Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Key Vault] Make test resource cleanup script asynchronous #17032

Merged
merged 1 commit into from
Mar 5, 2021

Conversation

mccoyp
Copy link
Member

@mccoyp mccoyp commented Mar 2, 2021

Resolves #16473.

This makes test resource cleanup significantly faster. Certificates are deleted before keys and secrets so that certificate-related key and secret deletion requests don't raise service errors.

@mccoyp mccoyp added KeyVault Client This issue points to a problem in the data-plane of the library. test enhancement labels Mar 2, 2021
@mccoyp mccoyp added this to the [2021] March milestone Mar 2, 2021
@mccoyp mccoyp requested review from chlowell and schaabs as code owners March 2, 2021 22:07
@check-enforcer
Copy link

check-enforcer bot commented Mar 2, 2021

This pull request is protected by Check Enforcer.

What is Check Enforcer?

Check Enforcer helps ensure all pull requests are covered by at least one check-run (typically an Azure Pipeline). When all check-runs associated with this pull request pass then Check Enforcer itself will pass.

Why am I getting this message?

You are getting this message because Check Enforcer did not detect any check-runs being associated with this pull request within five minutes. This may indicate that your pull request is not covered by any pipelines and so Check Enforcer is correctly blocking the pull request being merged.

What should I do now?

If the check-enforcer check-run is not passing and all other check-runs associated with this PR are passing (excluding license-cla) then you could try telling Check Enforcer to evaluate your pull request again. You can do this by adding a comment to this pull request as follows:
/check-enforcer evaluate
Typically evaulation only takes a few seconds. If you know that your pull request is not covered by a pipeline and this is expected you can override Check Enforcer using the following command:
/check-enforcer override
Note that using the override command triggers alerts so that follow-up investigations can occur (PRs still need to be approved as normal).

What if I am onboarding a new service?

Often, new services do not have validation pipelines associated with them, in order to bootstrap pipelines for a new service, you can issue the following command as a pull request comment:
/azp run prepare-pipelines
This will run a pipeline that analyzes the source tree and creates the pipelines necessary to build and validate your pull request. Once the pipeline has been created you can trigger the pipeline using the following comment:
/azp run python - [service] - ci

Copy link
Member

@chlowell chlowell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I imagine if we use this in CI, we can choose which version of Python runs it?

loop = asyncio.get_event_loop()
loop.run_until_complete(delete_certificates())
loop.run_until_complete(delete_keys_and_secrets())
loop.run_until_complete(purge_resources())
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The script might be faster if it scheduled all these coroutines at once.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might be, but Key Vault raises an error when a coroutine is scheduled to delete a key or secret that's created for a certificate. Do you know of any way around that?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Keys and secrets have a "managed" property to indicate whether they were so created (which we don't expose for secrets! #17129 😨). You could skip deleting and purging the managed ones, assuming Key Vault deletes/purges them with their associated certificate (naively seems like it must do this but I haven't checked). I expect the decrease in total requests would have a much greater impact than scheduling all the coroutines at once. Anyway, it's not something you need to investigate, unless you're too curious 😸

@Azure Azure deleted a comment from azure-pipelines bot Mar 4, 2021
@mccoyp
Copy link
Member Author

mccoyp commented Mar 4, 2021

/azp run python - keyvault - ci

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@mccoyp mccoyp merged commit 4963499 into Azure:master Mar 5, 2021
@mccoyp mccoyp deleted the async-cleanup branch March 5, 2021 21:35
iscai-msft added a commit that referenced this pull request Mar 8, 2021
…into update_ta_tests

* 'master' of https://github.com/Azure/azure-sdk-for-python:
  Update get_package_properties.py logic for python 2.7 (#17144)
  update changelog (#17150)
  [ServiceBus] 7.1.0 Release update changelog (#17135)
  [ServiceBus] Object mapping support (#17080)
  move SetTestPipeline into its own template (#17141)
  Revise token cache configuration API (#16326)
  Fix dup cloud error (#17097)
  Perf tests for monitor exporter (#17067)
  [Communication] - Phone Number - Redesigned API (#16671)
  disable retry (#17078)
  [Key Vault] Add perf tests for certificates, keys, and secrets (#17073)
  [text analytics] Analyze updates for v5.1.0b6 (#17003)
  Add any additional claims to AuthenticationRequiredError (#17136)
  Fix logic in SetTestPipelineVersionInEngCommon (#17138)
  [Key Vault] Make test resource cleanup script asynchronous (#17032)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Client This issue points to a problem in the data-plane of the library. KeyVault
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Key Vault] Efficient test resource cleanup script
2 participants