastus', + 'test-sample', 'test-rg', 'eastus', INFRASTRUCTURE.SIMPLE_APIM, [INFRASTRUCTURE.SIMPLE_APIM, INFRASTRUCTURE.APIM_ACA] ) - + # Mock does_resource_group_exist to return False for original, triggering selection monkeypatch.setattr(utils, 'does_resource_group_exist', lambda rg: False) - + # Mock infrastructure selection to return a valid infrastructure selected_infra = INFRASTRUCTURE.APIM_ACA selected_index = 2 - monkeypatch.setattr(nb_helper, '_query_and_select_infrastructure', + monkeypatch.setattr(nb_helper, '_query_and_select_infrastructure', lambda: (selected_infra, selected_index)) - + # Mock successful deployment mock_output = utils.Output(success=True, text='{"outputs": {"test": "value"}}') - monkeypatch.setattr(utils, 'create_bicep_deployment_group_for_sample', + monkeypatch.setattr(utils, 'create_bicep_deployment_group_for_sample', lambda *args, **kwargs: mock_output) - + # Mock utility functions - monkeypatch.setattr(utils, 'get_infra_rg_name', + monkeypatch.setattr(utils, 'get_infra_rg_name', lambda infra, idx: f'apim-infra-{infra.value}-{idx}') monkeypatch.setattr(utils, 'print_error', lambda *args, **kwargs: None) monkeypatch.setattr(utils, 'print_success', lambda *args, **kwargs: None) monkeypatch.setattr(utils, 'print_val', lambda *args, **kwargs: None) - + # Test the deployment result = nb_helper.deploy_sample({'test': {'value': 'param'}}) - + # Verify the helper was updated with selected infrastructure assert nb_helper.deployment == selected_infra assert nb_helper.rg_name == 'apim-infra-apim-aca-2' @@ -2072,20 +2065,20 @@ def test_deploy_sample_with_infrastructure_selection(monkeypatch): def test_deploy_sample_no_infrastructure_found(monkeypatch): """Test deploy_sample method when no suitable infrastructure is found.""" nb_helper = utils.NotebookHelper( - 'test-sample', 'test-rg', 'eastus', + 'test-sample', 'test-rg', 'eastus', INFRASTRUCTURE.SIMPLE_APIM, [INFRASTRUCTURE.SIMPLE_APIM] ) - + # Mock does_resource_group_exist to return False for original monkeypatch.setattr(utils, 'does_resource_group_exist', lambda rg: False) - + # Mock infrastructure selection to return None (no infrastructure found) - monkeypatch.setattr(nb_helper, '_query_and_select_infrastructure', + monkeypatch.setattr(nb_helper, '_query_and_select_infrastructure', lambda: (None, None)) - + # Mock utility functions monkeypatch.setattr(utils, 'print_error', lambda *args, **kwargs: None) - + # Test should raise SystemExit with pytest.raises(SystemExit): nb_helper.deploy_sample({'test': {'value': 'param'}}) @@ -2093,24 +2086,24 @@ def test_deploy_sample_no_infrastructure_found(monkeypatch): def test_deploy_sample_existing_infrastructure(monkeypatch): """Test deploy_sample method when the specified infrastructure already exists.""" nb_helper = utils.NotebookHelper( - 'test-sample', 'test-rg', 'eastus', + 'test-sample', 'test-rg', 'eastus', INFRASTRUCTURE.SIMPLE_APIM, [INFRASTRUCTURE.SIMPLE_APIM] ) - + # Mock does_resource_group_exist to return True (infrastructure exists) monkeypatch.setattr(utils, 'does_resource_group_exist', lambda rg: True) - + # Mock successful deployment mock_output = utils.Output(success=True, text='{"outputs": {"test": "value"}}') - monkeypatch.setattr(utils, 'create_bicep_deployment_group_for_sample', + monkeypatch.setattr(utils, 'create_bicep_deployment_group_for_sample', lambda *args, **kwargs: mock_output) - + # Mock utility functions monkeypatch.setattr(utils, 'print_success', lambda *args, **kwargs: None) - + # Test the deployment - should not call infrastructure selection result = nb_helper.deploy_sample({'test': {'value': 'param'}}) - + # Verify the helper was not modified (still has original values) assert nb_helper.deployment == INFRASTRUCTURE.SIMPLE_APIM assert nb_helper.rg_name == 'test-rg' @@ -2119,18 +2112,18 @@ def test_deploy_sample_existing_infrastructure(monkeypatch): def test_deploy_sample_deployment_failure(monkeypatch): """Test deploy_sample method when Bicep deployment fails.""" nb_helper = utils.NotebookHelper( - 'test-sample', 'test-rg', 'eastus', + 'test-sample', 'test-rg', 'eastus', INFRASTRUCTURE.SIMPLE_APIM, [INFRASTRUCTURE.SIMPLE_APIM] ) - + # Mock does_resource_group_exist to return True monkeypatch.setattr(utils, 'does_resource_group_exist', lambda rg: True) - + # Mock failed deployment mock_output = utils.Output(success=False, text='Deployment failed') - monkeypatch.setattr(utils, 'create_bicep_deployment_group_for_sample', + monkeypatch.setattr(utils, 'create_bicep_deployment_group_for_sample', lambda *args, **kwargs: mock_output) - + # Test should raise SystemExit with pytest.raises(SystemExit): nb_helper.deploy_sample({'test': {'value': 'param'}}) @@ -2138,12 +2131,12 @@ def test_deploy_sample_deployment_failure(monkeypatch): def test_notebookhelper_initialization_with_supported_infrastructures(): """Test NotebookHelper initialization with supported infrastructures list.""" supported_infras = [INFRASTRUCTURE.SIMPLE_APIM, INFRASTRUCTURE.APIM_ACA] - + nb_helper = utils.NotebookHelper( - 'test-sample', 'test-rg', 'eastus', + 'test-sample', 'test-rg', 'eastus', INFRASTRUCTURE.SIMPLE_APIM, supported_infras ) - + assert nb_helper.deployment == INFRASTRUCTURE.SIMPLE_APIM assert nb_helper.supported_infrastructures == supported_infras assert nb_helper.sample_folder == 'test-sample' @@ -2157,12 +2150,12 @@ def test_notebookhelper_initialization_with_jwt(monkeypatch): monkeypatch.setattr(utils, 'generate_signing_key', lambda: ('test-key', 'test-key-b64')) monkeypatch.setattr(utils, 'print_val', lambda *args, **kwargs: None) monkeypatch.setattr('time.time', lambda: 1234567890) - + nb_helper = utils.NotebookHelper( - 'test-sample', 'test-rg', 'eastus', + 'test-sample', 'test-rg', 'eastus', INFRASTRUCTURE.SIMPLE_APIM, [INFRASTRUCTURE.SIMPLE_APIM], use_jwt=True ) - + assert nb_helper.use_jwt is True assert nb_helper.jwt_key_name == 'JwtSigningKey-test-sample-1234567890' assert nb_helper.jwt_key_value == 'test-key' @@ -2171,24 +2164,25 @@ def test_notebookhelper_initialization_with_jwt(monkeypatch): def test_infrastructure_sorting_in_query_and_select(monkeypatch): """Test that infrastructure options are sorted correctly by type then index.""" nb_helper = utils.NotebookHelper( - 'test-sample', 'test-rg', 'eastus', + 'test-sample', 'test-rg', 'eastus', INFRASTRUCTURE.SIMPLE_APIM, [INFRASTRUCTURE.SIMPLE_APIM, INFRASTRUCTURE.APIM_ACA, INFRASTRUCTURE.AFD_APIM_PE] ) - + # Mock mixed results in unsorted order def mock_find_instances(infra): if infra == INFRASTRUCTURE.SIMPLE_APIM: return [(INFRASTRUCTURE.SIMPLE_APIM, 3), (INFRASTRUCTURE.SIMPLE_APIM, 1)] - elif infra == INFRASTRUCTURE.APIM_ACA: + if infra == INFRASTRUCTURE.APIM_ACA: return [(INFRASTRUCTURE.APIM_ACA, None), (INFRASTRUCTURE.APIM_ACA, 2)] - elif infra == INFRASTRUCTURE.AFD_APIM_PE: + if infra == INFRASTRUCTURE.AFD_APIM_PE: return [(INFRASTRUCTURE.AFD_APIM_PE, 1)] + return [] # Mock the infrastructure creation to succeed def mock_infrastructure_creation(self, bypass_check=True): return True - + monkeypatch.setattr(nb_helper, '_find_infrastructure_instances', mock_find_instances) monkeypatch.setattr(utils, 'print_info', lambda *args, **kwargs: None) monkeypatch.setattr(utils, 'print_success', lambda *args, **kwargs: None) @@ -2196,16 +2190,16 @@ def mock_infrastructure_creation(self, bypass_check=True): monkeypatch.setattr(utils, 'get_resource_group_location', lambda rg_name: 'eastus') monkeypatch.setattr(utils.InfrastructureNotebookHelper, 'create_infrastructure', mock_infrastructure_creation) monkeypatch.setattr('builtins.print', lambda *args, **kwargs: None) - + # Test sorting by selecting different options: # Options should be sorted: AFD_APIM_PE(1), APIM_ACA(None), APIM_ACA(2), SIMPLE_APIM(1), SIMPLE_APIM(3) # 1 = Create new simple-apim # 2 = afd-apim-pe (index: 1) - alphabetically first # 3 = apim-aca (no index) - None treated as 0 # 4 = apim-aca (index: 2) - # 5 = simple-apim (index: 1) + # 5 = simple-apim (index: 1) # 6 = simple-apim (index: 3) - + # Test selecting the first existing infrastructure (afd-apim-pe with index 1) monkeypatch.setattr('builtins.input', lambda prompt: '2') result = nb_helper._query_and_select_infrastructure()