[release] Hello world test for Azure #57597
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a 'hello world' test for Azure by adding the necessary configuration files and a new test variation. The overall structure is correct, but there is a critical security vulnerability due to hardcoded secrets in the release/ray_release/environments/azure.env file. These sensitive values must be removed from the repository and managed through a secure secrets management system.
| ANYSCALE_HOST=https://console.anyscale-staging.com | ||
| RELEASE_AWS_ANYSCALE_SECRET_ARN="arn:aws:secretsmanager:us-west-2:029272617770:secret:release-automation/anyscale-staging-token20231008005227440600000001-JTgxb0" | ||
| RELEASE_DEFAULT_CLOUD_ID="cld_5nnv7pt2jn2312x2e5v72z53n2" | ||
| RELEASE_DEFAULT_PROJECT="prj_y8syktydl7ltabhz5axdelwnce" | ||
| ANYSCALE_CLOUD_STORAGE_PROVIDER=abfss | ||
| ANYSCALE_PROJECT_NAME="default" | ||
| ANYSCALE_CLOUD_NAME="anyscale_aks_public_default_cloud_us_west_2" |
There was a problem hiding this comment.
Hardcoding secrets and sensitive identifiers in source code is a major security risk. This file contains sensitive values such as RELEASE_AWS_ANYSCALE_SECRET_ARN, RELEASE_DEFAULT_CLOUD_ID, and RELEASE_DEFAULT_PROJECT. These values should be removed from the repository and managed through a secure mechanism, such as CI/CD environment variables or a secret management service like AWS Secrets Manager. The values can then be injected into the test environment at runtime.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
ray-gardener
bot
added
core
| target, | ||
| ] | ||
| elif storage_service == "abfss": | ||
| elif storage_service == "azure_blob": |
There was a problem hiding this comment.
Bug: Azure Blob Storage URL Scheme Issue
The update to the storage service detection logic removes support for abfss:// URLs. While urlparse().scheme correctly identifies abfss for these URLs, the elif condition now expects azure_blob, which is only set for a specific https:// pattern. This causes abfss:// URLs to fall through to an unsupported storage service exception.
2 participants
First test running on AKS cloud!