henry3260 opened a new issue, #58434:
URL: https://github.com/apache/airflow/issues/58434
### Description
Background
- Based on the merged PR #58364 (Add managed identity assignment support),
the AzureContainerInstancesOperator now accepts an identity parameter to set a
Managed Identity on the created Container Group.
- The original PR passes the provided identity value through to the Azure
ContainerGroup as-is, but the docstring example contains syntax/structure
issues and the operator does not validate or convert simplified user input
(e.g., plain dicts) into the Azure SDK ContainerGroupIdentity model.
Problem
- Users who prefer not to import Azure SDK models would like to provide a
simple dict to specify user-assigned or system-assigned identities. The current
implementation does not help convert or validate such dicts, which can result
in errors surfaced later by the Azure SDK.
- The docstring example in the original PR is syntactically incorrect and
may mislead users.
- Existing tests only verify passing an identity object (MagicMock) and do
not cover the dict-input scenario.
Proposal
- Add a lightweight helper in the operator (e.g., _ensure_identity) that
accepts:
- None (unchanged),
- an instance of
azure.mgmt.containerinstance.models.ContainerGroupIdentity (existing behavior),
or
- a simple dict with keys such as "type" and "resource_ids", and
automatically convert such dicts into a ContainerGroupIdentity instance.
- Update the operator docstring to include:
- a correct SDK example creating ContainerGroupIdentity, and
- a DAG example demonstrating using a dict identity (noting that the
operator converts it).
- Add unit tests that cover dict input, verifying the operator converts the
dict to a ContainerGroupIdentity and that the resulting ContainerGroup identity
contains the expected user_assigned_identities mapping.
Advantages
- Improved developer experience: users can provide a straightforward dict
without importing SDK models.
- Earlier, friendlier validation: format errors (missing "type", non-list
resource_ids, etc.) are caught at the operator level instead of failing later
in the Azure SDK call.
- Backwards compatible: still accepts ContainerGroupIdentity instances while
adding convenience for dict inputs.
### Use case/motivation
_No response_
### Related issues
_No response_
### Are you willing to submit a PR?
- [x] Yes I am willing to submit a PR!
### Code of Conduct
- [x] I agree to follow this project's [Code of
Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
