(airflow) branch main updated: Add managed identity assignment support (#58364)

Sun, 16 Nov 2025 05:04:24 -0800 

This is an automated email from the ASF dual-hosted git repository.

potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/main by this push:
     new 38c0ba6d8fd Add managed identity assignment support (#58364)
38c0ba6d8fd is described below

commit 38c0ba6d8fd88cfe1203d294ea86267eb941ee09
Author: Arjun Anandkumar <[email protected]>
AuthorDate: Sun Nov 16 14:04:12 2025 +0100

    Add managed identity assignment support (#58364)
---
 .../azure/operators/container_instances.py         | 11 ++++++++++
 .../azure/operators/test_container_instances.py    | 25 ++++++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git 
a/providers/microsoft/azure/src/airflow/providers/microsoft/azure/operators/container_instances.py
 
b/providers/microsoft/azure/src/airflow/providers/microsoft/azure/operators/container_instances.py
index 1e4398aae51..05ec32e0320 100644
--- 
a/providers/microsoft/azure/src/airflow/providers/microsoft/azure/operators/container_instances.py
+++ 
b/providers/microsoft/azure/src/airflow/providers/microsoft/azure/operators/container_instances.py
@@ -27,6 +27,7 @@ from azure.mgmt.containerinstance.models import (
     Container,
     ContainerGroup,
     ContainerGroupDiagnostics,
+    ContainerGroupIdentity,
     ContainerGroupSubnetId,
     ContainerPort,
     DnsConfiguration,
@@ -102,6 +103,7 @@ class AzureContainerInstancesOperator(BaseOperator):
     :param dns_config: The DNS configuration for a container group.
     :param diagnostics: Container group diagnostic information (Log Analytics).
     :param priority: Container group priority, Possible values include: 
'Regular', 'Spot'
+    :param identity: List of User/System assigned identities for the container 
group.
 
     **Example**::
 
@@ -144,6 +146,12 @@ class AzureContainerInstancesOperator(BaseOperator):
                 }
             },
             priority="Regular",
+            identity = {
+                {
+                    "type": "UserAssigned",
+                    "resource_ids": 
["/subscriptions/00000000-0000-0000-0000-00000000000/resourceGroups/my_rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/my_identity"],
+                },
+            }
             command=["/bin/echo", "world"],
             task_id="start_container",
         )
@@ -180,6 +188,7 @@ class AzureContainerInstancesOperator(BaseOperator):
         dns_config: DnsConfiguration | None = None,
         diagnostics: ContainerGroupDiagnostics | None = None,
         priority: str | None = "Regular",
+        identity: ContainerGroupIdentity | None = None,
         **kwargs,
     ) -> None:
         super().__init__(**kwargs)
@@ -222,6 +231,7 @@ class AzureContainerInstancesOperator(BaseOperator):
         self.dns_config = dns_config
         self.diagnostics = diagnostics
         self.priority = priority
+        self.identity = identity
         if self.priority not in ["Regular", "Spot"]:
             raise AirflowException(
                 "Invalid value for the priority argument. "
@@ -304,6 +314,7 @@ class AzureContainerInstancesOperator(BaseOperator):
                 dns_config=self.dns_config,
                 diagnostics=self.diagnostics,
                 priority=self.priority,
+                identity=self.identity,
             )
 
             self._ci_hook.create_or_update(self.resource_group, self.name, 
container_group)
diff --git 
a/providers/microsoft/azure/tests/unit/microsoft/azure/operators/test_container_instances.py
 
b/providers/microsoft/azure/tests/unit/microsoft/azure/operators/test_container_instances.py
index 807e2304d6b..39756cab095 100644
--- 
a/providers/microsoft/azure/tests/unit/microsoft/azure/operators/test_container_instances.py
+++ 
b/providers/microsoft/azure/tests/unit/microsoft/azure/operators/test_container_instances.py
@@ -586,6 +586,31 @@ class TestACIOperator:
 
         assert aci_mock.return_value.delete.call_count == 1
 
+    
@mock.patch("airflow.providers.microsoft.azure.operators.container_instances.AzureContainerInstanceHook")
+    def test_execute_with_identity(self, aci_mock):
+        identity = MagicMock()
+
+        aci_mock.return_value.get_state.return_value = make_mock_container(
+            state="Terminated", exit_code=0, detail_status="test"
+        )
+        aci_mock.return_value.exists.return_value = False
+
+        aci = AzureContainerInstancesOperator(
+            ci_conn_id=None,
+            registry_conn_id=None,
+            resource_group="resource-group",
+            name="container-name",
+            image="container-image",
+            region="region",
+            task_id="task",
+            identity=identity,
+        )
+        aci.execute(None)
+        assert aci_mock.return_value.create_or_update.call_count == 1
+        (_, _, called_cg), _ = aci_mock.return_value.create_or_update.call_args
+
+        assert called_cg.identity == identity
+
 
 class XcomMock:
     def __init__(self) -> None:

Reply via email to