Address review comments: rename _clean_env to clean_env, fix __all__, fix doc diagram, drop redundant import os

Author: RyAuld

.Pipelines/CI-AND-RELEASE-PIPELINES.md

@@ -62,8 +62,8 @@ with both parameters filled in.
 ### Stage Flow
 
 ```
-PreBuildCheck ─► Validate ─► CI ─► Build ─┬─► PublishMSALPython  (publishTarget == test.pypi.org)
-                                           └─► PublishPyPI        (publishTarget == pypi.org)
+PreBuildCheck ─► Validate ─► CI ─► Build ─┬─► PublishMSALPython  (publishTarget == 'test.pypi.org (Preview / RC)')
+                                           └─► PublishPyPI        (publishTarget == 'pypi.org (ESRP Production)')
 ```
 
 | Stage | What it does | Condition |

tests/lab_config.py

@@ -36,18 +36,19 @@
 
 __all__ = [
     # Constants
+    "LAB_APP_CLIENT_ID",
     "UserSecrets",
     "AppSecrets",
     # Data classes
     "UserConfig",
     "AppConfig",
     # Functions
-    "LAB_APP_CLIENT_ID",
     "get_secret",
     "get_user_config",
     "get_app_config",
     "get_user_password",
     "get_client_certificate",
+    "clean_env",
 ]
 
 # =============================================================================
@@ -170,7 +171,7 @@ class AppConfig:
 _msal_team_client: Optional[SecretClient] = None
 
 
-def _clean_env(name: str) -> Optional[str]:
+def clean_env(name: str) -> Optional[str]:
     """Return the env var value, or None if unset or it contains an unexpanded
     ADO pipeline variable literal such as ``$(VAR_NAME)``.
 
@@ -198,7 +199,7 @@ def _get_credential():
     Raises:
         EnvironmentError: If required environment variables are not set.
     """
-    cert_path = _clean_env("LAB_APP_CLIENT_CERT_PFX_PATH")
+    cert_path = clean_env("LAB_APP_CLIENT_CERT_PFX_PATH")
     tenant_id = "72f988bf-86f1-41af-91ab-2d7cd011db47"  # Microsoft tenant
 
     if cert_path:
@@ -412,7 +413,7 @@ def get_client_certificate() -> Dict[str, object]:
     Raises:
         EnvironmentError: If LAB_APP_CLIENT_CERT_PFX_PATH is not set.
     """
-    cert_path = _clean_env("LAB_APP_CLIENT_CERT_PFX_PATH")
+    cert_path = clean_env("LAB_APP_CLIENT_CERT_PFX_PATH")
     if not cert_path:
         raise EnvironmentError(
             "LAB_APP_CLIENT_CERT_PFX_PATH environment variable is required "
@@ -423,4 +424,4 @@ def get_client_certificate() -> Dict[str, object]:
     return {
         "private_key_pfx_path": cert_path,
         "public_certificate": True,  # Enable SNI (send certificate chain)
-    }
+    }

tests/test_e2e.py

@@ -28,7 +28,7 @@
 from tests.broker_util import is_pymsalruntime_installed
 from tests.lab_config import (
     get_user_config, get_app_config, get_user_password, get_secret,
-    UserSecrets, AppSecrets, LAB_APP_CLIENT_ID, _clean_env,
+    UserSecrets, AppSecrets, LAB_APP_CLIENT_ID, clean_env,
 )
 
 
@@ -345,7 +345,7 @@ class PublicCloudScenariosTestCase(E2eTestCase):
 
     @classmethod
     def setUpClass(cls):
-        if not _clean_env("LAB_APP_CLIENT_CERT_PFX_PATH"):
+        if not clean_env("LAB_APP_CLIENT_CERT_PFX_PATH"):
             raise unittest.SkipTest(
                 "LAB_APP_CLIENT_CERT_PFX_PATH not set; skipping PublicCloud e2e tests")
         pca_app = get_app_config(AppSecrets.PCA_CLIENT)
@@ -428,7 +428,7 @@ def test_client_secret(self):
 
     def test_subject_name_issuer_authentication(self):
         from tests.lab_config import get_client_certificate
-        if not _clean_env("LAB_APP_CLIENT_CERT_PFX_PATH"):
+        if not clean_env("LAB_APP_CLIENT_CERT_PFX_PATH"):
             self.skipTest("LAB_APP_CLIENT_CERT_PFX_PATH not set")
 
         self.app = msal.ConfidentialClientApplication(
@@ -471,7 +471,7 @@ def get_lab_app(
         "Reading ENV variable %s for lab app defined at "
         "https://docs.msidlab.com/accounts/confidentialclient.html",
         env_client_cert_path)
-    cert_path = _clean_env(env_client_cert_path)
+    cert_path = clean_env(env_client_cert_path)
     if cert_path:
         # id came from https://docs.msidlab.com/accounts/confidentialclient.html
         client_credential = {
@@ -1167,11 +1167,10 @@ def _test_acquire_token_for_client(self, configured_region, expected_region):
         
         Uses the lab app certificate for authentication.
         """
-        import os
         from tests.lab_config import get_client_certificate
 
         # Get client ID from lab_config constant and certificate from lab_config
-        if not _clean_env("LAB_APP_CLIENT_CERT_PFX_PATH"):
+        if not clean_env("LAB_APP_CLIENT_CERT_PFX_PATH"):
             self.skipTest("LAB_APP_CLIENT_CERT_PFX_PATH is required")
         client_credential = get_client_certificate()