tessl/pypi-azure-mgmt-containerinstance
Microsoft Azure Container Instance Client Library for Python providing comprehensive management capabilities for containerized applications in Azure cloud.
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
authentication.mddocs/
Authentication Guide
Azure Container Instance Management Client uses Azure Active Directory (Azure AD) for authentication. This guide covers all supported authentication methods and configuration options.
Prerequisites
- Azure subscription
- Appropriate Azure roles (Contributor or Container Instance Contributor)
- Python 3.7+ and
azure-identitypackage installed
pip install azure-identityAuthentication Methods
Default Azure Credential (Recommended) { .api }
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerinstance import ContainerInstanceManagementClient
import os
def create_client_with_default_credential():
"""
Create client using DefaultAzureCredential - tries multiple auth methods in sequence.
Authentication chain:
1. Environment variables (AZURE_CLIENT_ID, AZURE_TENANT_ID, AZURE_CLIENT_SECRET)
2. Managed Identity (when running on Azure services)
3. Azure CLI (when logged in via 'az login')
4. Azure PowerShell
5. Interactive browser login
Returns:
ContainerInstanceManagementClient: Authenticated client instance
"""
# Get subscription ID from environment
subscription_id = os.getenv("AZURE_SUBSCRIPTION_ID")
if not subscription_id:
raise ValueError("AZURE_SUBSCRIPTION_ID environment variable is required")
# Create credential
credential = DefaultAzureCredential()
# Create client
client = ContainerInstanceManagementClient(
credential=credential,
subscription_id=subscription_id
)
return client
# Usage
client = create_client_with_default_credential()Service Principal Authentication { .api }
from azure.identity import ClientSecretCredential
from azure.mgmt.containerinstance import ContainerInstanceManagementClient
def create_client_with_service_principal(tenant_id, client_id, client_secret, subscription_id):
"""
Create client using service principal credentials.
Args:
tenant_id (str): Azure AD tenant ID
client_id (str): Application (client) ID of the service principal
client_secret (str): Client secret of the service principal
subscription_id (str): Azure subscription ID
Returns:
ContainerInstanceManagementClient: Authenticated client instance
Example:
client = create_client_with_service_principal(
tenant_id="your-tenant-id",
client_id="your-client-id",
client_secret="your-client-secret",
subscription_id="your-subscription-id"
)
"""
credential = ClientSecretCredential(
tenant_id=tenant_id,
client_id=client_id,
client_secret=client_secret
)
client = ContainerInstanceManagementClient(
credential=credential,
subscription_id=subscription_id
)
return client
# Usage with environment variables
import os
client = create_client_with_service_principal(
tenant_id=os.getenv("AZURE_TENANT_ID"),
client_id=os.getenv("AZURE_CLIENT_ID"),
client_secret=os.getenv("AZURE_CLIENT_SECRET"),
subscription_id=os.getenv("AZURE_SUBSCRIPTION_ID")
)Certificate-Based Authentication { .api }
from azure.identity import CertificateCredential
from azure.mgmt.containerinstance import ContainerInstanceManagementClient
def create_client_with_certificate(tenant_id, client_id, certificate_path, subscription_id):
"""
Create client using certificate-based authentication.
Args:
tenant_id (str): Azure AD tenant ID
client_id (str): Application (client) ID
certificate_path (str): Path to certificate file (.pem or .pfx)
subscription_id (str): Azure subscription ID
Returns:
ContainerInstanceManagementClient: Authenticated client instance
Example:
client = create_client_with_certificate(
tenant_id="your-tenant-id",
client_id="your-client-id",
certificate_path="/path/to/cert.pem",
subscription_id="your-subscription-id"
)
"""
credential = CertificateCredential(
tenant_id=tenant_id,
client_id=client_id,
certificate_path=certificate_path
)
client = ContainerInstanceManagementClient(
credential=credential,
subscription_id=subscription_id
)
return clientManaged Identity Authentication { .api }
from azure.identity import ManagedIdentityCredential
from azure.mgmt.containerinstance import ContainerInstanceManagementClient
def create_client_with_managed_identity(subscription_id, client_id=None):
"""
Create client using Managed Identity (for Azure-hosted applications).
Args:
subscription_id (str): Azure subscription ID
client_id (str, optional): Client ID of user-assigned managed identity
Returns:
ContainerInstanceManagementClient: Authenticated client instance
Example:
# System-assigned managed identity
client = create_client_with_managed_identity("your-subscription-id")
# User-assigned managed identity
client = create_client_with_managed_identity(
subscription_id="your-subscription-id",
client_id="managed-identity-client-id"
)
"""
if client_id:
# User-assigned managed identity
credential = ManagedIdentityCredential(client_id=client_id)
else:
# System-assigned managed identity
credential = ManagedIdentityCredential()
client = ContainerInstanceManagementClient(
credential=credential,
subscription_id=subscription_id
)
return client
# Usage in Azure-hosted environment (VM, App Service, etc.)
client = create_client_with_managed_identity(
subscription_id=os.getenv("AZURE_SUBSCRIPTION_ID")
)Interactive Browser Authentication { .api }
from azure.identity import InteractiveBrowserCredential
from azure.mgmt.containerinstance import ContainerInstanceManagementClient
def create_client_with_browser_auth(tenant_id, subscription_id):
"""
Create client using interactive browser authentication.
Args:
tenant_id (str): Azure AD tenant ID
subscription_id (str): Azure subscription ID
Returns:
ContainerInstanceManagementClient: Authenticated client instance
Note:
This method opens a web browser for user authentication.
Suitable for development and interactive scenarios.
Example:
client = create_client_with_browser_auth(
tenant_id="your-tenant-id",
subscription_id="your-subscription-id"
)
"""
credential = InteractiveBrowserCredential(tenant_id=tenant_id)
client = ContainerInstanceManagementClient(
credential=credential,
subscription_id=subscription_id
)
return clientClient Configuration Options
Custom Base URL { .api }
def create_client_with_custom_endpoint(credential, subscription_id, base_url):
"""
Create client with custom Azure endpoint (for sovereign clouds).
Args:
credential: Azure credential object
subscription_id (str): Azure subscription ID
base_url (str): Custom Azure Resource Manager endpoint
Returns:
ContainerInstanceManagementClient: Client configured for custom endpoint
Example:
# Azure Government Cloud
client = create_client_with_custom_endpoint(
credential=DefaultAzureCredential(),
subscription_id="your-subscription-id",
base_url="https://management.usgovcloudapi.net"
)
# Azure China Cloud
client = create_client_with_custom_endpoint(
credential=DefaultAzureCredential(),
subscription_id="your-subscription-id",
base_url="https://management.chinacloudapi.cn"
)
"""
client = ContainerInstanceManagementClient(
credential=credential,
subscription_id=subscription_id,
base_url=base_url
)
return clientAPI Version Configuration { .api }
def create_client_with_api_version(credential, subscription_id, api_version):
"""
Create client with specific API version.
Args:
credential: Azure credential object
subscription_id (str): Azure subscription ID
api_version (str): Azure Container Instance API version
Returns:
ContainerInstanceManagementClient: Client configured for specific API version
Example:
client = create_client_with_api_version(
credential=DefaultAzureCredential(),
subscription_id="your-subscription-id",
api_version="2023-05-01"
)
"""
client = ContainerInstanceManagementClient(
credential=credential,
subscription_id=subscription_id,
api_version=api_version
)
return clientEnvironment Variable Setup
Required Environment Variables
# Service Principal Authentication
export AZURE_CLIENT_ID="your-client-id"
export AZURE_CLIENT_SECRET="your-client-secret"
export AZURE_TENANT_ID="your-tenant-id"
export AZURE_SUBSCRIPTION_ID="your-subscription-id"
# Alternative for certificate-based auth
export AZURE_CLIENT_CERTIFICATE_PATH="/path/to/certificate.pem"
export AZURE_CLIENT_CERTIFICATE_PASSWORD="certificate-password" # if encryptedEnvironment Configuration Script
import os
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerinstance import ContainerInstanceManagementClient
def validate_environment_and_create_client():
"""
Validate required environment variables and create authenticated client.
Returns:
ContainerInstanceManagementClient: Authenticated client instance
Raises:
ValueError: If required environment variables are missing
"""
# Check required variables
subscription_id = os.getenv("AZURE_SUBSCRIPTION_ID")
if not subscription_id:
raise ValueError("AZURE_SUBSCRIPTION_ID environment variable is required")
# Check for at least one authentication method
has_service_principal = all([
os.getenv("AZURE_CLIENT_ID"),
os.getenv("AZURE_TENANT_ID"),
os.getenv("AZURE_CLIENT_SECRET") or os.getenv("AZURE_CLIENT_CERTIFICATE_PATH")
])
if not has_service_principal:
print("Warning: Service principal environment variables not found.")
print("Will attempt authentication via Azure CLI or interactive methods.")
# Create client with DefaultAzureCredential
credential = DefaultAzureCredential()
client = ContainerInstanceManagementClient(
credential=credential,
subscription_id=subscription_id
)
# Test authentication
try:
# Attempt a simple API call to validate authentication
list(client.container_groups.list())
print("Authentication successful!")
except Exception as e:
print(f"Authentication failed: {e}")
raise
return client
# Usage
try:
client = validate_environment_and_create_client()
print("Client created successfully!")
except ValueError as e:
print(f"Configuration error: {e}")
except Exception as e:
print(f"Authentication error: {e}")Authentication Best Practices
Production Environments
def create_production_client():
"""
Recommended authentication setup for production environments.
Priority order:
1. Managed Identity (preferred for Azure-hosted apps)
2. Service Principal with certificate
3. Service Principal with secret
"""
subscription_id = os.getenv("AZURE_SUBSCRIPTION_ID")
try:
# Try Managed Identity first
credential = ManagedIdentityCredential()
client = ContainerInstanceManagementClient(credential, subscription_id)
# Test the credential
list(client.container_groups.list())
print("Using Managed Identity authentication")
return client
except Exception:
pass
try:
# Try certificate-based service principal
if os.getenv("AZURE_CLIENT_CERTIFICATE_PATH"):
credential = CertificateCredential(
tenant_id=os.getenv("AZURE_TENANT_ID"),
client_id=os.getenv("AZURE_CLIENT_ID"),
certificate_path=os.getenv("AZURE_CLIENT_CERTIFICATE_PATH")
)
client = ContainerInstanceManagementClient(credential, subscription_id)
print("Using certificate-based service principal authentication")
return client
except Exception:
pass
# Fallback to client secret
credential = ClientSecretCredential(
tenant_id=os.getenv("AZURE_TENANT_ID"),
client_id=os.getenv("AZURE_CLIENT_ID"),
client_secret=os.getenv("AZURE_CLIENT_SECRET")
)
client = ContainerInstanceManagementClient(credential, subscription_id)
print("Using client secret service principal authentication")
return clientDevelopment Environments
def create_development_client():
"""
Recommended authentication setup for development environments.
"""
# Use DefaultAzureCredential for maximum flexibility
credential = DefaultAzureCredential(
# Enable logging for debugging authentication issues
logging_enable=True
)
subscription_id = os.getenv("AZURE_SUBSCRIPTION_ID")
client = ContainerInstanceManagementClient(credential, subscription_id)
return clientInstall with Tessl CLI
npx tessl i tessl/pypi-azure-mgmt-containerinstance