Add early storage validation and improve error messaging for Red Team scans

[Copilot]

Description

Red Team scans upload results to storage at the end after all attacks complete (potentially hours). If storage is misconfigured, users waste significant time. This PR adds early storage validation and improves error messages.

Changes

Early Storage Validation

• Added test_storage_upload() in EvaluationServiceOneDPClient that validates storage connectivity before running attacks
• Uses BytesIO for efficient in-memory test data with UUID-based unique identifiers
• Integrated into RedTeam.scan() workflow immediately after MLFlow run initialization
• Provides visual feedback: "🔍 Validating storage account connectivity..." → "✅ Success" / "❌ Failed"
• Fails fast if storage is inaccessible, stopping the scan immediately

Enhanced Error Messages

• Updated upload() in utils.py to include storage account name and actionable troubleshooting steps:
  • Verify storage account exists and is accessible
  • Check credentials have Storage Blob Data Contributor role
  • Ensure network/firewall rules allow access
• Categorized as SYSTEM_ERROR (connectivity issues may be user config or system failures)

Test Coverage

• Added test_storage_validation.py with unit tests covering success/failure scenarios for both OneDP and non-OneDP projects

Impact

• Time savings: Storage issues detected in seconds instead of after hours of attack execution
• Better UX: Clear error messages with specific resolution steps
• No breaking changes: Existing functionality unaffected

All SDK Contribution checklist:

• The pull request does not introduce [breaking changes]
• CHANGELOG is updated for new features, bug fixes or other significant changes.
• I have read the contribution guidelines.

General Guidelines and Best Practices

• Title of the pull request is clear and informative.
• There are a small number of commits, each of which have an informative message. This means that previously merged commits do not appear in the history of the PR. For more information on cleaning up the commits in your PR, see this page.

Testing Guidelines

• Pull request includes test coverage for the included changes.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• pypi.org
  • Triggering command: /home/REDACTED/work/azure-sdk-for-python/azure-sdk-for-python/.venv/bin/python python -m pip install --quiet pylint (dns block)
  • Triggering command: /home/REDACTED/work/azure-sdk-for-python/azure-sdk-for-python/.venv/bin/python /home/REDACTED/work/azure-sdk-for-python/azure-sdk-for-python/.venv/bin/python -m pip download --progress-bar off --disable-pip-version-check --only-binary=:all: --no-deps --python-version 3.9 -d /home/REDACTED/.local/share/virtualenv/wheel/house setuptools==77.0.3 (dns block)
  • Triggering command: /home/REDACTED/work/azure-sdk-for-python/azure-sdk-for-python/.venv/bin/python /home/REDACTED/work/azure-sdk-for-python/azure-sdk-for-python/.venv/bin/python -m pip download --progress-bar off --disable-pip-version-check --only-binary=:all: --no-deps --python-version 3.9 -d /home/REDACTED/.local/share/virtualenv/wheel/house pip==24.0 (dns block)
• pypi.python.org
  • Triggering command: /home/REDACTED/work/azure-sdk-for-python/azure-sdk-for-python/.venv/bin/python /home/REDACTED/work/azure-sdk-for-python/azure-sdk-for-python/.venv/bin/python -m pip download --progress-bar off --disable-pip-version-check --only-binary=:all: --no-deps --python-version 3.9 -d /home/REDACTED/.local/share/virtualenv/wheel/house setuptools==77.0.3 (dns block)
  • Triggering command: /home/REDACTED/work/azure-sdk-for-python/azure-sdk-for-python/.venv/bin/python /home/REDACTED/work/azure-sdk-for-python/azure-sdk-for-python/.venv/bin/python -m pip download --progress-bar off --disable-pip-version-check --only-binary=:all: --no-deps --python-version 3.9 -d /home/REDACTED/.local/share/virtualenv/wheel/house pip==24.0 (dns block)
• scanning-api.github.com
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

Update storage account -related error messaging

In red team, with the upload happening at the end, its bad user experience as the user had waited patiently for everything to complete.

We need to ensure these 2 things:

show error message to user when the upload fails
maybe try uploading something in the beginning and stop the process if upload fails?

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[Copilot]

Pull request overview

This PR adds early storage validation for Red Team scans to detect misconfigured storage before running attacks (which can take hours), and improves error messages when storage upload fails. The implementation adds a test_storage_upload() method that validates connectivity using a minimal in-memory test upload, integrated into the Red Team scan workflow right after MLFlow run initialization with visual feedback.

Key Changes:

• Added early storage connectivity validation that fails fast before running attacks
• Enhanced error messages with storage account names and actionable troubleshooting steps
• Implemented test coverage for both OneDP and non-OneDP project scenarios

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
azure/ai/evaluation/_common/evaluation_onedp_client.py	Adds test_storage_upload() method that validates storage connectivity using BytesIO for in-memory test data
azure/ai/evaluation/red_team/_mlflow_integration.py	Adds test_storage_upload() wrapper that delegates to OneDP client for validation or skips for non-OneDP projects
azure/ai/evaluation/red_team/_red_team.py	Integrates storage validation into scan workflow with visual feedback after MLFlow initialization
azure/ai/evaluation/_common/utils.py	Enhances error messages in upload() to include storage account name and troubleshooting guidance
tests/unittests/test_redteam/test_storage_validation.py	Adds comprehensive unit tests for storage validation success/failure scenarios