terraform/azure: skip Kconfig generation when Azure is not configured

Add require_azure_credentials() to azure_common.py which validates Azure
credentials via the Azure CLI profile early in script execution. When
Azure is not configured, the scripts exit gracefully with success rather
than failing with errors. This allows users without Azure accounts to
run make dynconfig without issues.

This approach mirrors the AWS implementation and centralizes the handling
of missing Azure credentials while avoiding TOCTOU race conditions from
manual file existence checks. The Azure CLI profile API validates that
credentials are functional, not just that config files exist.

Generated-by: Claude AI
Signed-off-by: Chuck Lever <[email protected]>

Author: chucklever

terraform/azure/scripts/azure_common.py

@@ -17,6 +17,12 @@
 from jinja2 import Environment, FileSystemLoader
 
 
+class AzureNotConfiguredError(Exception):
+    """Raised when Azure credentials are not available."""
+
+    pass
+
+
 def get_default_region():
     """
     Get the default Azure region from Azure configuration.
@@ -371,3 +377,45 @@ def exit_on_empty_result(result, context, quiet=False):
             )
             print("Run 'az login' to authenticate with Azure.", file=sys.stderr)
         sys.exit(1)
+
+
+def require_azure_credentials():
+    """
+    Require Azure credentials, raising an exception if not configured.
+
+    This function should be called early in main() to validate Azure
+    credentials. If Azure is not configured, it raises AzureNotConfiguredError
+    to let the caller decide how to handle it.
+
+    This centralizes the handling of missing Azure credentials and avoids
+    TOCTOU race conditions from manual file existence checks.
+
+    Returns:
+        str: Subscription ID if credentials are valid
+
+    Raises:
+        AzureNotConfiguredError: If Azure credentials are not found
+    """
+    try:
+        from azure.common.credentials import get_cli_profile
+
+        profile = get_cli_profile()
+        credentials, subscription_id, _ = profile.get_login_credentials(
+            resource="https://management.azure.com"
+        )
+        return subscription_id
+    except ImportError as e:
+        raise AzureNotConfiguredError("Azure SDK not installed") from e
+    except Exception as e:
+        # Only treat as "not configured" if it looks like an auth/login issue
+        error_msg = str(e).lower()
+        auth_indicators = [
+            "login",
+            "logged in",
+            "authenticate",
+            "credential",
+            "az login",
+        ]
+        if any(phrase in error_msg for phrase in auth_indicators):
+            raise AzureNotConfiguredError("Azure credentials not found") from e
+        raise

terraform/azure/scripts/gen_kconfig_image

@@ -55,11 +55,12 @@ from collections import defaultdict
 from functools import lru_cache
 
 from azure_common import (
+	AzureNotConfiguredError,
 	get_default_region,
 	get_jinja2_environment,
-	get_all_regions,
 	get_region_kconfig_name,
 	get_all_offers_and_skus,
+	require_azure_credentials,
 )
 
 
@@ -730,6 +731,14 @@ def main():
 		output_publishers_raw(args.quiet)
 		return
 
+	# Allow make dynconfig to succeed without Azure credentials
+	try:
+		require_azure_credentials()
+	except AzureNotConfiguredError:
+		if not args.quiet:
+			print("Azure not configured - skipping (optional)", file=sys.stderr)
+		sys.exit(0)
+
 	publishers = get_known_publishers()
 
 	# Filter to specific publisher if requested

terraform/azure/scripts/gen_kconfig_location

@@ -26,11 +26,12 @@ import sys
 import argparse
 
 from azure_common import (
+    AzureNotConfiguredError,
     get_default_region,
     get_all_regions,
     get_jinja2_environment,
     get_region_kconfig_name,
-    exit_on_empty_result,
+    require_azure_credentials,
 )
 
 
@@ -191,11 +192,18 @@ def main():
     """Main function to run the program."""
     args = parse_arguments()
 
+    # Allow make dynconfig to succeed without Azure credentials
+    try:
+        require_azure_credentials()
+    except AzureNotConfiguredError:
+        if not args.quiet:
+            print("Azure not configured - skipping (optional)", file=sys.stderr)
+        sys.exit(0)
+
     if not args.quiet:
         print("Fetching list of all Azure regions...", file=sys.stderr)
 
     regions = get_all_regions(args.quiet)
-    exit_on_empty_result(regions, "Azure region query", args.quiet)
 
     if args.regions:
         if args.format == "kconfig":

terraform/azure/scripts/gen_kconfig_size

@@ -39,11 +39,12 @@ import os
 import yaml
 
 from azure_common import (
+    AzureNotConfiguredError,
     get_default_region,
     get_all_regions,
     get_jinja2_environment,
     get_vm_sizes_and_skus,
-    exit_on_empty_result,
+    require_azure_credentials,
 )
 
 
@@ -602,21 +603,27 @@ def main():
     """Main function to run the program."""
     args = parse_arguments()
 
+    # Allow make dynconfig to succeed without Azure credentials
+    try:
+        require_azure_credentials()
+    except AzureNotConfiguredError:
+        if not args.quiet:
+            print("Azure not configured - skipping (optional)", file=sys.stderr)
+        sys.exit(0)
+
     # Determine which regions to query
     if args.region:
         # Query specific region only
         regions = [args.region]
     elif args.all_regions:
         # Query all regions
         regions = get_all_regions(args.quiet)
-        exit_on_empty_result(regions, "Azure region query", args.quiet)
     else:
         # Query default region only
         regions = [get_default_region()]
 
     # Get VM sizes and capabilities in a single API call
     sizes, sku_capabilities = get_all_vm_sizes_and_capabilities(regions, args.quiet)
-    exit_on_empty_result(sizes, "Azure VM size query", args.quiet)
 
     if args.families:
         output_families_raw(sizes, args.quiet)