{Containerapp} Fix Credential Scanner failed

[Greedygre]

Related command

Description

Testing Guide

History Notes

[Component Name 1] BREAKING CHANGE: az command a: Make some customer-facing breaking change
[Component Name 2] az command b: Add some customer-facing feature

---

This checklist is used to make sure that common guidelines for a pull request are followed.

• The PR title and description has followed the guideline in Submitting Pull Requests.

• I adhere to the Command Guidelines.

• I adhere to the Error Handling Guidelines.

[azure-client-tools-bot-prd]

️✔️AzureCLI-FullTest

️✔️acr

️✔️latest

️✔️3.12

️✔️3.13

️✔️acs

️✔️latest

️✔️3.12

️✔️3.13

️✔️advisor

️✔️latest

️✔️3.12

️✔️3.13

️✔️ams

️✔️latest

️✔️3.12

️✔️3.13

️✔️apim

️✔️latest

️✔️3.12

️✔️3.13

️✔️appconfig

️✔️latest

️✔️3.12

️✔️3.13

️✔️appservice

️✔️latest

️✔️3.12

️✔️3.13

️✔️aro

️✔️latest

️✔️3.12

️✔️3.13

️✔️backup

️✔️latest

️✔️3.12

️✔️3.13

️✔️batch

️✔️latest

️✔️3.12

️✔️3.13

️✔️batchai

️✔️latest

️✔️3.12

️✔️3.13

️✔️billing

️✔️latest

️✔️3.12

️✔️3.13

️✔️botservice

️✔️latest

️✔️3.12

️✔️3.13

️✔️cdn

️✔️latest

️✔️3.12

️✔️3.13

️✔️cloud

️✔️latest

️✔️3.12

️✔️3.13

️✔️cognitiveservices

️✔️latest

️✔️3.12

️✔️3.13

️✔️compute_recommender

️✔️latest

️✔️3.12

️✔️3.13

️✔️computefleet

️✔️latest

️✔️3.12

️✔️3.13

️✔️config

️✔️latest

️✔️3.12

️✔️3.13

️✔️configure

️✔️latest

️✔️3.12

️✔️3.13

️✔️consumption

️✔️latest

️✔️3.12

️✔️3.13

️✔️container

️✔️latest

️✔️3.12

️✔️3.13

️✔️containerapp

️✔️latest

️✔️3.12

️✔️3.13

️✔️core

️✔️latest

️✔️3.12

️✔️3.13

️✔️cosmosdb

️✔️latest

️✔️3.12

️✔️3.13

️✔️databoxedge

️✔️latest

️✔️3.12

️✔️3.13

️✔️dls

️✔️latest

️✔️3.12

️✔️3.13

️✔️dms

️✔️latest

️✔️3.12

️✔️3.13

️✔️eventgrid

️✔️latest

️✔️3.12

️✔️3.13

️✔️eventhubs

️✔️latest

️✔️3.12

️✔️3.13

️✔️feedback

️✔️latest

️✔️3.12

️✔️3.13

️✔️find

️✔️latest

️✔️3.12

️✔️3.13

️✔️hdinsight

️✔️latest

️✔️3.12

️✔️3.13

️✔️identity

️✔️latest

️✔️3.12

️✔️3.13

️✔️iot

️✔️latest

️✔️3.12

️✔️3.13

️✔️keyvault

️✔️latest

️✔️3.12

️✔️3.13

️✔️lab

️✔️latest

️✔️3.12

️✔️3.13

️✔️managedservices

️✔️latest

️✔️3.12

️✔️3.13

️✔️maps

️✔️latest

️✔️3.12

️✔️3.13

️✔️marketplaceordering

️✔️latest

️✔️3.12

️✔️3.13

️✔️monitor

️✔️latest

️✔️3.12

️✔️3.13

️✔️mysql

️✔️latest

️✔️3.12

️✔️3.13

️✔️netappfiles

️✔️latest

️✔️3.12

️✔️3.13

️✔️network

️✔️latest

️✔️3.12

️✔️3.13

️✔️policyinsights

️✔️latest

️✔️3.12

️✔️3.13

️✔️privatedns

️✔️latest

️✔️3.12

️✔️3.13

️✔️profile

️✔️latest

️✔️3.12

️✔️3.13

️✔️rdbms

️✔️latest

️✔️3.12

️✔️3.13

️✔️redis

️✔️latest

️✔️3.12

️✔️3.13

️✔️relay

️✔️latest

️✔️3.12

️✔️3.13

️✔️resource

️✔️latest

️✔️3.12

️✔️3.13

️✔️role

️✔️latest

️✔️3.12

️✔️3.13

️✔️search

️✔️latest

️✔️3.12

️✔️3.13

️✔️security

️✔️latest

️✔️3.12

️✔️3.13

️✔️servicebus

️✔️latest

️✔️3.12

️✔️3.13

️✔️serviceconnector

️✔️latest

️✔️3.12

️✔️3.13

️✔️servicefabric

️✔️latest

️✔️3.12

️✔️3.13

️✔️signalr

️✔️latest

️✔️3.12

️✔️3.13

️✔️sql

️✔️latest

️✔️3.12

️✔️3.13

️✔️sqlvm

️✔️latest

️✔️3.12

️✔️3.13

️✔️storage

️✔️latest

️✔️3.12

️✔️3.13

️✔️synapse

️✔️latest

️✔️3.12

️✔️3.13

️✔️telemetry

️✔️latest

️✔️3.12

️✔️3.13

️✔️util

️✔️latest

️✔️3.12

️✔️3.13

️✔️vm

️✔️latest

️✔️3.12

️✔️3.13

[azure-client-tools-bot-prd]

️✔️AzureCLI-BreakingChangeTest

️✔️Non Breaking Changes

[github-actions]

The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR.

Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions).
After that please run the following commands to enable git hooks:

pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>

[yonzhan]

Thank you for your contribution! We will review the pull request and get back to you soon.

[Copilot]

Pull Request Overview

This PR addresses a Credential Scanner security issue by replacing potentially sensitive authentication keys in test recording files with placeholder values.

• Replaces actual sharedKey values in test recordings with a sanitized placeholder "abc123"
• Maintains consistent formatting across all test recording files
• Ensures test recordings don't contain real credentials that could trigger security scanners

Reviewed Changes

Copilot reviewed 19 out of 19 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
test_containerapp_up_source_with_dockerfile_e2e.yaml	Replaced shared key with placeholder value
test_containerapp_up_image_e2e.yaml	Replaced shared key with placeholder value
test_containerapp_tcp_ingress.yaml	Replaced shared key with placeholder value
test_containerapp_get_customdomainverificationid_e2e.yaml	Replaced shared key with placeholder value
test_containerapp_env_update_custom_domains.yaml	Replaced shared key with placeholder value
test_containerapp_env_p2p_traffic_encryption.yaml	Replaced shared key with placeholder value
test_containerapp_env_mtls.yaml	Replaced shared key with placeholder value
test_containerapp_env_logs_e2e.yaml	Replaced shared key with placeholder value
test_containerapp_env_internal_only_e2e.yaml	Replaced shared key with placeholder value
test_containerapp_env_e2e.yaml	Replaced shared key with placeholder value
test_containerapp_env_custom_domains.yaml	Replaced shared key with placeholder value
test_containerapp_env_certificate_e2e.yaml	Replaced shared key with placeholder value
test_containerapp_custom_domains_e2e.yaml	Replaced shared key with placeholder value
test_containerapp_create_with_vnet_yaml.yaml	Replaced shared key with placeholder value
test_containerapp_create_with_environment_id.yaml	Replaced shared key with placeholder value
test_containerapp_compose_create_environment_to_target_location.yaml	Replaced shared key with placeholder value
test_container_app_mount_secret_update_e2e.yaml	Replaced shared key with placeholder value
test_container_app_mount_secret_e2e.yaml	Replaced shared key with placeholder value
test_container_app_mount_azurefile_e2e.yaml	Replaced shared key with placeholder value

Comments suppressed due to low confidence (16)

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Greedygre]

Seems the CI failed not related to this PR's change:

  File "/opt/hostedtoolcache/Python/3.12.11/x64/lib/python3.12/site-packages/azure/cli/command_modules/batch/custom.py", line 22, in <module>
    from azure.batch.models import (AffinityInfo, BatchPoolResizeContent, BatchStartTask, BatchTaskConstraints, BatchTask,
ImportError: cannot import name 'AffinityInfo' from 'azure.batch.models' (/opt/hostedtoolcache/Python/3.12.11/x64/lib/python3.12/site-packages/azure/batch/models/__init__.py). Did you mean: 'BatchAffinityInfo'?

[jiasli]

We definitely need a replacer to do this. Otherwise, rerunning these tests will generate valid sharedKeys again.

[Greedygre]

We definitely need a replacer to do this. Otherwise, rerunning these tests will generate valid sharedKeys again.

Hi @jiasli
Do you know

1. why this Credential failed didn't failed in PR CI and block PR merge?
2. why azdev scan didn't scan these secrets?

[Greedygre]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 3 pipeline(s).

[evelyn-ys]

Instead of manually replacing keys, can you implementing a test recording replacer to automatically do that?

[bebound]

Instead of manually replacing keys, can you implementing a test recording replacer to automatically do that?

Yes, we need a permanent solution for this. We fixed the same issue before in #32232

[bebound]

Next Tuesday is the code freeze. To unblock the release, shall we merge this PR first? @evelyn-ys

@Greedygre will create another PR to add the replacer.

[bebound]

There a new format of credential fixed in #32340

string: '{"primarySharedKey":"abc123","secondarySharedKey":"abc123"}'