Change conn.conn_kw's content instead of replacing it

[jiasli]

Symptom

Python SDK fails when an HTTPS proxy is used:

from azure.mgmt.compute import ComputeManagementClient
from azure.identity import AzureCliCredential

subscription_id = 'xxx'
proxies = {'https': 'https://127.0.0.1:8888'}

compute_client = ComputeManagementClient(subscription_id=subscription_id, credential=AzureCliCredential(),
                                         proxies=proxies)
compute_client.virtual_machine_scale_sets.get(resource_group_name='xxx', vm_scale_set_name='xxx')

Traceback (most recent call last):
  File "D:/cli/testproj/demo.py", line 12, in <module>
    compute_client.virtual_machine_scale_sets.get(resource_group_name='xxx',
  File "D:\cli\env38\lib\site-packages\azure\mgmt\compute\v2020_06_01\operations\_virtual_machine_scale_sets_operations.py", line 458, in get
    pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
  File "D:\cli\env38\lib\site-packages\azure\core\pipeline\_base.py", line 211, in run
    return first_node.send(pipeline_request)  # type: ignore
  File "D:\cli\env38\lib\site-packages\azure\core\pipeline\_base.py", line 71, in send
    response = self.next.send(request)
  File "D:\cli\env38\lib\site-packages\azure\mgmt\core\policies\_base.py", line 47, in send
    response = self.next.send(request)
  File "D:\cli\env38\lib\site-packages\azure\core\pipeline\_base.py", line 71, in send
    response = self.next.send(request)
  File "D:\cli\env38\lib\site-packages\azure\core\pipeline\_base.py", line 71, in send
    response = self.next.send(request)
  File "D:\cli\env38\lib\site-packages\azure\core\pipeline\_base.py", line 71, in send
    response = self.next.send(request)
  [Previous line repeated 1 more time]
  File "D:\cli\env38\lib\site-packages\azure\core\pipeline\policies\_redirect.py", line 158, in send
    response = self.next.send(request)
  File "D:\cli\env38\lib\site-packages\azure\core\pipeline\policies\_retry.py", line 435, in send
    response = self.next.send(request)
  File "D:\cli\env38\lib\site-packages\azure\core\pipeline\_base.py", line 71, in send
    response = self.next.send(request)
  File "D:\cli\env38\lib\site-packages\azure\core\pipeline\_base.py", line 71, in send
    response = self.next.send(request)
  File "D:\cli\env38\lib\site-packages\azure\core\pipeline\_base.py", line 71, in send
    response = self.next.send(request)
  [Previous line repeated 2 more times]
  File "D:\cli\env38\lib\site-packages\azure\core\pipeline\_base.py", line 103, in send
    self._sender.send(request.http_request, **request.context.options),
  File "D:\cli\env38\lib\site-packages\azure\core\pipeline\transport\_requests_basic.py", line 260, in send
    response = self.session.request(  # type: ignore
  File "D:\cli\env38\lib\site-packages\requests\sessions.py", line 542, in request
    resp = self.send(prep, **send_kwargs)
  File "D:\cli\env38\lib\site-packages\requests\sessions.py", line 655, in send
    r = adapter.send(request, **kwargs)
  File "D:\cli\env38\lib\site-packages\requests\adapters.py", line 439, in send
    resp = conn.urlopen(
  File "D:\cli\env38\lib\site-packages\urllib3\connectionpool.py", line 696, in urlopen
    self._prepare_proxy(conn)
  File "D:\cli\env38\lib\site-packages\urllib3\connectionpool.py", line 964, in _prepare_proxy
    conn.connect()
  File "D:\cli\env38\lib\site-packages\urllib3\connection.py", line 359, in connect
    conn = self._connect_tls_proxy(hostname, conn)
  File "D:\cli\env38\lib\site-packages\urllib3\connection.py", line 476, in _connect_tls_proxy
    ssl_context = proxy_config.ssl_context
AttributeError: 'NoneType' object has no attribute 'ssl_context'

Root cause

#14442 replaces conn.conn_kw with a new dict.

It corrupts the internal logic of urllib3, as conn.conn_kw is not empty. Replacing it causes existing key-values to be discarded.

Example conn.conn_kw when proxy is used:

{
  'socket_options': [], 
  'proxy': Url(scheme='https', auth=None, host='127.0.0.1', port=8888, path=None, query=None, fragment=None), 
  'proxy_config': ProxyConfig(ssl_context=None, use_forwarding_for_https=False)
}

The above error happens because proxy_config from conn.conn_kw is discarded.

Change

This PR changes conn.conn_kw's content instead of replacing it, so that existing values are preserved.

[check-enforcer]

This pull request is protected by Check Enforcer.

What is Check Enforcer?

Check Enforcer helps ensure all pull requests are covered by at least one check-run (typically an Azure Pipeline). When all check-runs associated with this pull request pass then Check Enforcer itself will pass.

Why am I getting this message?

You are getting this message because Check Enforcer did not detect any check-runs being associated with this pull request within five minutes. This may indicate that your pull request is not covered by any pipelines and so Check Enforcer is correctly blocking the pull request being merged.

What should I do now?

If the check-enforcer check-run is not passing and all other check-runs associated with this PR are passing (excluding license-cla) then you could try telling Check Enforcer to evaluate your pull request again. You can do this by adding a comment to this pull request as follows:
/check-enforcer evaluate
Typically evaulation only takes a few seconds. If you know that your pull request is not covered by a pipeline and this is expected you can override Check Enforcer using the following command:
/check-enforcer override
Note that using the override command triggers alerts so that follow-up investigations can occur (PRs still need to be approved as normal).

What if I am onboarding a new service?

Often, new services do not have validation pipelines associated with them, in order to bootstrap pipelines for a new service, you can issue the following command as a pull request comment:
/azp run prepare-pipelines
This will run a pipeline that analyzes the source tree and creates the pipelines necessary to build and validate your pull request. Once the pipeline has been created you can trigger the pipeline using the following comment:
/azp run python - [service] - ci

[sihde]

I have confirmed that applying this patch against azure-core 1.10.0 allows my tests to pass while they fail without it. Thanks for your help @jiasli and @yonzhan !

[jiasli]

Actually, conn.conn_kw will never be None as it is created from a function kwargs:

https://github.com/urllib3/urllib3/blob/67111020d9cfc5798bc85f3719b3015e3ff28692/src/urllib3/connectionpool.py#L167

    def __init__(
        self,
        ...
        **conn_kw,

and saved as an attribute later:

https://github.com/urllib3/urllib3/blob/67111020d9cfc5798bc85f3719b3015e3ff28692/src/urllib3/connectionpool.py#L195

        self.conn_kw = conn_kw