_msal_managed_identity

jiasli · jiasli · commit b755074a48de · 2024-06-28T18:22:04.000+08:00
diff --git a/src/azure-cli-core/azure/cli/core/_profile.py b/src/azure-cli-core/azure/cli/core/_profile.py
@@ -217,7 +217,7 @@ def login(self,
 
     def login_with_managed_identity(self, identity_id=None, allow_no_subscriptions=None):
         identity_type = None
-        if _on_azure_arc():
+        if _msal_managed_identity():
             identity_type = MsiAccountTypes.system_assigned
             from .auth.msal_authentication import ManagedIdentityCredential
             cred = ManagedIdentityCredential()
@@ -372,7 +372,7 @@ def get_login_credentials(self, resource=None, client_id=None, subscription_id=N
                                      resource=resource)
         else:
             # managed identity
-            if _on_azure_arc():
+            if _msal_managed_identity():
                 from .auth.msal_authentication import ManagedIdentityCredential
                 cred = ManagedIdentityCredential()
             else:
@@ -402,7 +402,7 @@ def get_raw_token(self, resource=None, scopes=None, subscription=None, tenant=No
             if tenant:
                 raise CLIError("Tenant shouldn't be specified for managed identity account")
             from .auth.util import scopes_to_resource
-            if _on_azure_arc():
+            if _msal_managed_identity():
                 from .auth.msal_authentication import ManagedIdentityCredential
                 cred = ManagedIdentityCredential()
             else:
@@ -917,5 +917,9 @@ def _create_identity_instance(cli_ctx, *args, **kwargs):
                     instance_discovery=instance_discovery, **kwargs)
 
 
-def _on_azure_arc():
-    return "IDENTITY_ENDPOINT" in os.environ and "IMDS_ENDPOINT" in os.environ
+def _msal_managed_identity():
+    # Azure Arc
+    if "IDENTITY_ENDPOINT" in os.environ and "IMDS_ENDPOINT" in os.environ:
+        logger.debug("Azure Arc detected")
+        return True
+    return False
diff --git a/src/azure-cli-core/azure/cli/core/auth/msal_authentication.py b/src/azure-cli-core/azure/cli/core/auth/msal_authentication.py
@@ -142,7 +142,11 @@ def get_token(self, *scopes, **kwargs):
 
 
 class ManagedIdentityCredential:  # pylint: disable=too-few-public-methods
-    """Currently, only Azure Arc's system-assigned managed identity is supported.
+    """Managed identity credential implementing get_token interface.
+
+    It uses MSAL internally.
+
+    Currently, only Azure Arc's system-assigned managed identity is supported.
     """
 
     def __init__(self):
