Update docs regarding AAD and subscription id

- Provide better error message in this case of missing subscription id
- Resolves #305

convoy/clients.py

@@ -362,6 +362,12 @@ def create_storage_clients():
     """
     account_name = storage.get_storageaccount()
     account_key = storage.get_storageaccount_key()
+    if account_key is None:
+        raise RuntimeError(
+            'No storage account key provided for storage account {}. If '
+            'accessing via AAD, ensure that a subscription id is specified '
+            'under management in the credentials configuration.'.format(
+                account_name))
     endpoint_suffix = storage.get_storageaccount_endpoint()
     blob_client = azureblob.BlockBlobService(
         account_name=account_name,

docs/11-batch-shipyard-configuration-credentials.md

@@ -286,12 +286,15 @@ Sylabs Cloud are also not supported.
           by Azure KeyVault.
 
 ### Management: `management`
-* (optional) The `management` property defines the required members for
-accessing Azure Resources (ARM) with Azure Active Directory credentials. This
-is required with `fs` filesystem actions and pools that need to be created
-with a `virtual_network` specification.
+* (required depending upon context) The `management` property
+defines the required members for accessing Azure Resources (ARM) with Azure
+Active Directory credentials. This is required if using `aad`. For example,
+it would be required with `fs` filesystem actions, `monitor` actions,
+and pools that need to be created with ARM resources such as custom images,
+virtual networks, or public IPs.
     * (required) `subscription_id` is the subscription id to interact with.
-    * (required) `aad` AAD authentication parameters for ARM.
+    * (required if not specified globally) `aad` AAD authentication parameters
+      for ARM.
 
 ### KeyVault: `keyvault`
 Please see the
@@ -305,10 +308,13 @@ this property is *mutually exclusive* of all other properties in this file.
 If you need to define other members in this config file while using Azure
 KeyVault, then you will need to use environment variables or cli parameters
 instead for AAD and KeyVault credentials.
-    * (optional) `uri` property defines the Azure KeyVault DNS name (URI).
-    * (optional) `credentials_secret_id` property defines the KeyVault secret
+    * (required if not using command line option or environment variable) `uri`
+      property defines the Azure KeyVault DNS name (URI).
+    * (required if not using command line option or environment variable)
+      `credentials_secret_id` property defines the KeyVault secret
       id containing an entire credentials.yaml file.
-    * (required) `aad` AAD authentication parameters for KeyVault.
+    * (required if not specified globally) `aad` AAD authentication parameters
+      for KeyVault.
 
 Please refer to the
 [Azure KeyVault and Batch Shipyard guide](74-batch-shipyard-azure-keyvault.md)

docs/20-batch-shipyard-usage.md

@@ -197,26 +197,27 @@ be specified at once, i.e., `--aad-auth-key`, `--aad-password`, and
 Note that the following options can be specified as environment variables
 instead:
 
-* `SHIPYARD_CONFIGDIR` in lieu of `--configdir`
-* `SHIPYARD_CREDENTIALS_CONF` in lieu of `--credentials`
-* `SHIPYARD_CONFIG_CONF` in lieu of `--config`
-* `SHIPYARD_POOL_CONF` in lieu of `--pool`
-* `SHIPYARD_JOBS_CONF` in lieu of `--jobs`
-* `SHIPYARD_FS_CONF` in lieu of `--fs`
-* `SHIPYARD_MONITOR_CONF` in lieu of `--monitor`
-* `SHIPYARD_SUBSCRIPTION_ID` in lieu of `--subscription-id`
-* `SHIPYARD_KEYVAULT_URI` in lieu of `--keyvault-uri`
-* `SHIPYARD_KEYVAULT_CREDENTIALS_SECRET_ID` in lieu of
-`--keyvault-credentials-secret-id`
-* `SHIPYARD_AAD_ENDPOINT` in lieu of `--aad-endpoint`
-* `SHIPYARD_AAD_DIRECTORY_ID` in lieu of `--aad-directory-id`
 * `SHIPYARD_AAD_APPLICATION_ID` in lieu of `--aad-application-id`
 * `SHIPYARD_AAD_AUTH_KEY` in lieu of `--aad-auth-key`
 * `SHIPYARD_AAD_AUTHORITY_URL` in lieu of `--aad-authority-url`
-* `SHIPYARD_AAD_USER` in lieu of `--aad-user`
-* `SHIPYARD_AAD_PASSWORD` in lieu of `--aad-password`
 * `SHIPYARD_AAD_CERT_PRIVATE_KEY` in lieu of `--aad-cert-private-key`
 * `SHIPYARD_AAD_CERT_THUMBPRINT` in lieu of `--aad-cert-thumbprint`
+* `SHIPYARD_AAD_DIRECTORY_ID` in lieu of `--aad-directory-id`
+* `SHIPYARD_AAD_ENDPOINT` in lieu of `--aad-endpoint`
+* `SHIPYARD_AAD_PASSWORD` in lieu of `--aad-password`
+* `SHIPYARD_AAD_USER` in lieu of `--aad-user`
+* `SHIPYARD_CONFIG_CONF` in lieu of `--config`
+* `SHIPYARD_CONFIGDIR` in lieu of `--configdir`
+* `SHIPYARD_CREDENTIALS_CONF` in lieu of `--credentials`
+* `SHIPYARD_FS_CONF` in lieu of `--fs`
+* `SHIPYARD_JOBS_CONF` in lieu of `--jobs`
+* `SHIPYARD_KEYVAULT_CREDENTIALS_SECRET_ID` in lieu of
+`--keyvault-credentials-secret-id`
+* `SHIPYARD_KEYVAULT_URI` in lieu of `--keyvault-uri`
+* `SHIPYARD_MONITOR_CONF` in lieu of `--monitor`
+* `SHIPYARD_POOL_CONF` in lieu of `--pool`
+* `SHIPYARD_SLURM_CONF` in lieu of `--slurm`
+* `SHIPYARD_SUBSCRIPTION_ID` in lieu of `--subscription-id`
 
 ## Commands
 `shipyard` has the following top-level commands: