Skip to content

Commit 99d842e

Browse files
jiaslijiasli
committed
mi
1 parent 58285f3 commit 99d842e

File tree

2 files changed

+23
-27
lines changed

2 files changed

+23
-27
lines changed

src/azure-cli-core/azure/cli/core/_profile.py

Lines changed: 13 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -220,13 +220,9 @@ def login(self,
220220
self._set_subscriptions(consolidated)
221221
return deepcopy(consolidated)
222222

223-
def login_with_managed_identity(self, client_id=None, object_id=None, resource_id=None,
224-
allow_no_subscriptions=None):
225-
if _use_msal_managed_identity(self.cli_ctx):
226-
return self.login_with_managed_identity_msal(
227-
client_id=client_id, object_id=object_id, resource_id=resource_id,
228-
allow_no_subscriptions=allow_no_subscriptions)
229-
223+
def login_with_managed_identity_msrestazure(self, client_id=None, object_id=None, resource_id=None,
224+
allow_no_subscriptions=None):
225+
# Old way of using msrestazure for managed identity
230226
import jwt
231227
from azure.cli.core.auth.adal_authentication import MSIAuthenticationWrapper
232228
resource = self.cli_ctx.cloud.endpoints.active_directory_resource_id
@@ -274,8 +270,13 @@ def login_with_managed_identity(self, client_id=None, object_id=None, resource_i
274270
self._set_subscriptions(consolidated)
275271
return deepcopy(consolidated)
276272

277-
def login_with_managed_identity_msal(self, client_id=None, object_id=None, resource_id=None,
278-
allow_no_subscriptions=None):
273+
def login_with_managed_identity(self, client_id=None, object_id=None, resource_id=None,
274+
allow_no_subscriptions=None):
275+
if not _use_msal_managed_identity(self.cli_ctx):
276+
return self.login_with_managed_identity_msrestazure(
277+
client_id=client_id, object_id=object_id, resource_id=resource_id,
278+
allow_no_subscriptions=allow_no_subscriptions)
279+
279280
import jwt
280281
from .auth.constants import ACCESS_TOKEN
281282

@@ -986,10 +987,8 @@ def _create_identity_instance(cli_ctx, authority, tenant_id=None, client_id=None
986987

987988

988989
def _use_msal_managed_identity(cli_ctx):
989-
# This indicates an Azure Arc-enabled server
990-
from msal.managed_identity import get_managed_identity_source, AZURE_ARC
991990
from azure.cli.core.telemetry import set_use_msal_managed_identity
992-
# PREVIEW: Use core.use_msal_managed_identity=true to enable managed identity authentication with MSAL
993-
use_msal_managed_identity = cli_ctx.config.getboolean('core', 'use_msal_managed_identity', fallback=False)
991+
# Use core.use_msal_managed_identity=false to use the old msrestazure implementation
992+
use_msal_managed_identity = cli_ctx.config.getboolean('core', 'use_msal_managed_identity', fallback=True)
994993
set_use_msal_managed_identity(use_msal_managed_identity)
995-
return use_msal_managed_identity or get_managed_identity_source() == AZURE_ARC
994+
return use_msal_managed_identity

src/azure-cli-core/azure/cli/core/tests/test_profile.py

Lines changed: 10 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -536,6 +536,7 @@ def test_login_in_cloud_shell(self, cloud_shell_credential_mock, create_subscrip
536536

537537
@mock.patch('requests.get', autospec=True)
538538
@mock.patch('azure.cli.core._profile.SubscriptionFinder._create_subscription_client', autospec=True)
539+
@mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'false'})
539540
def test_login_with_mi_system_assigned(self, create_subscription_client_mock, mock_get):
540541
mock_subscription_client = mock.MagicMock()
541542
mock_subscription_client.subscriptions.list.return_value = [deepcopy(self.subscription1_raw)]
@@ -569,6 +570,7 @@ def test_login_with_mi_system_assigned(self, create_subscription_client_mock, mo
569570

570571
@mock.patch('requests.get', autospec=True)
571572
@mock.patch('azure.cli.core._profile.SubscriptionFinder._create_subscription_client', autospec=True)
573+
@mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'false'})
572574
def test_login_with_mi_no_subscriptions(self, create_subscription_client_mock, mock_get):
573575
mock_subscription_client = mock.MagicMock()
574576
mock_subscription_client.subscriptions.list.return_value = []
@@ -604,6 +606,7 @@ def test_login_with_mi_no_subscriptions(self, create_subscription_client_mock, m
604606

605607
@mock.patch('requests.get', autospec=True)
606608
@mock.patch('azure.cli.core._profile.SubscriptionFinder._create_subscription_client', autospec=True)
609+
@mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'false'})
607610
def test_login_with_mi_user_assigned_client_id(self, create_subscription_client_mock, mock_get):
608611
mock_subscription_client = mock.MagicMock()
609612
mock_subscription_client.subscriptions.list.return_value = [deepcopy(self.subscription1_raw)]
@@ -638,6 +641,7 @@ def test_login_with_mi_user_assigned_client_id(self, create_subscription_client_
638641

639642
@mock.patch('azure.cli.core.auth.adal_authentication.MSIAuthenticationWrapper', autospec=True)
640643
@mock.patch('azure.cli.core._profile.SubscriptionFinder._create_subscription_client', autospec=True)
644+
@mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'false'})
641645
def test_login_with_mi_user_assigned_object_id(self, create_subscription_client_mock,
642646
mock_msi_auth):
643647
mock_subscription_client = mock.MagicMock()
@@ -678,6 +682,7 @@ def set_token(self):
678682

679683
@mock.patch('requests.get', autospec=True)
680684
@mock.patch('azure.cli.core._profile.SubscriptionFinder._create_subscription_client', autospec=True)
685+
@mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'false'})
681686
def test_login_with_mi_user_assigned_resource_id(self, create_subscription_client_mock,
682687
mock_get):
683688

@@ -711,7 +716,6 @@ def test_login_with_mi_user_assigned_resource_id(self, create_subscription_clien
711716

712717
@mock.patch('azure.cli.core._profile.SubscriptionFinder._create_subscription_client', autospec=True)
713718
@mock.patch('azure.cli.core.auth.msal_credentials.ManagedIdentityCredential', ManagedIdentityCredentialStub)
714-
@mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'true'})
715719
def test_login_with_mi_system_assigned_msal(self, create_subscription_client_mock):
716720
mock_subscription_client = mock.MagicMock()
717721
mock_subscription_client.subscriptions.list.return_value = [deepcopy(self.subscription1_raw)]
@@ -739,7 +743,6 @@ def test_login_with_mi_system_assigned_msal(self, create_subscription_client_moc
739743

740744
@mock.patch('azure.cli.core._profile.SubscriptionFinder._create_subscription_client', autospec=True)
741745
@mock.patch('azure.cli.core.auth.msal_credentials.ManagedIdentityCredential', ManagedIdentityCredentialStub)
742-
@mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'true'})
743746
def test_login_with_mi_system_assigned_no_subscriptions_msal(self, create_subscription_client_mock):
744747
mock_subscription_client = mock.MagicMock()
745748
mock_subscription_client.subscriptions.list.return_value = []
@@ -769,7 +772,6 @@ def test_login_with_mi_system_assigned_no_subscriptions_msal(self, create_subscr
769772

770773
@mock.patch('azure.cli.core._profile.SubscriptionFinder._create_subscription_client', autospec=True)
771774
@mock.patch('azure.cli.core.auth.msal_credentials.ManagedIdentityCredential', ManagedIdentityCredentialStub)
772-
@mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'true'})
773775
def test_login_with_mi_user_assigned_client_id_msal(self, create_subscription_client_mock):
774776
mock_subscription_client = mock.MagicMock()
775777
mock_subscription_client.subscriptions.list.return_value = [deepcopy(self.subscription1_raw)]
@@ -798,7 +800,6 @@ def test_login_with_mi_user_assigned_client_id_msal(self, create_subscription_cl
798800

799801
@mock.patch('azure.cli.core._profile.SubscriptionFinder._create_subscription_client', autospec=True)
800802
@mock.patch('azure.cli.core.auth.msal_credentials.ManagedIdentityCredential', ManagedIdentityCredentialStub)
801-
@mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'true'})
802803
def test_login_with_mi_user_assigned_object_id_msal(self, create_subscription_client_mock):
803804
mock_subscription_client = mock.MagicMock()
804805
mock_subscription_client.subscriptions.list.return_value = [deepcopy(self.subscription1_raw)]
@@ -822,7 +823,6 @@ def test_login_with_mi_user_assigned_object_id_msal(self, create_subscription_cl
822823

823824
@mock.patch('azure.cli.core._profile.SubscriptionFinder._create_subscription_client', autospec=True)
824825
@mock.patch('azure.cli.core.auth.msal_credentials.ManagedIdentityCredential', ManagedIdentityCredentialStub)
825-
@mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'true'})
826826
def test_login_with_mi_user_assigned_resource_id_msal(self, create_subscription_client_mock):
827827
mock_subscription_client = mock.MagicMock()
828828
mock_subscription_client.subscriptions.list.return_value = [deepcopy(self.subscription1_raw)]
@@ -1189,6 +1189,7 @@ def test_get_login_credentials_aux_tenants(self, get_user_credential_mock):
11891189
aux_tenants=[test_tenant_id2])
11901190

11911191
@mock.patch('azure.cli.core.auth.adal_authentication.MSIAuthenticationWrapper', MSRestAzureAuthStub)
1192+
@mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'false'})
11921193
def test_get_login_credentials_mi_system_assigned(self):
11931194
profile = Profile(cli_ctx=DummyCli(), storage={'subscriptions': None})
11941195
consolidated = profile._normalize_properties('systemAssignedIdentity',
@@ -1208,6 +1209,7 @@ def test_get_login_credentials_mi_system_assigned(self):
12081209
self.assertTrue(cred.token_read_count)
12091210

12101211
@mock.patch('azure.cli.core.auth.adal_authentication.MSIAuthenticationWrapper', MSRestAzureAuthStub)
1212+
@mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'false'})
12111213
def test_get_login_credentials_mi_user_assigned_with_client_id(self):
12121214
profile = Profile(cli_ctx=DummyCli(), storage={'subscriptions': None})
12131215
test_client_id = '12345678-38d6-4fb2-bad9-b7b93a3e8888'
@@ -1229,6 +1231,7 @@ def test_get_login_credentials_mi_user_assigned_with_client_id(self):
12291231
self.assertTrue(cred.client_id, test_client_id)
12301232

12311233
@mock.patch('azure.cli.core.auth.adal_authentication.MSIAuthenticationWrapper', MSRestAzureAuthStub)
1234+
@mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'false'})
12321235
def test_get_login_credentials_mi_user_assigned_with_object_id(self):
12331236
profile = Profile(cli_ctx=DummyCli(), storage={'subscriptions': None})
12341237
test_object_id = '12345678-38d6-4fb2-bad9-b7b93a3e9999'
@@ -1250,6 +1253,7 @@ def test_get_login_credentials_mi_user_assigned_with_object_id(self):
12501253
self.assertTrue(cred.object_id, test_object_id)
12511254

12521255
@mock.patch('azure.cli.core.auth.adal_authentication.MSIAuthenticationWrapper', MSRestAzureAuthStub)
1256+
@mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'false'})
12531257
def test_get_login_credentials_mi_user_assigned_with_res_id(self):
12541258
profile = Profile(cli_ctx=DummyCli(), storage={'subscriptions': None})
12551259
test_res_id = ('/subscriptions/{}/resourceGroups/r1/providers/Microsoft.ManagedIdentity/'
@@ -1272,7 +1276,6 @@ def test_get_login_credentials_mi_user_assigned_with_res_id(self):
12721276
self.assertTrue(cred.msi_res_id, test_res_id)
12731277

12741278
@mock.patch('azure.cli.core.auth.msal_credentials.ManagedIdentityCredential', ManagedIdentityCredentialStub)
1275-
@mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'true'})
12761279
def test_get_login_credentials_mi_system_assigned_msal(self):
12771280
profile = Profile(cli_ctx=DummyCli(), storage={'subscriptions': None})
12781281
consolidated = profile._normalize_properties('systemAssignedIdentity',
@@ -1289,7 +1292,6 @@ def test_get_login_credentials_mi_system_assigned_msal(self):
12891292
assert cred._credential.resource_id is None
12901293

12911294
@mock.patch('azure.cli.core.auth.msal_credentials.ManagedIdentityCredential', ManagedIdentityCredentialStub)
1292-
@mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'true'})
12931295
def test_get_login_credentials_mi_user_assigned_client_id_msal(self):
12941296
profile = Profile(cli_ctx=DummyCli(), storage={'subscriptions': None})
12951297
consolidated = profile._normalize_properties(
@@ -1308,7 +1310,6 @@ def test_get_login_credentials_mi_user_assigned_client_id_msal(self):
13081310
assert cred._credential.resource_id is None
13091311

13101312
@mock.patch('azure.cli.core.auth.msal_credentials.ManagedIdentityCredential', ManagedIdentityCredentialStub)
1311-
@mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'true'})
13121313
def test_get_login_credentials_mi_user_assigned_object_id_msal(self):
13131314
profile = Profile(cli_ctx=DummyCli(), storage={'subscriptions': None})
13141315
consolidated = profile._normalize_properties(
@@ -1327,7 +1328,6 @@ def test_get_login_credentials_mi_user_assigned_object_id_msal(self):
13271328
assert cred._credential.resource_id is None
13281329

13291330
@mock.patch('azure.cli.core.auth.msal_credentials.ManagedIdentityCredential', ManagedIdentityCredentialStub)
1330-
@mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'true'})
13311331
def test_get_login_credentials_mi_user_assigned_resource_id_msal(self):
13321332
profile = Profile(cli_ctx=DummyCli(), storage={'subscriptions': None})
13331333
consolidated = profile._normalize_properties(
@@ -1434,6 +1434,7 @@ def test_get_raw_token_for_sp(self, get_service_principal_credential_mock):
14341434
self.assertEqual(tenant, self.tenant_id)
14351435

14361436
@mock.patch('azure.cli.core.auth.adal_authentication.MSIAuthenticationWrapper', autospec=True)
1437+
@mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'false'})
14371438
def test_get_raw_token_mi_system_assigned(self, mock_msi_auth):
14381439
profile = Profile(cli_ctx=DummyCli(), storage={'subscriptions': None})
14391440
consolidated = profile._normalize_properties('systemAssignedIdentity',
@@ -1473,7 +1474,6 @@ def mi_auth_factory(*args, **kwargs):
14731474

14741475
@mock.patch('azure.cli.core.auth.util._now_timestamp', new=_now_timestamp_mock)
14751476
@mock.patch('azure.cli.core.auth.msal_credentials.ManagedIdentityCredential', ManagedIdentityCredentialStub)
1476-
@mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'true'})
14771477
def test_get_raw_token_mi_system_assigned_msal(self):
14781478
profile = Profile(cli_ctx=DummyCli(), storage={'subscriptions': None})
14791479
consolidated = profile._normalize_properties('systemAssignedIdentity',
@@ -1508,7 +1508,6 @@ def test_get_raw_token_mi_system_assigned_msal(self):
15081508

15091509
@mock.patch('azure.cli.core.auth.util._now_timestamp', new=_now_timestamp_mock)
15101510
@mock.patch('azure.cli.core.auth.msal_credentials.ManagedIdentityCredential', ManagedIdentityCredentialStub)
1511-
@mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'true'})
15121511
def test_get_raw_token_mi_user_assigned_client_id_msal(self):
15131512
profile = Profile(cli_ctx=DummyCli(), storage={'subscriptions': None})
15141513
consolidated = profile._normalize_properties(
@@ -1540,7 +1539,6 @@ def test_get_raw_token_mi_user_assigned_client_id_msal(self):
15401539

15411540
@mock.patch('azure.cli.core.auth.util._now_timestamp', new=_now_timestamp_mock)
15421541
@mock.patch('azure.cli.core.auth.msal_credentials.ManagedIdentityCredential', ManagedIdentityCredentialStub)
1543-
@mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'true'})
15441542
def test_get_raw_token_mi_user_assigned_object_id_msal(self):
15451543
profile = Profile(cli_ctx=DummyCli(), storage={'subscriptions': None})
15461544
consolidated = profile._normalize_properties(
@@ -1572,7 +1570,6 @@ def test_get_raw_token_mi_user_assigned_object_id_msal(self):
15721570

15731571
@mock.patch('azure.cli.core.auth.util._now_timestamp', new=_now_timestamp_mock)
15741572
@mock.patch('azure.cli.core.auth.msal_credentials.ManagedIdentityCredential', ManagedIdentityCredentialStub)
1575-
@mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'true'})
15761573
def test_get_raw_token_mi_user_assigned_resource_id_msal(self):
15771574
profile = Profile(cli_ctx=DummyCli(), storage={'subscriptions': None})
15781575
consolidated = profile._normalize_properties(

0 commit comments

Comments
 (0)