The nested test pipelines (ISA-95 smoke tests, Nested end-to-end tests, Connectivity tests) download a blob and use its contents as the basis for some cert operations related to IoT Edge. It seems like we should be generating these files at runtime, but for now we simply need to be able to access the blob storage account without using shared keys.
This change embeds the az storage blob download ... command in the AzureCLI task so it has access to an identity via the service connection. Then it updates the command to authenticate using the available identity, rather than using a SAS token.
To test, I disabled shared key access on the storage account, then I ran the ISA-95 smoke tests and confirmed that they're able to download the blob (and the tests pass).
Azure IoT Edge PR checklist:
This checklist is used to make sure that common guidelines for a pull request are followed.
The nested test pipelines (ISA-95 smoke tests, Nested end-to-end tests, Connectivity tests) download a blob and use its contents as the basis for some cert operations related to IoT Edge. It seems like we should be generating these files at runtime, but for now we simply need to be able to access the blob storage account without using shared keys.
This change embeds the
az storage blob download ...command in the AzureCLI task so it has access to an identity via the service connection. Then it updates the command to authenticate using the available identity, rather than using a SAS token.To test, I disabled shared key access on the storage account, then I ran the ISA-95 smoke tests and confirmed that they're able to download the blob (and the tests pass).
Azure IoT Edge PR checklist:
This checklist is used to make sure that common guidelines for a pull request are followed.
General Guidelines and Best Practices
Testing Guidelines