Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Identity] - Add instructions for running Identity test in Azure Arc #15006

Merged
merged 2 commits into from
Apr 23, 2021
Merged

[Identity] - Add instructions for running Identity test in Azure Arc #15006

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
263e07a
Add AzureArc steps
maorleger Apr 23, 2021
641e08a
feedback
maorleger Apr 23, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
73 changes: 73 additions & 0 deletions sdk/identity/identity/test/manual-integration/AzureArc/INSTRUCTIONS.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
# Testing Identity in Azure Arc

## Prerequisites

- A non-Azure Windows or Linux VM.
- Must have NodeJS, NPM, and git installed.
maorleger marked this conversation as resolved.
Show resolved Hide resolved
- Administrator privileges on the VM.
- An Azure Key Vault.
maorleger marked this conversation as resolved.
Show resolved Hide resolved

### Install Azure Arc on the VM

> **Note:** You must be in your VM to install Azure Arc.

1. Create an Azure Arc server resource on the [Azure Portal](https://portal.azure.com) (at the time of writing, the
resource is named "Azure Arc").
2. Choose to add an existing server using an interactive script.
3. When creating the resource, fill in your desired subscription, resource group, and region for the VM. Choose the
operating system of your existing VM.
4. No other configuration is necessary. You can go to the "Download and run script" tab and download the script shown.
5. Once the script has been downloaded, run the script on your machine with administrator privileges.
6. If using a Linux VM, run the following commands (using your user name for `<user>`) to gain necessary privileges:

```
sudo usermod -a -G himds <user>
sudo setfacl -m "g:himds:r-x" /var/opt/azcmagent/tokens/
sudo setfacl -m "g::r-x" /var/opt/azcmagent/tokens/
```

7. Arc setup should now be complete. Restart your VM to finalize your environment setup.
maorleger marked this conversation as resolved.
Show resolved Hide resolved
8. After restarting, check your environment by searching for environment variables named `IDENTITY_ENDPOINT` and
`IMDS_ENDPOINT`. If they are not present, or don't resemble `http://localhost:40342/metadata/identity/oauth2/token` and
`http://localhost:40342` respectively, you may need to wait a short while or try restarting the VM again.

## Give the Azure Arc VM access to the key vault

For the tests to pass, the VM will need secret management permissions in your key vault.

1. Go to your key vault resource in the [Azure Portal](https://portal.azure.com).
2. Go to the vault's "Access policies" page, and click "Add Access Policy".
3. Using the secret management template, select your Arc VM resource as the principal.
4. Click "Add".
5. Don't forget to click "Save" at the top of the access policies page after the policy is added.

## Run the azure-identity Tests on the Azure Arc VM

> **Note:** The following steps are specific to JavaScript.

In a terminal window, run:

```bash
git clone https://github.com/Azure/azure-sdk-for-js --single-branch --depth 1
cd azure-sdk-for-js/sdk/identity/identity/test/manual-integration/AzureArc
```

Set the environment variable `KEYVAULT_URI` to the vault URI of your key vault.

Install dependencies:

```bash
npm install
```

Compile the test file using TypeScript:

```bash
npm run build
```

Run the test file:

```bash
node dist/index.js
```
27 changes: 27 additions & 0 deletions sdk/identity/identity/test/manual-integration/AzureArc/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.

import { SecretClient } from "@azure/keyvault-secrets";
import { ManagedIdentityCredential } from "@azure/identity";

async function main(): Promise<void> {
// This will use the system managed identity
const credential = new ManagedIdentityCredential();

const vaultUri = process.env.KEYVAULT_URI;

if (!vaultUri) {
throw new Error("Missing KEYVAULT_URI environment variable.");
}
const client = new SecretClient(vaultUri, credential);

await client.setSecret("secret-name-system", "secret-value-system");

console.log("Successfully authenticated with Key Vault!");
}

main().catch((err) => {
console.log("error code: ", err.code);
console.log("error message: ", err.message);
console.log("error stack: ", err.stack);
});
16 changes: 16 additions & 0 deletions sdk/identity/identity/test/manual-integration/AzureArc/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{
"name": "azurearctest",
"version": "1.0.0",
"description": "",
"main": "dist/index.js",
"scripts": {
"build": "tsc"
},
"author": "",
"license": "ISC",
"dependencies": {
"@azure/identity": "^1.3.0",
"@azure/keyvault-secrets": "^4.1.0",
"typescript": "^4.2.4"
}
}
16 changes: 16 additions & 0 deletions sdk/identity/identity/test/manual-integration/AzureArc/tsconfig.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{
"compilerOptions": {
"alwaysStrict": true,
"esModuleInterop": true,
"lib": ["DOM"],
"module": "commonjs",
"moduleResolution": "node",
"noImplicitReturns": true,
"noUnusedLocals": true,
"noUnusedParameters": true,
"strict": true,
"outDir": "dist",
"target": "es6"
},
"include": ["*.ts"]
}