Refactor

[simonkurtz-MSFT]

Refactoring and cleanup work

[github-actions]

🐍 Python 3.14 Results

Metric	Status	Value
Ruff	✅	0 issue(s)
Unit Tests	✅	success
Code Coverage	📊	100%

Full Workflow Logs

[github-actions]

🐍 Python 3.13 Results

Metric	Status	Value
Ruff	✅	0 issue(s)
Unit Tests	✅	success
Code Coverage	📊	100%

Full Workflow Logs

[github-actions]

🐍 Python 3.12 Results

Metric	Status	Value
Ruff	✅	0 issue(s)
Unit Tests	✅	success
Code Coverage	📊	100%

Full Workflow Logs

[github-actions]

Python 3.14 Detailed Test Results

1 935 tests  +113   1 935 ✅ +113   17s ⏱️ -2s
    1 suites ±  0       0 💤 ±  0 
    1 files   ±  0       0 ❌ ±  0 

Results for commit 7831a6e. ± Comparison against base commit f2f2368.

This pull request removes 2 and adds 115 tests. Note that renamed tests count towards both.

test_apimrequests ‑ test_multi_request_session_exception_on_close
test_apimrequests ‑ test_multi_request_session_exception_on_request

test_apimrequests ‑ test_close_is_idempotent_without_active_session
test_apimrequests ‑ test_context_manager_closes_reusable_session
test_apimrequests ‑ test_multi_request_reuses_session_until_closed
test_apimrequests ‑ test_multi_request_session_remains_available_after_request_exception
test_auth_testing ‑ test_context_manager_closes_requests_on_exception
test_auth_testing ‑ test_missing_jwt_key_is_rejected
test_auth_testing ‑ test_missing_role_user_is_rejected
test_auth_testing ‑ test_run_dispatches_get_and_post_and_verifies_results
test_auth_testing ‑ test_run_toggles_and_restores_subscription_key_for_each_case
test_auth_testing ‑ test_structured_expectation_rejects_non_json_response
…

♻️ This comment has been updated with latest results.

[github-actions]

Python 3.13 Detailed Test Results

1 935 tests  +113   1 935 ✅ +113   22s ⏱️ +3s
    1 suites ±  0       0 💤 ±  0 
    1 files   ±  0       0 ❌ ±  0 

Results for commit 7831a6e. ± Comparison against base commit f2f2368.

This pull request removes 2 and adds 115 tests. Note that renamed tests count towards both.

test_apimrequests ‑ test_multi_request_session_exception_on_close
test_apimrequests ‑ test_multi_request_session_exception_on_request

test_apimrequests ‑ test_close_is_idempotent_without_active_session
test_apimrequests ‑ test_context_manager_closes_reusable_session
test_apimrequests ‑ test_multi_request_reuses_session_until_closed
test_apimrequests ‑ test_multi_request_session_remains_available_after_request_exception
test_auth_testing ‑ test_context_manager_closes_requests_on_exception
test_auth_testing ‑ test_missing_jwt_key_is_rejected
test_auth_testing ‑ test_missing_role_user_is_rejected
test_auth_testing ‑ test_run_dispatches_get_and_post_and_verifies_results
test_auth_testing ‑ test_run_toggles_and_restores_subscription_key_for_each_case
test_auth_testing ‑ test_structured_expectation_rejects_non_json_response
…

♻️ This comment has been updated with latest results.

[github-actions]

Python 3.12 Detailed Test Results

1 935 tests  +113   1 935 ✅ +113   23s ⏱️ +4s
    1 suites ±  0       0 💤 ±  0 
    1 files   ±  0       0 ❌ ±  0 

Results for commit 7831a6e. ± Comparison against base commit f2f2368.

This pull request removes 2 and adds 115 tests. Note that renamed tests count towards both.

test_apimrequests ‑ test_multi_request_session_exception_on_close
test_apimrequests ‑ test_multi_request_session_exception_on_request

test_apimrequests ‑ test_close_is_idempotent_without_active_session
test_apimrequests ‑ test_context_manager_closes_reusable_session
test_apimrequests ‑ test_multi_request_reuses_session_until_closed
test_apimrequests ‑ test_multi_request_session_remains_available_after_request_exception
test_auth_testing ‑ test_context_manager_closes_requests_on_exception
test_auth_testing ‑ test_missing_jwt_key_is_rejected
test_auth_testing ‑ test_missing_role_user_is_rejected
test_auth_testing ‑ test_run_dispatches_get_and_post_and_verifies_results
test_auth_testing ‑ test_run_toggles_and_restores_subscription_key_for_each_case
test_auth_testing ‑ test_structured_expectation_rejects_non_json_response
…

♻️ This comment has been updated with latest results.

[Copilot]

Pull request overview

This PR does broad refactoring and cleanup across the APIM Samples repo: it tightens Python helper boundaries (notebooks vs helper modules), improves request/session lifecycle handling, strengthens deployment-output handling, expands unit coverage into sample-local helpers, and adds/refreshes multiple APIM policy artifacts and KQL queries.

Changes:

• Introduces ApimRequests reusable-session lifecycle + NotebookHelper deployment context helpers, and refactors multiple notebooks to use them.
• Expands Python unit tests (including new tests for several sample-local helper modules) and tightens coverage/CI configuration.
• Adds/updates many sample policy XML/KQL artifacts and documentation to align with the helper/policy organization strategy.

Reviewed changes

Copilot reviewed 53 out of 98 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
tests/README.md	Updates test/coverage documentation and formatting.
tests/python/test_verify_local_setup.py	Extends local-setup verification tests to include new shared module import.
tests/python/test_utils.py	Adds tests for selective autoreload, policy path resolution behavior, and new helper methods.
tests/python/test_secure_blob_access_helpers.py	Adds unit tests for the Secure Blob Access sample helper module.
tests/python/test_sample_notebook_autoreload.py	Adds a repository-wide guard to ensure notebooks register selective autoreload for helper modules.
tests/python/test_oauth_helpers.py	Adds unit tests for OAuth (Spotify) sample helper parsing/validation.
tests/python/test_normalize_notebook_metadata.py	Adds tests ensuring UTF-8 + LF behavior for git filter stream normalization.
tests/python/test_load_balancing_helpers.py	Adds unit tests for load-balancing sample traffic runner helpers.
tests/python/test_infrastructures.py	Updates infra verification semantics and adds tests for verification/connectivity failure paths.
tests/python/test_helpers.py	Refactors HTTP patching to align with requests.Session usage in ApimRequests.
tests/python/test_dynamic_cors_helpers.py	Adds unit tests for Dynamic CORS sample helper module behavior and persistence.
tests/python/test_auth_testing.py	Adds unit tests for new shared role-based auth test runner.
tests/python/test_apimrequests.py	Updates tests for the new session-based ApimRequests implementation and context manager support.
tests/python/.coveragerc	Refactors coverage configuration (now intended to cover samples/shared/setup) and sets fail_under.
shared/python/utils.py	Adds enable_module_autoreload, typed deployment context helper, cached deployment outputs, and APIM client factory.
shared/python/infrastructures.py	Makes connectivity verification gating explicit (fail before lock-down), and surfaces verification failures.
shared/python/auth_testing.py	Adds shared role-based auth test orchestration utilities.
shared/python/apimrequests.py	Refactors to reuse a single requests.Session, adds close() + context manager, and updates request execution flow.
setup/verify_local_setup.py	Ensures local setup validation imports new shared module.
setup/normalize_notebook_metadata.py	Ensures stream reconfiguration to UTF-8 and LF when supported.
samples/secure-blob-access/secure_blob_access_helpers.py	Adds sample-local runtime helpers (valet key parsing, direct download session ownership, CLI upload orchestration).
samples/secure-blob-access/apim-policies/pf-create-sas-token.xml	Adds a fragment intended to create a user-delegation SAS token.
samples/secure-blob-access/apim-policies/pf-check-blob-existence-via-managed-identity.xml	Adds a fragment to HEAD-check blob existence via managed identity.
samples/secure-blob-access/apim-policies/pf-authx-hr-member.xml	Adds a JWT validation fragment for HR member authorization in this sample.
samples/secure-blob-access/apim-policies/blob-get-operation.xml	Adds an operation policy that validates blob name, checks existence, generates SAS, and returns valet-key response.
samples/oauth-3rd-party/oauth_helpers.py	Adds sample-local helper functions/types for Spotify credential loading and response parsing.
samples/oauth-3rd-party/create.ipynb	Refactors notebook to use helper module, selective autoreload, deployment context, and APIM client factory.
samples/oauth-3rd-party/apim-policies/spotify_api.xml	Adds API-level policy using Credential Manager + JWT validation + error handling.
samples/oauth-3rd-party/apim-policies/artist_get.xml	Adds operation policy for Spotify artist GET rewrite.
samples/load-balancing/load_balancing_helpers.py	Adds sample-local traffic runner that owns request/session lifecycles and emits structured results.
samples/load-balancing/apim-policies/aca-backend-pool-load-balancing.xml	Adds basic backend-pool retry/load balancing policy.
samples/load-balancing/apim-policies/aca-backend-pool-load-balancing-with-retry-tracked.xml	Adds retry policy that tracks minimum Retry-After using cache and returns adaptive 429s.
samples/load-balancing/apim-policies/aca-backend-pool-load-balancing-with-429.xml	Adds policy that maps backend pool failure (503) to 429.
samples/general/create.ipynb	Refactors notebook to use deployment context and APIM client factory.
samples/egress-control/create.ipynb	Refactors notebook to use deployment context and APIM client factory; adds explicit close.
samples/egress-control/apim-policies/weather-forecast.xml	Adds a simple rewrite operation policy for the sample.
samples/dynamic-cors/dynamic_cors_helpers.py	Adds sample-local runtime helpers for CORS test execution, persistence, and DNS wait.
samples/dynamic-cors/apim-policies/pf-dynamic-cors-outbound.xml	Adds outbound fragment to apply Access-Control-Allow-Origin for non-preflight responses.
samples/dynamic-cors/apim-policies/pf-dynamic-cors-named-values.xml	Adds fragment implementing dynamic CORS mapping driven by a single Named Value JSON mapping.
samples/dynamic-cors/apim-policies/pf-dynamic-cors-named-values-per-api.xml	Adds fragment implementing per-API Named Value driven dynamic CORS.
samples/dynamic-cors/apim-policies/pf-dynamic-cors-hardcoded.xml	Adds hard-coded mapping fragment for dynamic CORS behavior.
samples/dynamic-cors/apim-policies/pf-dynamic-cors-cached.xml	Adds cache-backed dynamic CORS fragment (single mapping key).
samples/dynamic-cors/apim-policies/pf-dynamic-cors-cached-per-api.xml	Adds cache-backed dynamic CORS fragment (per-API cache keys).
samples/dynamic-cors/apim-policies/cors-get.xml	Adds a mock GET operation policy that returns a JSON body and echoes CORS evaluation.
samples/dynamic-cors/apim-policies/cors-baseline-native.xml	Adds baseline API-level <cors> policy for comparison.
samples/dynamic-cors/apim-policies/cors-api-policy.xml	Adds API-level policy wrapper that includes a chosen inbound fragment + outbound fragment.
samples/dynamic-cors/apim-policies/cors-api-policy-named-values.xml	Adds API-level policy that binds per-API allowed origins before including the per-API fragment.
samples/dynamic-cors/apim-policies/admin-load-cache.xml	Adds an admin operation policy to store mapping content into APIM cache.
samples/dynamic-cors/apim-policies/admin-clear-cache.xml	Adds an admin operation policy to remove mapping content from APIM cache.
samples/costing/README.md	Updates a query link to the canonical queries path.
samples/costing/queries/verify-token-metric-ingestion.kql	Adds richer metric-ingestion verification query with parameters and grouping.
samples/costing/queries/verify-metric-ingestion.kql	Adds basic metric-ingestion verification query.
samples/costing/queries/verify-metric-breakdown.kql	Adds per-caller metric breakdown query.
samples/costing/queries/verify-log-ingestion.kql	Adds log-ingestion verification query for gateway logs.
samples/costing/queries/budget-alert-threshold.kql	Adds parameterized budget/threshold query for alerting.
samples/costing/queries/bu-token-usage.kql	Adds join-based token usage query (LLM log + gateway logs).
samples/costing/main.bicep	Adds apiOutputs output for consistent deployment-context consumption.
samples/costing/create.ipynb	Adds selective autoreload for helpers; refactors deployment output handling to get_deployment_context; updates query loading.
samples/costing/apim-policies/pf-extract-caller-id.xml	Adds fragment to extract caller identity (appid/azp) without signature validation.
samples/costing/apim-policies/mock-ai-response.xml	Adds operation policy to mock AOAI-like responses including usage for token metrics.
samples/costing/apim-policies/emit_metric_caller_tokens.xml	Fixes metric dimension expression quoting for callerId.
samples/costing/apim-policies/emit_metric_caller_id.xml	Adds per-request caller identity metric emission policy.
samples/costing/apim-policies/aoai-gateway-responses-operation.xml	Adds Responses API routing policy with managed identity and api-version pin.
samples/costing/apim-policies/aoai-gateway-operation.xml	Adds Chat Completions routing policy with managed identity and api-version pin.
samples/costing/_helpers.py	Updates query path resolution for alert KQL templates.
samples/azure-maps/create.ipynb	Refactors notebook to use deployment context and APIM client factory.
samples/azure-maps/apim-policies/map_geocode_v2_aad_get.xml	Adds managed identity auth policy for Maps Geocode v2.
samples/azure-maps/apim-policies/map_default_route_v2_aad_get.xml	Adds policy to obtain/cache SAS token via ARM and then call Maps with SAS auth.
samples/azure-maps/apim-policies/map_async_geocode_batch_v1_keyauth_post.xml	Adds key-auth policy for async geocode batch operation.
samples/authX/apim-policies/hr_post.xml	Updates policy to use XML-safe quoting for embedded policy expressions.
samples/authX/apim-policies/hr_get.xml	Updates policy to use XML-safe quoting for embedded policy expressions.
samples/authX/apim-policies/hr_all_operations.xml	Adds all-operations JWT validation policy for authX sample.
samples/authX-pro/main.bicep	Adds apiOutputs output for consistent deployment-context consumption.
samples/authX-pro/apim-policies/pf-authx-hr-member.xml	Adds JWT validation fragment for HR member authorization.
samples/authX-pro/apim-policies/hr_product.xml	Adds product-level JWT validation policy for HR membership gating.
samples/authX-pro/apim-policies/hr_post.xml	Adds operation policy wiring shared authZ fragments.
samples/authX-pro/apim-policies/hr_get.xml	Adds operation policy wiring shared authZ fragments.
samples/authX-pro/apim-policies/hr_all_operations_pro.xml	Adds product-match policy for HR APIs.
samples/_TEMPLATE/create.ipynb	Updates template to use get_deployment_context and standardized output extraction.
CONTRIBUTING.md	Adds guidance pointing to the Python helper strategy document.
AGENTS.md	Updates sample-creation guidance and reinforces canonical policy/query locations and helper/testing strategy.
.github/workflows/python-tests.yml	Updates CI pytest invocation to rely on .coveragerc-driven coverage selection.
.github/skills/apim-policies/SKILL.md	Adds explicit guidance on XML quote escaping within attributes.
.github/python.instructions.md	Adds explicit notebook/helper architecture guidance and testing guidance.
.github/markdown.instructions.md	Adds a hard requirement that markdownlint must pass for changed Markdown files.
.github/agents/apim-sample-publisher.agent.md	Adds a new agent definition for publication/readiness tasks.
.github/agents/apim-sample-creator.agent.md	Updates agent guidance but currently has malformed YAML front matter.