{Core} Add lightweight ARM client by jiasli · Pull Request #30103 · Azure/azure-cli

jiasli · 2024-10-16T11:39:33Z

Related command
az login

Description
Require #30105

As multi-API SDK will no longer be released, this PR introduces a lightweight ARM client and so that Azure CLI Core can decouple from SDK.

Testing Guide
az login

History Notes

[Component Name 1] BREAKING CHANGE: az command a: Make some customer-facing breaking change
[Component Name 2] az command b: Add some customer-facing feature

This checklist is used to make sure that common guidelines for a pull request are followed.

The PR title and description has followed the guideline in Submitting Pull Requests.
I adhere to the Command Guidelines.
I adhere to the Error Handling Guidelines.

azure-client-tools-bot-prd · 2024-10-16T11:39:36Z

❌AzureCLI-FullTest

️✔️acr

️✔️2020-09-01-hybrid

️✔️3.11

️✔️acs

️✔️2020-09-01-hybrid

️✔️3.11

❌core

❌2018-03-01-hybrid

❌3.11

Type Test Case Error Message Line

Failed test_default_active_subscription_to_non_disabled_one self = <azure.cli.core.tests.test_profile.TestProfile testMethod=test_default_active_subscription_to_non_disabled_one>

    def test_default_active_subscription_to_non_disabled_one(self):
        cli = DummyCli()
        storage_mock = {'subscriptions': []}
        profile = Profile(cli_ctx=cli, storage=storage_mock)

>       subscriptions = profile.normalize_properties(
            self.user2, [self.subscription2, self.subscription1], False)

src/azure-cli-core/azure/cli/core/tests/test_profile.py:882:
                                       _

self = <azure.cli.core._profile.Profile object at 0x7f86bcff6ed0>
user = 'bar@bar.com'
subscriptions = [<azure.cli.core.tests.test_profile.SubscriptionStub object at 0x7f86bcb34f10>, <azure.cli.core.tests.test_profile.SubscriptionStub object at 0x7f86bcb34a90>]
is_service_principal = False, cert_sn_issuer_auth = None
user_assigned_identity_id = None

    def _normalize_properties(self, user, subscriptions, is_service_principal, cert_sn_issuer_auth=None,
                              user_assigned_identity_id=None):
        consolidated = []
        for s in subscriptions:
            subscription_dict = {
>               _SUBSCRIPTION_ID: s[_ID].rpartition('/')[2],
                _SUBSCRIPTION_NAME: s[_DISPLAY_NAME],
                _STATE: s[_STATE],
                _USER_ENTITY: {
                    _USER_NAME: user,
                    _USER_TYPE: _SERVICE_PRINCIPAL if is_service_principal else _USER
                },
                _IS_DEFAULT_SUBSCRIPTION: False,
                _TENANT_ID: s[_TENANT_ID],
                _ENVIRONMENT_NAME: self.cli_ctx.cloud.name
            }
E           TypeError: 'SubscriptionStub' object is not subscriptable

src/azure-cli-core/azure/cli/core/_profile.py:449: TypeError src/azure-cli-core/azure/cli/core/tests/test_profile.py:876

Failed test_find_subscriptions_in_vm_with_msi_no_subscriptions self = <azure.cli.core.tests.test_profile.TestProfile testMethod=test_find_subscriptions_in_vm_with_msi_no_subscriptions>
create_subscription_client_mock = <function create_subscription_client at 0x7f86bcb25580>
mock_get = <function get at 0x7f86bcb25b20>

    @mock.patch('requests.get', autospec=True)
    @mock.patch('azure.cli.core.profile.SubscriptionFinder.create_subscription_client', autospec=True)
    def test_find_subscriptions_in_vm_with_msi_no_subscriptions(self, create_subscription_client_mock, mock_get):
        mock_subscription_client = mock.MagicMock()
        mock_subscription_client.subscriptions.list.return_value = []
        create_subscription_client_mock.return_value = mock_subscription_client

        cli = DummyCli()
        storage_mock = {'subscriptions': None}
        profile = Profile(cli_ctx=cli, storage=storage_mock)

        test_token_entry = {
            'token_type': 'Bearer',
            'access_token': TestProfile.test_msi_access_token
        }
        encoded_test_token = json.dumps(test_token_entry).encode()
        good_response = mock.MagicMock()
        good_response.status_code = 200
        good_response.content = encoded_test_token
        mock_get.return_value = good_response

>       subscriptions = profile.login_with_managed_identity(allow_no_subscriptions=True)

src/azure-cli-core/azure/cli/core/tests/test_profile.py:556:

src/azure-cli-core/azure/cli/core/profile.py:284: in login_with_managed_identity
    consolidated = self.normalize_properties(user, subscriptions, is_service_principal=True,
                                       _

self = <azure.cli.core._profile.Profile object at 0x7f86be5f8190>
user = 'systemAssignedIdentity'
subscriptions = [<azure.mgmt.resource.subscriptions.v2016_06_01.models._models_py3.Subscription object at 0x7f86be5b0950>]
is_service_principal = True, cert_sn_issuer_auth = None
user_assigned_identity_id = 'MSI'

    def _normalize_properties(self, user, subscriptions, is_service_principal, cert_sn_issuer_auth=None,
                              user_assigned_identity_id=None):
        consolidated = []
        for s in subscriptions:
            subscription_dict = {
>               _SUBSCRIPTION_ID: s[_ID].rpartition('/')[2],
                _SUBSCRIPTION_NAME: s[_DISPLAY_NAME],
                _STATE: s[_STATE],
                _USER_ENTITY: {
                    _USER_NAME: user,
                    _USER_TYPE: _SERVICE_PRINCIPAL if is_service_principal else _USER
                },
                _IS_DEFAULT_SUBSCRIPTION: False,
                _TENANT_ID: s[_TENANT_ID],
                _ENVIRONMENT_NAME: self.cli_ctx.cloud.name
            }
E           TypeError: 'Subscription' object is not subscriptable

src/azure-cli-core/azure/cli/core/_profile.py:449: TypeError src/azure-cli-core/azure/cli/core/tests/test_profile.py:534

Failed test_find_subscriptions_in_vm_with_msi_system_assigned self = <azure.cli.core.tests.test_profile.TestProfile testMethod=test_find_subscriptions_in_vm_with_msi_system_assigned>
create_subscription_client_mock = <function create_subscription_client at 0x7f86bcb25620>
mock_get = <function get at 0x7f86bcb25bc0>

    @mock.patch('requests.get', autospec=True)
    @mock.patch('azure.cli.core.profile.SubscriptionFinder.create_subscription_client', autospec=True)
    def test_find_subscriptions_in_vm_with_msi_system_assigned(self, create_subscription_client_mock, mock_get):
        mock_subscription_client = mock.MagicMock()
        mock_subscription_client.subscriptions.list.return_value = [deepcopy(self.subscription1_raw)]
        create_subscription_client_mock.return_value = mock_subscription_client

        cli = DummyCli()
        storage_mock = {'subscriptions': None}
        profile = Profile(cli_ctx=cli, storage=storage_mock)

        test_token_entry = {
            'token_type': 'Bearer',
            'access_token': TestProfile.test_msi_access_token
        }
        encoded_test_token = json.dumps(test_token_entry).encode()
        good_response = mock.MagicMock()
        good_response.status_code = 200
        good_response.content = encoded_test_token
        mock_get.return_value = good_response

>       subscriptions = profile.login_with_managed_identity()

src/azure-cli-core/azure/cli/core/tests/test_profile.py:523:
                                       _

self = <azure.cli.core._profile.Profile object at 0x7f86be5d9590>
identity_id = None, allow_no_subscriptions = None

    def login_with_managed_identity(self, identity_id=None, allow_no_subscriptions=None):
        import jwt
        from azure.mgmt.core.tools import is_valid_resource_id
        from azure.cli.core.auth.adal_authentication import MSIAuthenticationWrapper
        resource = self.cli_ctx.cloud.endpoints.active_directory_resource_id

        if identity_id:
            if is_valid_resource_id(identity_id):
                msi_creds = MSIAuthenticationWrapper(resource=resource, msi_res_id=identity_id)
                identity_type = MsiAccountTypes.user_assigned_resource_id
            else:
                authenticated = False
                from azure.cli.core.azclierror import AzureResponseError
                try:
                    msi_creds = MSIAuthenticationWrapper(resource=resource, client_id=identity_id)
                    identity_type = MsiAccountTypes.user_assigned_client_id
                    authenticated = True
                except AzureResponseError as ex:
                    if 'http error: 400, reason: Bad Request' in ex.error_msg:
                        logger.info('Sniff: not an MSI client id')
                    else:
                        raise

                if not authenticated:
                    try:
                        identity_type = MsiAccountTypes.user_assigned_object_id
                        msi_creds = MSIAuthenticationWrapper(resource=resource, object_id=identity_id)
                        authenticated = True
                    except AzureResponseError as ex:
                        if 'http error: 400, reason: Bad Request' in ex.error_msg:
                            logger.info('Sniff: not an MSI object id')
                        else:
                            raise

                if not authenticated:
                    raise CLIError('Failed to connect to MSI, check your managed service identity id.')

        else:
            identity_type = MsiAccountTypes.system_assigned
            msi_creds = MSIAuthenticationWrapper(resource=resource)

        token_entry = msi_creds.token
        token = token_entry['access_token']
        logger.info('MSI: token was retrieved. Now trying to initialize local accounts...')
        decode = jwt.decode(token, algorithms=['RS256'], options={"verify_signature": False})
        tenant = decode['tid']

        subscription_finder = SubscriptionFinder(self.cli_ctx)
        subscriptions = subscription_finder.find_using_specific_tenant(tenant, msi_creds)
        base_name = ('{}-{}'.format(identity_type, identity_id) if identity_id else identity_type)
        user = _USER_ASSIGNED_IDENTITY if identity_id else _SYSTEM_ASSIGNED_IDENTITY
        if not subscriptions:
            if allow_no_subscriptions:
                subscriptions = self._build_tenant_level_accounts([tenant])
            else:
>               raise CLIError('No access was configured for the VM, hence no subscriptions were found. '
                               "If this is expected, use '--allow-no-subscriptions' to have tenant level access.")
E               knack.util.CLIError: No access was configured for the VM, hence no subscriptions were found. If this is expected, use '--allow-no-subscriptions' to have tenant level access.

src/azure-cli-core/azure/cli/core/_profile.py:281: CLIError src/azure-cli-core/azure/cli/core/tests/test_profile.py:501

Failed test_find_subscriptions_in_vm_with_msi_user_assigned_with_client_id self = <azure.cli.core.tests.test_profile.TestProfile testMethod=test_find_subscriptions_in_vm_with_msi_user_assigned_with_client_id>
create_subscription_client_mock = <function create_subscription_client at 0x7f86bcb256c0>
mock_get = <function get at 0x7f86bcb25c60>

    @mock.patch('requests.get', autospec=True)
    @mock.patch('azure.cli.core.profile.SubscriptionFinder.create_subscription_client', autospec=True)
    def test_find_subscriptions_in_vm_with_msi_user_assigned_with_client_id(self, create_subscription_client_mock, mock_get):
        mock_subscription_client = mock.MagicMock()
        mock_subscription_client.subscriptions.list.return_value = [deepcopy(self.subscription1_raw)]
        create_subscription_client_mock.return_value = mock_subscription_client

        cli = DummyCli()
        storage_mock = {'subscriptions': None}
        profile = Profile(cli_ctx=cli, storage=storage_mock)

        test_token_entry = {
            'token_type': 'Bearer',
            'access_token': TestProfile.test_msi_access_token
        }
        test_client_id = '54826b22-38d6-4fb2-bad9-b7b93a3e9999'
        encoded_test_token = json.dumps(test_token_entry).encode()
        good_response = mock.MagicMock()
        good_response.status_code = 200
        good_response.content = encoded_test_token
        mock_get.return_value = good_response

>       subscriptions = profile.login_with_managed_identity(identity_id=test_client_id)

src/azure-cli-core/azure/cli/core/tests/test_profile.py:592:
                                       _

self = <azure.cli.core._profile.Profile object at 0x7f86be5d9410>
identity_id = '54826b22-38d6-4fb2-bad9-b7b93a3e9999'
allow_no_subscriptions = None

    def login_with_managed_identity(self, identity_id=None, allow_no_subscriptions=None):
        import jwt
        from azure.mgmt.core.tools import is_valid_resource_id
        from azure.cli.core.auth.adal_authentication import MSIAuthenticationWrapper
        resource = self.cli_ctx.cloud.endpoints.active_directory_resource_id

        if identity_id:
            if is_valid_resource_id(identity_id):
                msi_creds = MSIAuthenticationWrapper(resource=resource, msi_res_id=identity_id)
                identity_type = MsiAccountTypes.user_assigned_resource_id
            else:
                authenticated = False
                from azure.cli.core.azclierror import AzureResponseError
                try:
                    msi_creds = MSIAuthenticationWrapper(resource=resource, client_id=identity_id)
                    identity_type = MsiAccountTypes.user_assigned_client_id
                    authenticated = True
                except AzureResponseError as ex:
                    if 'http error: 400, reason: Bad Request' in ex.error_msg:
                        logger.info('Sniff: not an MSI client id')
                    else:
                        raise

                if not authenticated:
                    try:
                        identity_type = MsiAccountTypes.user_assigned_object_id
                        msi_creds = MSIAuthenticationWrapper(resource=resource, object_id=identity_id)
                        authenticated = True
                    except AzureResponseError as ex:
                        if 'http error: 400, reason: Bad Request' in ex.error_msg:
                            logger.info('Sniff: not an MSI object id')
                        else:
                            raise

                if not authenticated:
                    raise CLIError('Failed to connect to MSI, check your managed service identity id.')

        else:
            identity_type = MsiAccountTypes.system_assigned
            msi_creds = MSIAuthenticationWrapper(resource=resource)

        token_entry = msi_creds.token
        token = token_entry['access_token']
        logger.info('MSI: token was retrieved. Now trying to initialize local accounts...')
        decode = jwt.decode(token, algorithms=['RS256'], options={"verify_signature": False})
        tenant = decode['tid']

        subscription_finder = SubscriptionFinder(self.cli_ctx)
        subscriptions = subscription_finder.find_using_specific_tenant(tenant, msi_creds)
        base_name = ('{}-{}'.format(identity_type, identity_id) if identity_id else identity_type)
        user = _USER_ASSIGNED_IDENTITY if identity_id else _SYSTEM_ASSIGNED_IDENTITY
        if not subscriptions:
            if allow_no_subscriptions:
                subscriptions = self._build_tenant_level_accounts([tenant])
            else:
>               raise CLIError('No access was configured for the VM, hence no subscriptions were found. '
                               "If this is expected, use '--allow-no-subscriptions' to have tenant level access.")
E               knack.util.CLIError: No access was configured for the VM, hence no subscriptions were found. If this is expected, use '--allow-no-subscriptions' to have tenant level access.

src/azure-cli-core/azure/cli/core/_profile.py:281: CLIError src/azure-cli-core/azure/cli/core/tests/test_profile.py:569

Failed test_find_subscriptions_in_vm_with_msi_user_assigned_with_object_id self = <azure.cli.core.tests.test_profile.TestProfile testMethod=test_find_subscriptions_in_vm_with_msi_user_assigned_with_object_id>
create_subscription_client_mock = <function create_subscription_client at 0x7f86bcb25760>
mock_msi_auth = <MagicMock name='MSIAuthenticationWrapper' spec='MSIAuthenticationWrapper' id='140216670346064'>

    @mock.patch('azure.cli.core.auth.adal_authentication.MSIAuthenticationWrapper', autospec=True)
    @mock.patch('azure.cli.core.profile.SubscriptionFinder.create_subscription_client', autospec=True)
    def test_find_subscriptions_in_vm_with_msi_user_assigned_with_object_id(self, create_subscription_client_mock,
                                                                            mock_msi_auth):
        mock_subscription_client = mock.MagicMock()
        mock_subscription_client.subscriptions.list.return_value = [deepcopy(self.subscription1_raw)]
        create_subscription_client_mock.return_value = mock_subscription_client

        from azure.cli.core.azclierror import AzureResponseError
        class AuthStub:
            def init(self, **kwargs):
                self.token = None
                self.client_id = kwargs.get('client_id')
                self.object_id = kwargs.get('object_id')
                # since msrestazure 0.4.34, set_token in init
                self.set_token()

            def set_token(self):
                # here we will reject the 1st sniffing of trying with client_id and then acccept the 2nd
                if self.object_id:
                    self.token = {
                        'token_type': 'Bearer',
                        'access_token': TestProfile.test_msi_access_token
                    }
                else:
                    raise AzureResponseError('Failed to connect to MSI. Please make sure MSI is configured correctly.\n'
                                             'Get Token request returned http error: 400, reason: Bad Request')

        profile = Profile(cli_ctx=DummyCli(), storage={'subscriptions': None})

        mock_msi_auth.side_effect = AuthStub
        test_object_id = '54826b22-38d6-4fb2-bad9-b7b93a3e9999'

>       subscriptions = profile.login_with_managed_identity(identity_id=test_object_id)

src/azure-cli-core/azure/cli/core/tests/test_profile.py:637:
                                       _

self = <azure.cli.core._profile.Profile object at 0x7f86bcff6ed0>
identity_id = '54826b22-38d6-4fb2-bad9-b7b93a3e9999'
allow_no_subscriptions = None

    def login_with_managed_identity(self, identity_id=None, allow_no_subscriptions=None):
        import jwt
        from azure.mgmt.core.tools import is_valid_resource_id
        from azure.cli.core.auth.adal_authentication import MSIAuthenticationWrapper
        resource = self.cli_ctx.cloud.endpoints.active_directory_resource_id

        if identity_id:
            if is_valid_resource_id(identity_id):
                msi_creds = MSIAuthenticationWrapper(resource=resource, msi_res_id=identity_id)
                identity_type = MsiAccountTypes.user_assigned_resource_id
            else:
                authenticated = False
                from azure.cli.core.azclierror import AzureResponseError
                try:
                    msi_creds = MSIAuthenticationWrapper(resource=resource, client_id=identity_id)
                    identity_type = MsiAccountTypes.user_assigned_client_id
                    authenticated = True
                except AzureResponseError as ex:
                    if 'http error: 400, reason: Bad Request' in ex.error_msg:
                        logger.info('Sniff: not an MSI client id')
                    else:
                        raise

                if not authenticated:
                    try:
                        identity_type = MsiAccountTypes.user_assigned_object_id
                        msi_creds = MSIAuthenticationWrapper(resource=resource, object_id=identity_id)
                        authenticated = True
                    except AzureResponseError as ex:
                        if 'http error: 400, reason: Bad Request' in ex.error_msg:
                            logger.info('Sniff: not an MSI object id')
                        else:
                            raise

                if not authenticated:
                    raise CLIError('Failed to connect to MSI, check your managed service identity id.')

        else:
            identity_type = MsiAccountTypes.system_assigned
            msi_creds = MSIAuthenticationWrapper(resource=resource)

        token_entry = msi_creds.token
        token = token_entry['access_token']
        logger.info('MSI: token was retrieved. Now trying to initialize local accounts...')
        decode = jwt.decode(token, algorithms=['RS256'], options={"verify_signature": False})
        tenant = decode['tid']

        subscription_finder = SubscriptionFinder(self.cli_ctx)
        subscriptions = subscription_finder.find_using_specific_tenant(tenant, msi_creds)
        base_name = ('{}-{}'.format(identity_type, identity_id) if identity_id else identity_type)
        user = _USER_ASSIGNED_IDENTITY if identity_id else _SYSTEM_ASSIGNED_IDENTITY
        if not subscriptions:
            if allow_no_subscriptions:
                subscriptions = self._build_tenant_level_accounts([tenant])
            else:
>               raise CLIError('No access was configured for the VM, hence no subscriptions were found. '
                               "If this is expected, use '--allow-no-subscriptions' to have tenant level access.")
E               knack.util.CLIError: No access was configured for the VM, hence no subscriptions were found. If this is expected, use '--allow-no-subscriptions' to have tenant level access.

src/azure-cli-core/azure/cli/core/_profile.py:281: CLIError src/azure-cli-core/azure/cli/core/tests/test_profile.py:603

Failed test_find_subscriptions_in_vm_with_msi_user_assigned_with_res_id self = <azure.cli.core.tests.test_profile.TestProfile testMethod=test_find_subscriptions_in_vm_with_msi_user_assigned_with_res_id>
create_subscription_client_mock = <function create_subscription_client at 0x7f86bcb25800>
mock_get = <function get at 0x7f86bcb25da0>

    @mock.patch('requests.get', autospec=True)
    @mock.patch('azure.cli.core.profile.SubscriptionFinder.create_subscription_client', autospec=True)
    def test_find_subscriptions_in_vm_with_msi_user_assigned_with_res_id(self, create_subscription_client_mock,
                                                                         mock_get):

        mock_subscription_client = mock.MagicMock()
        mock_subscription_client.subscriptions.list.return_value = [deepcopy(self.subscription1_raw)]
        create_subscription_client_mock.return_value = mock_subscription_client

        cli = DummyCli()
        storage_mock = {'subscriptions': None}
        profile = Profile(cli_ctx=cli, storage=storage_mock)

        test_token_entry = {
            'token_type': 'Bearer',
            'access_token': TestProfile.test_msi_access_token
        }
        test_res_id = ('/subscriptions/0b1f6471-1bf0-4dda-aec3-cb9272f09590/resourcegroups/g1/'
                       'providers/Microsoft.ManagedIdentity/userAssignedIdentities/id1')

        encoded_test_token = json.dumps(test_token_entry).encode()
        good_response = mock.MagicMock()
        good_response.status_code = 200
        good_response.content = encoded_test_token
        mock_get.return_value = good_response

>       subscriptions = profile.login_with_managed_identity(identity_id=test_res_id)

src/azure-cli-core/azure/cli/core/tests/test_profile.py:670:
                                       _

self = <azure.cli.core._profile.Profile object at 0x7f86be5fbf50>
identity_id = '/subscriptions/0b1f6471-1bf0-4dda-aec3-cb9272f09590/resourcegroups/g1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id1'
allow_no_subscriptions = None

    def login_with_managed_identity(self, identity_id=None, allow_no_subscriptions=None):
        import jwt
        from azure.mgmt.core.tools import is_valid_resource_id
        from azure.cli.core.auth.adal_authentication import MSIAuthenticationWrapper
        resource = self.cli_ctx.cloud.endpoints.active_directory_resource_id

        if identity_id:
            if is_valid_resource_id(identity_id):
                msi_creds = MSIAuthenticationWrapper(resource=resource, msi_res_id=identity_id)
                identity_type = MsiAccountTypes.user_assigned_resource_id
            else:
                authenticated = False
                from azure.cli.core.azclierror import AzureResponseError
                try:
                    msi_creds = MSIAuthenticationWrapper(resource=resource, client_id=identity_id)
                    identity_type = MsiAccountTypes.user_assigned_client_id
                    authenticated = True
                except AzureResponseError as ex:
                    if 'http error: 400, reason: Bad Request' in ex.error_msg:
                        logger.info('Sniff: not an MSI client id')
                    else:
                        raise

                if not authenticated:
                    try:
                        identity_type = MsiAccountTypes.user_assigned_object_id
                        msi_creds = MSIAuthenticationWrapper(resource=resource, object_id=identity_id)
                        authenticated = True
                    except AzureResponseError as ex:
                        if 'http error: 400, reason: Bad Request' in ex.error_msg:
                            logger.info('Sniff: not an MSI object id')
                        else:
                            raise

                if not authenticated:
                    raise CLIError('Failed to connect to MSI, check your managed service identity id.')

        else:
            identity_type = MsiAccountTypes.system_assigned
            msi_creds = MSIAuthenticationWrapper(resource=resource)

        token_entry = msi_creds.token
        token = token_entry['access_token']
        logger.info('MSI: token was retrieved. Now trying to initialize local accounts...')
        decode = jwt.decode(token, algorithms=['RS256'], options={"verify_signature": False})
        tenant = decode['tid']

        subscription_finder = SubscriptionFinder(self.cli_ctx)
        subscriptions = subscription_finder.find_using_specific_tenant(tenant, msi_creds)
        base_name = ('{}-{}'.format(identity_type, identity_id) if identity_id else identity_type)
        user = _USER_ASSIGNED_IDENTITY if identity_id else _SYSTEM_ASSIGNED_IDENTITY
        if not subscriptions:
            if allow_no_subscriptions:
                subscriptions = self._build_tenant_level_accounts([tenant])
            else:
>               raise CLIError('No access was configured for the VM, hence no subscriptions were found. '
                               "If this is expected, use '--allow-no-subscriptions' to have tenant level access.")
E               knack.util.CLIError: No access was configured for the VM, hence no subscriptions were found. If this is expected, use '--allow-no-subscriptions' to have tenant level access.

src/azure-cli-core/azure/cli/core/_profile.py:281: CLIError src/azure-cli-core/azure/cli/core/tests/test_profile.py:643

Failed test_get_auth_info_for_newly_created_service_principal The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1472

Failed test_get_current_account_user The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:918

Failed test_get_login_credentials The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:931

Failed test_get_login_credentials_aux_subscriptions The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:955

Failed test_get_login_credentials_aux_tenants The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:984

Failed test_get_login_credentials_msi_system_assigned The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1020

Failed test_get_login_credentials_msi_user_assigned_with_client_id The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1044

Failed test_get_login_credentials_msi_user_assigned_with_object_id The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1067

Failed test_get_login_credentials_msi_user_assigned_with_res_id The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1091

Failed test_get_raw_token The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1115

Failed test_get_raw_token_for_sp The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1162

Failed test_get_raw_token_in_cloud_console The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1246

Failed test_get_raw_token_msi_system_assigned The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1202

Failed test_get_subscription The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:890

Failed test_login_common_tenant_mfa_warning The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1429

Failed test_login_fallback_to_device_code_github_codespaces The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:374

Failed test_login_fallback_to_device_code_no_browser The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:352

Failed test_login_in_cloud_shell The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:474

Failed test_login_no_subscription The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:676

Failed test_login_with_auth_code The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:308

Failed test_login_with_auth_code_adfs The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:723

Failed test_login_with_device_code The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:331

Failed test_login_with_device_code_for_tenant The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:400

Failed test_login_with_service_principal The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:441

Failed test_login_with_username_password_for_tenant The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:421

Failed test_logout The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1293

Failed test_logout_all The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1314

Failed test_normalize The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:757

Failed test_normalize_v2016_06_01 The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:767

Failed test_refresh_accounts_one_user_account The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1339

Failed test_refresh_accounts_one_user_account_one_sp_account The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1371

Failed test_refresh_accounts_with_nothing The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1409

Failed test_set_active_subscription The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:855

Failed test_subscription_finder_constructor The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:909

Failed test_update_add_two_different_subscriptions The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:798

Failed test_update_with_same_subscription_added_twice The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:832

Failed test_attach_token_tenant_v2016_06_01 The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1550

Failed test_attach_token_tenant_v2022_12_01 The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1557

Failed test_transform_subscription_for_multiapi The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1565

❌3.9

Type Test Case Error Message Line

Failed test_default_active_subscription_to_non_disabled_one self = <azure.cli.core.tests.test_profile.TestProfile testMethod=test_default_active_subscription_to_non_disabled_one>

    def test_default_active_subscription_to_non_disabled_one(self):
        cli = DummyCli()
        storage_mock = {'subscriptions': []}
        profile = Profile(cli_ctx=cli, storage=storage_mock)

>       subscriptions = profile.normalize_properties(
            self.user2, [self.subscription2, self.subscription1], False)

src/azure-cli-core/azure/cli/core/tests/test_profile.py:882:
                                       _

self = <azure.cli.core._profile.Profile object at 0x7f026a8499a0>
user = 'bar@bar.com'
subscriptions = [<azure.cli.core.tests.test_profile.SubscriptionStub object at 0x7f026a83bfa0>, <azure.cli.core.tests.test_profile.SubscriptionStub object at 0x7f026a83be50>]
is_service_principal = False, cert_sn_issuer_auth = None
user_assigned_identity_id = None

    def _normalize_properties(self, user, subscriptions, is_service_principal, cert_sn_issuer_auth=None,
                              user_assigned_identity_id=None):
        consolidated = []
        for s in subscriptions:
            subscription_dict = {
>               _SUBSCRIPTION_ID: s[_ID].rpartition('/')[2],
                _SUBSCRIPTION_NAME: s[_DISPLAY_NAME],
                _STATE: s[_STATE],
                _USER_ENTITY: {
                    _USER_NAME: user,
                    _USER_TYPE: _SERVICE_PRINCIPAL if is_service_principal else _USER
                },
                _IS_DEFAULT_SUBSCRIPTION: False,
                _TENANT_ID: s[_TENANT_ID],
                _ENVIRONMENT_NAME: self.cli_ctx.cloud.name
            }
E           TypeError: 'SubscriptionStub' object is not subscriptable

src/azure-cli-core/azure/cli/core/_profile.py:449: TypeError src/azure-cli-core/azure/cli/core/tests/test_profile.py:876

Failed test_find_subscriptions_in_vm_with_msi_no_subscriptions self = <azure.cli.core.tests.test_profile.TestProfile testMethod=test_find_subscriptions_in_vm_with_msi_no_subscriptions>
create_subscription_client_mock = <function create_subscription_client at 0x7f026a832f70>
mock_get = <function get at 0x7f026a8595e0>

    @mock.patch('requests.get', autospec=True)
    @mock.patch('azure.cli.core.profile.SubscriptionFinder.create_subscription_client', autospec=True)
    def test_find_subscriptions_in_vm_with_msi_no_subscriptions(self, create_subscription_client_mock, mock_get):
        mock_subscription_client = mock.MagicMock()
        mock_subscription_client.subscriptions.list.return_value = []
        create_subscription_client_mock.return_value = mock_subscription_client

        cli = DummyCli()
        storage_mock = {'subscriptions': None}
        profile = Profile(cli_ctx=cli, storage=storage_mock)

        test_token_entry = {
            'token_type': 'Bearer',
            'access_token': TestProfile.test_msi_access_token
        }
        encoded_test_token = json.dumps(test_token_entry).encode()
        good_response = mock.MagicMock()
        good_response.status_code = 200
        good_response.content = encoded_test_token
        mock_get.return_value = good_response

>       subscriptions = profile.login_with_managed_identity(allow_no_subscriptions=True)

src/azure-cli-core/azure/cli/core/tests/test_profile.py:556:

src/azure-cli-core/azure/cli/core/profile.py:284: in login_with_managed_identity
    consolidated = self.normalize_properties(user, subscriptions, is_service_principal=True,
                                       _

self = <azure.cli.core._profile.Profile object at 0x7f026a7ee4c0>
user = 'systemAssignedIdentity'
subscriptions = [<azure.mgmt.resource.subscriptions.v2016_06_01.models._models_py3.Subscription object at 0x7f026a75c6d0>]
is_service_principal = True, cert_sn_issuer_auth = None
user_assigned_identity_id = 'MSI'

    def _normalize_properties(self, user, subscriptions, is_service_principal, cert_sn_issuer_auth=None,
                              user_assigned_identity_id=None):
        consolidated = []
        for s in subscriptions:
            subscription_dict = {
>               _SUBSCRIPTION_ID: s[_ID].rpartition('/')[2],
                _SUBSCRIPTION_NAME: s[_DISPLAY_NAME],
                _STATE: s[_STATE],
                _USER_ENTITY: {
                    _USER_NAME: user,
                    _USER_TYPE: _SERVICE_PRINCIPAL if is_service_principal else _USER
                },
                _IS_DEFAULT_SUBSCRIPTION: False,
                _TENANT_ID: s[_TENANT_ID],
                _ENVIRONMENT_NAME: self.cli_ctx.cloud.name
            }
E           TypeError: 'Subscription' object is not subscriptable

src/azure-cli-core/azure/cli/core/_profile.py:449: TypeError src/azure-cli-core/azure/cli/core/tests/test_profile.py:534

Failed test_find_subscriptions_in_vm_with_msi_system_assigned self = <azure.cli.core.tests.test_profile.TestProfile testMethod=test_find_subscriptions_in_vm_with_msi_system_assigned>
create_subscription_client_mock = <function create_subscription_client at 0x7f026a85a040>
mock_get = <function get at 0x7f026a85a670>

    @mock.patch('requests.get', autospec=True)
    @mock.patch('azure.cli.core.profile.SubscriptionFinder.create_subscription_client', autospec=True)
    def test_find_subscriptions_in_vm_with_msi_system_assigned(self, create_subscription_client_mock, mock_get):
        mock_subscription_client = mock.MagicMock()
        mock_subscription_client.subscriptions.list.return_value = [deepcopy(self.subscription1_raw)]
        create_subscription_client_mock.return_value = mock_subscription_client

        cli = DummyCli()
        storage_mock = {'subscriptions': None}
        profile = Profile(cli_ctx=cli, storage=storage_mock)

        test_token_entry = {
            'token_type': 'Bearer',
            'access_token': TestProfile.test_msi_access_token
        }
        encoded_test_token = json.dumps(test_token_entry).encode()
        good_response = mock.MagicMock()
        good_response.status_code = 200
        good_response.content = encoded_test_token
        mock_get.return_value = good_response

>       subscriptions = profile.login_with_managed_identity()

src/azure-cli-core/azure/cli/core/tests/test_profile.py:523:
                                       _

self = <azure.cli.core._profile.Profile object at 0x7f026a7ef730>
identity_id = None, allow_no_subscriptions = None

    def login_with_managed_identity(self, identity_id=None, allow_no_subscriptions=None):
        import jwt
        from azure.mgmt.core.tools import is_valid_resource_id
        from azure.cli.core.auth.adal_authentication import MSIAuthenticationWrapper
        resource = self.cli_ctx.cloud.endpoints.active_directory_resource_id

        if identity_id:
            if is_valid_resource_id(identity_id):
                msi_creds = MSIAuthenticationWrapper(resource=resource, msi_res_id=identity_id)
                identity_type = MsiAccountTypes.user_assigned_resource_id
            else:
                authenticated = False
                from azure.cli.core.azclierror import AzureResponseError
                try:
                    msi_creds = MSIAuthenticationWrapper(resource=resource, client_id=identity_id)
                    identity_type = MsiAccountTypes.user_assigned_client_id
                    authenticated = True
                except AzureResponseError as ex:
                    if 'http error: 400, reason: Bad Request' in ex.error_msg:
                        logger.info('Sniff: not an MSI client id')
                    else:
                        raise

                if not authenticated:
                    try:
                        identity_type = MsiAccountTypes.user_assigned_object_id
                        msi_creds = MSIAuthenticationWrapper(resource=resource, object_id=identity_id)
                        authenticated = True
                    except AzureResponseError as ex:
                        if 'http error: 400, reason: Bad Request' in ex.error_msg:
                            logger.info('Sniff: not an MSI object id')
                        else:
                            raise

                if not authenticated:
                    raise CLIError('Failed to connect to MSI, check your managed service identity id.')

        else:
            identity_type = MsiAccountTypes.system_assigned
            msi_creds = MSIAuthenticationWrapper(resource=resource)

        token_entry = msi_creds.token
        token = token_entry['access_token']
        logger.info('MSI: token was retrieved. Now trying to initialize local accounts...')
        decode = jwt.decode(token, algorithms=['RS256'], options={"verify_signature": False})
        tenant = decode['tid']

        subscription_finder = SubscriptionFinder(self.cli_ctx)
        subscriptions = subscription_finder.find_using_specific_tenant(tenant, msi_creds)
        base_name = ('{}-{}'.format(identity_type, identity_id) if identity_id else identity_type)
        user = _USER_ASSIGNED_IDENTITY if identity_id else _SYSTEM_ASSIGNED_IDENTITY
        if not subscriptions:
            if allow_no_subscriptions:
                subscriptions = self._build_tenant_level_accounts([tenant])
            else:
>               raise CLIError('No access was configured for the VM, hence no subscriptions were found. '
                               "If this is expected, use '--allow-no-subscriptions' to have tenant level access.")
E               knack.util.CLIError: No access was configured for the VM, hence no subscriptions were found. If this is expected, use '--allow-no-subscriptions' to have tenant level access.

src/azure-cli-core/azure/cli/core/_profile.py:281: CLIError src/azure-cli-core/azure/cli/core/tests/test_profile.py:501

Failed test_find_subscriptions_in_vm_with_msi_user_assigned_with_client_id self = <azure.cli.core.tests.test_profile.TestProfile testMethod=test_find_subscriptions_in_vm_with_msi_user_assigned_with_client_id>
create_subscription_client_mock = <function create_subscription_client at 0x7f026a8450d0>
mock_get = <function get at 0x7f026a845700>

    @mock.patch('requests.get', autospec=True)
    @mock.patch('azure.cli.core.profile.SubscriptionFinder.create_subscription_client', autospec=True)
    def test_find_subscriptions_in_vm_with_msi_user_assigned_with_client_id(self, create_subscription_client_mock, mock_get):
        mock_subscription_client = mock.MagicMock()
        mock_subscription_client.subscriptions.list.return_value = [deepcopy(self.subscription1_raw)]
        create_subscription_client_mock.return_value = mock_subscription_client

        cli = DummyCli()
        storage_mock = {'subscriptions': None}
        profile = Profile(cli_ctx=cli, storage=storage_mock)

        test_token_entry = {
            'token_type': 'Bearer',
            'access_token': TestProfile.test_msi_access_token
        }
        test_client_id = '54826b22-38d6-4fb2-bad9-b7b93a3e9999'
        encoded_test_token = json.dumps(test_token_entry).encode()
        good_response = mock.MagicMock()
        good_response.status_code = 200
        good_response.content = encoded_test_token
        mock_get.return_value = good_response

>       subscriptions = profile.login_with_managed_identity(identity_id=test_client_id)

src/azure-cli-core/azure/cli/core/tests/test_profile.py:592:
                                       _

self = <azure.cli.core._profile.Profile object at 0x7f026a7ef850>
identity_id = '54826b22-38d6-4fb2-bad9-b7b93a3e9999'
allow_no_subscriptions = None

    def login_with_managed_identity(self, identity_id=None, allow_no_subscriptions=None):
        import jwt
        from azure.mgmt.core.tools import is_valid_resource_id
        from azure.cli.core.auth.adal_authentication import MSIAuthenticationWrapper
        resource = self.cli_ctx.cloud.endpoints.active_directory_resource_id

        if identity_id:
            if is_valid_resource_id(identity_id):
                msi_creds = MSIAuthenticationWrapper(resource=resource, msi_res_id=identity_id)
                identity_type = MsiAccountTypes.user_assigned_resource_id
            else:
                authenticated = False
                from azure.cli.core.azclierror import AzureResponseError
                try:
                    msi_creds = MSIAuthenticationWrapper(resource=resource, client_id=identity_id)
                    identity_type = MsiAccountTypes.user_assigned_client_id
                    authenticated = True
                except AzureResponseError as ex:
                    if 'http error: 400, reason: Bad Request' in ex.error_msg:
                        logger.info('Sniff: not an MSI client id')
                    else:
                        raise

                if not authenticated:
                    try:
                        identity_type = MsiAccountTypes.user_assigned_object_id
                        msi_creds = MSIAuthenticationWrapper(resource=resource, object_id=identity_id)
                        authenticated = True
                    except AzureResponseError as ex:
                        if 'http error: 400, reason: Bad Request' in ex.error_msg:
                            logger.info('Sniff: not an MSI object id')
                        else:
                            raise

                if not authenticated:
                    raise CLIError('Failed to connect to MSI, check your managed service identity id.')

        else:
            identity_type = MsiAccountTypes.system_assigned
            msi_creds = MSIAuthenticationWrapper(resource=resource)

        token_entry = msi_creds.token
        token = token_entry['access_token']
        logger.info('MSI: token was retrieved. Now trying to initialize local accounts...')
        decode = jwt.decode(token, algorithms=['RS256'], options={"verify_signature": False})
        tenant = decode['tid']

        subscription_finder = SubscriptionFinder(self.cli_ctx)
        subscriptions = subscription_finder.find_using_specific_tenant(tenant, msi_creds)
        base_name = ('{}-{}'.format(identity_type, identity_id) if identity_id else identity_type)
        user = _USER_ASSIGNED_IDENTITY if identity_id else _SYSTEM_ASSIGNED_IDENTITY
        if not subscriptions:
            if allow_no_subscriptions:
                subscriptions = self._build_tenant_level_accounts([tenant])
            else:
>               raise CLIError('No access was configured for the VM, hence no subscriptions were found. '
                               "If this is expected, use '--allow-no-subscriptions' to have tenant level access.")
E               knack.util.CLIError: No access was configured for the VM, hence no subscriptions were found. If this is expected, use '--allow-no-subscriptions' to have tenant level access.

src/azure-cli-core/azure/cli/core/_profile.py:281: CLIError src/azure-cli-core/azure/cli/core/tests/test_profile.py:569

Failed test_find_subscriptions_in_vm_with_msi_user_assigned_with_object_id self = <azure.cli.core.tests.test_profile.TestProfile testMethod=test_find_subscriptions_in_vm_with_msi_user_assigned_with_object_id>
create_subscription_client_mock = <function create_subscription_client at 0x7f026a843160>
mock_msi_auth = <MagicMock name='MSIAuthenticationWrapper' spec='MSIAuthenticationWrapper' id='139648353807472'>

    @mock.patch('azure.cli.core.auth.adal_authentication.MSIAuthenticationWrapper', autospec=True)
    @mock.patch('azure.cli.core.profile.SubscriptionFinder.create_subscription_client', autospec=True)
    def test_find_subscriptions_in_vm_with_msi_user_assigned_with_object_id(self, create_subscription_client_mock,
                                                                            mock_msi_auth):
        mock_subscription_client = mock.MagicMock()
        mock_subscription_client.subscriptions.list.return_value = [deepcopy(self.subscription1_raw)]
        create_subscription_client_mock.return_value = mock_subscription_client

        from azure.cli.core.azclierror import AzureResponseError
        class AuthStub:
            def init(self, **kwargs):
                self.token = None
                self.client_id = kwargs.get('client_id')
                self.object_id = kwargs.get('object_id')
                # since msrestazure 0.4.34, set_token in init
                self.set_token()

            def set_token(self):
                # here we will reject the 1st sniffing of trying with client_id and then acccept the 2nd
                if self.object_id:
                    self.token = {
                        'token_type': 'Bearer',
                        'access_token': TestProfile.test_msi_access_token
                    }
                else:
                    raise AzureResponseError('Failed to connect to MSI. Please make sure MSI is configured correctly.\n'
                                             'Get Token request returned http error: 400, reason: Bad Request')

        profile = Profile(cli_ctx=DummyCli(), storage={'subscriptions': None})

        mock_msi_auth.side_effect = AuthStub
        test_object_id = '54826b22-38d6-4fb2-bad9-b7b93a3e9999'

>       subscriptions = profile.login_with_managed_identity(identity_id=test_object_id)

src/azure-cli-core/azure/cli/core/tests/test_profile.py:637:
                                       _

self = <azure.cli.core._profile.Profile object at 0x7f026a765af0>
identity_id = '54826b22-38d6-4fb2-bad9-b7b93a3e9999'
allow_no_subscriptions = None

    def login_with_managed_identity(self, identity_id=None, allow_no_subscriptions=None):
        import jwt
        from azure.mgmt.core.tools import is_valid_resource_id
        from azure.cli.core.auth.adal_authentication import MSIAuthenticationWrapper
        resource = self.cli_ctx.cloud.endpoints.active_directory_resource_id

        if identity_id:
            if is_valid_resource_id(identity_id):
                msi_creds = MSIAuthenticationWrapper(resource=resource, msi_res_id=identity_id)
                identity_type = MsiAccountTypes.user_assigned_resource_id
            else:
                authenticated = False
                from azure.cli.core.azclierror import AzureResponseError
                try:
                    msi_creds = MSIAuthenticationWrapper(resource=resource, client_id=identity_id)
                    identity_type = MsiAccountTypes.user_assigned_client_id
                    authenticated = True
                except AzureResponseError as ex:
                    if 'http error: 400, reason: Bad Request' in ex.error_msg:
                        logger.info('Sniff: not an MSI client id')
                    else:
                        raise

                if not authenticated:
                    try:
                        identity_type = MsiAccountTypes.user_assigned_object_id
                        msi_creds = MSIAuthenticationWrapper(resource=resource, object_id=identity_id)
                        authenticated = True
                    except AzureResponseError as ex:
                        if 'http error: 400, reason: Bad Request' in ex.error_msg:
                            logger.info('Sniff: not an MSI object id')
                        else:
                            raise

                if not authenticated:
                    raise CLIError('Failed to connect to MSI, check your managed service identity id.')

        else:
            identity_type = MsiAccountTypes.system_assigned
            msi_creds = MSIAuthenticationWrapper(resource=resource)

        token_entry = msi_creds.token
        token = token_entry['access_token']
        logger.info('MSI: token was retrieved. Now trying to initialize local accounts...')
        decode = jwt.decode(token, algorithms=['RS256'], options={"verify_signature": False})
        tenant = decode['tid']

        subscription_finder = SubscriptionFinder(self.cli_ctx)
        subscriptions = subscription_finder.find_using_specific_tenant(tenant, msi_creds)
        base_name = ('{}-{}'.format(identity_type, identity_id) if identity_id else identity_type)
        user = _USER_ASSIGNED_IDENTITY if identity_id else _SYSTEM_ASSIGNED_IDENTITY
        if not subscriptions:
            if allow_no_subscriptions:
                subscriptions = self._build_tenant_level_accounts([tenant])
            else:
>               raise CLIError('No access was configured for the VM, hence no subscriptions were found. '
                               "If this is expected, use '--allow-no-subscriptions' to have tenant level access.")
E               knack.util.CLIError: No access was configured for the VM, hence no subscriptions were found. If this is expected, use '--allow-no-subscriptions' to have tenant level access.

src/azure-cli-core/azure/cli/core/_profile.py:281: CLIError src/azure-cli-core/azure/cli/core/tests/test_profile.py:603

Failed test_find_subscriptions_in_vm_with_msi_user_assigned_with_res_id self = <azure.cli.core.tests.test_profile.TestProfile testMethod=test_find_subscriptions_in_vm_with_msi_user_assigned_with_res_id>
create_subscription_client_mock = <function create_subscription_client at 0x7f026a8441f0>
mock_get = <function get at 0x7f026a844820>

    @mock.patch('requests.get', autospec=True)
    @mock.patch('azure.cli.core.profile.SubscriptionFinder.create_subscription_client', autospec=True)
    def test_find_subscriptions_in_vm_with_msi_user_assigned_with_res_id(self, create_subscription_client_mock,
                                                                         mock_get):

        mock_subscription_client = mock.MagicMock()
        mock_subscription_client.subscriptions.list.return_value = [deepcopy(self.subscription1_raw)]
        create_subscription_client_mock.return_value = mock_subscription_client

        cli = DummyCli()
        storage_mock = {'subscriptions': None}
        profile = Profile(cli_ctx=cli, storage=storage_mock)

        test_token_entry = {
            'token_type': 'Bearer',
            'access_token': TestProfile.test_msi_access_token
        }
        test_res_id = ('/subscriptions/0b1f6471-1bf0-4dda-aec3-cb9272f09590/resourcegroups/g1/'
                       'providers/Microsoft.ManagedIdentity/userAssignedIdentities/id1')

        encoded_test_token = json.dumps(test_token_entry).encode()
        good_response = mock.MagicMock()
        good_response.status_code = 200
        good_response.content = encoded_test_token
        mock_get.return_value = good_response

>       subscriptions = profile.login_with_managed_identity(identity_id=test_res_id)

src/azure-cli-core/azure/cli/core/tests/test_profile.py:670:
                                       _

self = <azure.cli.core._profile.Profile object at 0x7f026a7f1a90>
identity_id = '/subscriptions/0b1f6471-1bf0-4dda-aec3-cb9272f09590/resourcegroups/g1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id1'
allow_no_subscriptions = None

    def login_with_managed_identity(self, identity_id=None, allow_no_subscriptions=None):
        import jwt
        from azure.mgmt.core.tools import is_valid_resource_id
        from azure.cli.core.auth.adal_authentication import MSIAuthenticationWrapper
        resource = self.cli_ctx.cloud.endpoints.active_directory_resource_id

        if identity_id:
            if is_valid_resource_id(identity_id):
                msi_creds = MSIAuthenticationWrapper(resource=resource, msi_res_id=identity_id)
                identity_type = MsiAccountTypes.user_assigned_resource_id
            else:
                authenticated = False
                from azure.cli.core.azclierror import AzureResponseError
                try:
                    msi_creds = MSIAuthenticationWrapper(resource=resource, client_id=identity_id)
                    identity_type = MsiAccountTypes.user_assigned_client_id
                    authenticated = True
                except AzureResponseError as ex:
                    if 'http error: 400, reason: Bad Request' in ex.error_msg:
                        logger.info('Sniff: not an MSI client id')
                    else:
                        raise

                if not authenticated:
                    try:
                        identity_type = MsiAccountTypes.user_assigned_object_id
                        msi_creds = MSIAuthenticationWrapper(resource=resource, object_id=identity_id)
                        authenticated = True
                    except AzureResponseError as ex:
                        if 'http error: 400, reason: Bad Request' in ex.error_msg:
                            logger.info('Sniff: not an MSI object id')
                        else:
                            raise

                if not authenticated:
                    raise CLIError('Failed to connect to MSI, check your managed service identity id.')

        else:
            identity_type = MsiAccountTypes.system_assigned
            msi_creds = MSIAuthenticationWrapper(resource=resource)

        token_entry = msi_creds.token
        token = token_entry['access_token']
        logger.info('MSI: token was retrieved. Now trying to initialize local accounts...')
        decode = jwt.decode(token, algorithms=['RS256'], options={"verify_signature": False})
        tenant = decode['tid']

        subscription_finder = SubscriptionFinder(self.cli_ctx)
        subscriptions = subscription_finder.find_using_specific_tenant(tenant, msi_creds)
        base_name = ('{}-{}'.format(identity_type, identity_id) if identity_id else identity_type)
        user = _USER_ASSIGNED_IDENTITY if identity_id else _SYSTEM_ASSIGNED_IDENTITY
        if not subscriptions:
            if allow_no_subscriptions:
                subscriptions = self._build_tenant_level_accounts([tenant])
            else:
>               raise CLIError('No access was configured for the VM, hence no subscriptions were found. '
                               "If this is expected, use '--allow-no-subscriptions' to have tenant level access.")
E               knack.util.CLIError: No access was configured for the VM, hence no subscriptions were found. If this is expected, use '--allow-no-subscriptions' to have tenant level access.

src/azure-cli-core/azure/cli/core/_profile.py:281: CLIError src/azure-cli-core/azure/cli/core/tests/test_profile.py:643

Failed test_get_auth_info_for_newly_created_service_principal The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1472

Failed test_get_current_account_user The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:918

Failed test_get_login_credentials The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:931

Failed test_get_login_credentials_aux_subscriptions The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:955

Failed test_get_login_credentials_aux_tenants The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:984

Failed test_get_login_credentials_msi_system_assigned The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1020

Failed test_get_login_credentials_msi_user_assigned_with_client_id The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1044

Failed test_get_login_credentials_msi_user_assigned_with_object_id The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1067

Failed test_get_login_credentials_msi_user_assigned_with_res_id The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1091

Failed test_get_raw_token The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1115

Failed test_get_raw_token_for_sp The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1162

Failed test_get_raw_token_in_cloud_console The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1246

Failed test_get_raw_token_msi_system_assigned The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1202

Failed test_get_subscription The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:890

Failed test_login_common_tenant_mfa_warning The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1429

Failed test_login_fallback_to_device_code_github_codespaces The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:374

Failed test_login_fallback_to_device_code_no_browser The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:352

Failed test_login_in_cloud_shell The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:474

Failed test_login_no_subscription The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:676

Failed test_login_with_auth_code The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:308

Failed test_login_with_auth_code_adfs The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:723

Failed test_login_with_device_code The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:331

Failed test_login_with_device_code_for_tenant The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:400

Failed test_login_with_service_principal The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:441

Failed test_login_with_username_password_for_tenant The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:421

Failed test_logout The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1293

Failed test_logout_all The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1314

Failed test_normalize The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:757

Failed test_normalize_v2016_06_01 The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:767

Failed test_refresh_accounts_one_user_account The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1339

Failed test_refresh_accounts_one_user_account_one_sp_account The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1371

Failed test_refresh_accounts_with_nothing The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1409

Failed test_set_active_subscription The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:855

Failed test_subscription_finder_constructor The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:909

Failed test_update_add_two_different_subscriptions The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:798

Failed test_update_with_same_subscription_added_twice The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:832

Failed test_attach_token_tenant_v2016_06_01 The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1550

Failed test_attach_token_tenant_v2022_12_01 The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1557

Failed test_transform_subscription_for_multiapi The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1565

❌2020-09-01-hybrid

❌3.11

Type Test Case Error Message Line

Failed test_default_active_subscription_to_non_disabled_one self = <azure.cli.core.tests.test_profile.TestProfile testMethod=test_default_active_subscription_to_non_disabled_one>

    def test_default_active_subscription_to_non_disabled_one(self):
        cli = DummyCli()
        storage_mock = {'subscriptions': []}
        profile = Profile(cli_ctx=cli, storage=storage_mock)

>       subscriptions = profile.normalize_properties(
            self.user2, [self.subscription2, self.subscription1], False)

src/azure-cli-core/azure/cli/core/tests/test_profile.py:882:
                                       _

self = <azure.cli.core._profile.Profile object at 0x7fd807d6af50>
user = 'bar@bar.com'
subscriptions = [<azure.cli.core.tests.test_profile.SubscriptionStub object at 0x7fd80776bf10>, <azure.cli.core.tests.test_profile.SubscriptionStub object at 0x7fd8062c1b10>]
is_service_principal = False, cert_sn_issuer_auth = None
user_assigned_identity_id = None

    def _normalize_properties(self, user, subscriptions, is_service_principal, cert_sn_issuer_auth=None,
                              user_assigned_identity_id=None):
        consolidated = []
        for s in subscriptions:
            subscription_dict = {
>               _SUBSCRIPTION_ID: s[_ID].rpartition('/')[2],
                _SUBSCRIPTION_NAME: s[_DISPLAY_NAME],
                _STATE: s[_STATE],
                _USER_ENTITY: {
                    _USER_NAME: user,
                    _USER_TYPE: _SERVICE_PRINCIPAL if is_service_principal else _USER
                },
                _IS_DEFAULT_SUBSCRIPTION: False,
                _TENANT_ID: s[_TENANT_ID],
                _ENVIRONMENT_NAME: self.cli_ctx.cloud.name
            }
E           TypeError: 'SubscriptionStub' object is not subscriptable

src/azure-cli-core/azure/cli/core/_profile.py:449: TypeError src/azure-cli-core/azure/cli/core/tests/test_profile.py:876

Failed test_find_subscriptions_in_vm_with_msi_no_subscriptions self = <azure.cli.core.tests.test_profile.TestProfile testMethod=test_find_subscriptions_in_vm_with_msi_no_subscriptions>
create_subscription_client_mock = <function create_subscription_client at 0x7fd8062c4040>
mock_get = <function get at 0x7fd8062c4680>

    @mock.patch('requests.get', autospec=True)
    @mock.patch('azure.cli.core.profile.SubscriptionFinder.create_subscription_client', autospec=True)
    def test_find_subscriptions_in_vm_with_msi_no_subscriptions(self, create_subscription_client_mock, mock_get):
        mock_subscription_client = mock.MagicMock()
        mock_subscription_client.subscriptions.list.return_value = []
        create_subscription_client_mock.return_value = mock_subscription_client

        cli = DummyCli()
        storage_mock = {'subscriptions': None}
        profile = Profile(cli_ctx=cli, storage=storage_mock)

        test_token_entry = {
            'token_type': 'Bearer',
            'access_token': TestProfile.test_msi_access_token
        }
        encoded_test_token = json.dumps(test_token_entry).encode()
        good_response = mock.MagicMock()
        good_response.status_code = 200
        good_response.content = encoded_test_token
        mock_get.return_value = good_response

>       subscriptions = profile.login_with_managed_identity(allow_no_subscriptions=True)

src/azure-cli-core/azure/cli/core/tests/test_profile.py:556:

src/azure-cli-core/azure/cli/core/profile.py:284: in login_with_managed_identity
    consolidated = self.normalize_properties(user, subscriptions, is_service_principal=True,
                                       _

self = <azure.cli.core._profile.Profile object at 0x7fd807d811d0>
user = 'systemAssignedIdentity'
subscriptions = [<azure.mgmt.resource.subscriptions.v2016_06_01.models._models_py3.Subscription object at 0x7fd806470910>]
is_service_principal = True, cert_sn_issuer_auth = None
user_assigned_identity_id = 'MSI'

    def _normalize_properties(self, user, subscriptions, is_service_principal, cert_sn_issuer_auth=None,
                              user_assigned_identity_id=None):
        consolidated = []
        for s in subscriptions:
            subscription_dict = {
>               _SUBSCRIPTION_ID: s[_ID].rpartition('/')[2],
                _SUBSCRIPTION_NAME: s[_DISPLAY_NAME],
                _STATE: s[_STATE],
                _USER_ENTITY: {
                    _USER_NAME: user,
                    _USER_TYPE: _SERVICE_PRINCIPAL if is_service_principal else _USER
                },
                _IS_DEFAULT_SUBSCRIPTION: False,
                _TENANT_ID: s[_TENANT_ID],
                _ENVIRONMENT_NAME: self.cli_ctx.cloud.name
            }
E           TypeError: 'Subscription' object is not subscriptable

src/azure-cli-core/azure/cli/core/_profile.py:449: TypeError src/azure-cli-core/azure/cli/core/tests/test_profile.py:534

Failed test_find_subscriptions_in_vm_with_msi_system_assigned self = <azure.cli.core.tests.test_profile.TestProfile testMethod=test_find_subscriptions_in_vm_with_msi_system_assigned>
create_subscription_client_mock = <function create_subscription_client at 0x7fd8062cc180>
mock_get = <function get at 0x7fd8062cc720>

    @mock.patch('requests.get', autospec=True)
    @mock.patch('azure.cli.core.profile.SubscriptionFinder.create_subscription_client', autospec=True)
    def test_find_subscriptions_in_vm_with_msi_system_assigned(self, create_subscription_client_mock, mock_get):
        mock_subscription_client = mock.MagicMock()
        mock_subscription_client.subscriptions.list.return_value = [deepcopy(self.subscription1_raw)]
        create_subscription_client_mock.return_value = mock_subscription_client

        cli = DummyCli()
        storage_mock = {'subscriptions': None}
        profile = Profile(cli_ctx=cli, storage=storage_mock)

        test_token_entry = {
            'token_type': 'Bearer',
            'access_token': TestProfile.test_msi_access_token
        }
        encoded_test_token = json.dumps(test_token_entry).encode()
        good_response = mock.MagicMock()
        good_response.status_code = 200
        good_response.content = encoded_test_token
        mock_get.return_value = good_response

>       subscriptions = profile.login_with_managed_identity()

src/azure-cli-core/azure/cli/core/tests/test_profile.py:523:
                                       _

self = <azure.cli.core._profile.Profile object at 0x7fd807d81450>
identity_id = None, allow_no_subscriptions = None

    def login_with_managed_identity(self, identity_id=None, allow_no_subscriptions=None):
        import jwt
        from azure.mgmt.core.tools import is_valid_resource_id
        from azure.cli.core.auth.adal_authentication import MSIAuthenticationWrapper
        resource = self.cli_ctx.cloud.endpoints.active_directory_resource_id

        if identity_id:
            if is_valid_resource_id(identity_id):
                msi_creds = MSIAuthenticationWrapper(resource=resource, msi_res_id=identity_id)
                identity_type = MsiAccountTypes.user_assigned_resource_id
            else:
                authenticated = False
                from azure.cli.core.azclierror import AzureResponseError
                try:
                    msi_creds = MSIAuthenticationWrapper(resource=resource, client_id=identity_id)
                    identity_type = MsiAccountTypes.user_assigned_client_id
                    authenticated = True
                except AzureResponseError as ex:
                    if 'http error: 400, reason: Bad Request' in ex.error_msg:
                        logger.info('Sniff: not an MSI client id')
                    else:
                        raise

                if not authenticated:
                    try:
                        identity_type = MsiAccountTypes.user_assigned_object_id
                        msi_creds = MSIAuthenticationWrapper(resource=resource, object_id=identity_id)
                        authenticated = True
                    except AzureResponseError as ex:
                        if 'http error: 400, reason: Bad Request' in ex.error_msg:
                            logger.info('Sniff: not an MSI object id')
                        else:
                            raise

                if not authenticated:
                    raise CLIError('Failed to connect to MSI, check your managed service identity id.')

        else:
            identity_type = MsiAccountTypes.system_assigned
            msi_creds = MSIAuthenticationWrapper(resource=resource)

        token_entry = msi_creds.token
        token = token_entry['access_token']
        logger.info('MSI: token was retrieved. Now trying to initialize local accounts...')
        decode = jwt.decode(token, algorithms=['RS256'], options={"verify_signature": False})
        tenant = decode['tid']

        subscription_finder = SubscriptionFinder(self.cli_ctx)
        subscriptions = subscription_finder.find_using_specific_tenant(tenant, msi_creds)
        base_name = ('{}-{}'.format(identity_type, identity_id) if identity_id else identity_type)
        user = _USER_ASSIGNED_IDENTITY if identity_id else _SYSTEM_ASSIGNED_IDENTITY
        if not subscriptions:
            if allow_no_subscriptions:
                subscriptions = self._build_tenant_level_accounts([tenant])
            else:
>               raise CLIError('No access was configured for the VM, hence no subscriptions were found. '
                               "If this is expected, use '--allow-no-subscriptions' to have tenant level access.")
E               knack.util.CLIError: No access was configured for the VM, hence no subscriptions were found. If this is expected, use '--allow-no-subscriptions' to have tenant level access.

src/azure-cli-core/azure/cli/core/_profile.py:281: CLIError src/azure-cli-core/azure/cli/core/tests/test_profile.py:501

Failed test_find_subscriptions_in_vm_with_msi_user_assigned_with_client_id self = <azure.cli.core.tests.test_profile.TestProfile testMethod=test_find_subscriptions_in_vm_with_msi_user_assigned_with_client_id>
create_subscription_client_mock = <function create_subscription_client at 0x7fd8062cc220>
mock_get = <function get at 0x7fd8062cc7c0>

    @mock.patch('requests.get', autospec=True)
    @mock.patch('azure.cli.core.profile.SubscriptionFinder.create_subscription_client', autospec=True)
    def test_find_subscriptions_in_vm_with_msi_user_assigned_with_client_id(self, create_subscription_client_mock, mock_get):
        mock_subscription_client = mock.MagicMock()
        mock_subscription_client.subscriptions.list.return_value = [deepcopy(self.subscription1_raw)]
        create_subscription_client_mock.return_value = mock_subscription_client

        cli = DummyCli()
        storage_mock = {'subscriptions': None}
        profile = Profile(cli_ctx=cli, storage=storage_mock)

        test_token_entry = {
            'token_type': 'Bearer',
            'access_token': TestProfile.test_msi_access_token
        }
        test_client_id = '54826b22-38d6-4fb2-bad9-b7b93a3e9999'
        encoded_test_token = json.dumps(test_token_entry).encode()
        good_response = mock.MagicMock()
        good_response.status_code = 200
        good_response.content = encoded_test_token
        mock_get.return_value = good_response

>       subscriptions = profile.login_with_managed_identity(identity_id=test_client_id)

src/azure-cli-core/azure/cli/core/tests/test_profile.py:592:
                                       _

self = <azure.cli.core._profile.Profile object at 0x7fd807d81450>
identity_id = '54826b22-38d6-4fb2-bad9-b7b93a3e9999'
allow_no_subscriptions = None

    def login_with_managed_identity(self, identity_id=None, allow_no_subscriptions=None):
        import jwt
        from azure.mgmt.core.tools import is_valid_resource_id
        from azure.cli.core.auth.adal_authentication import MSIAuthenticationWrapper
        resource = self.cli_ctx.cloud.endpoints.active_directory_resource_id

        if identity_id:
            if is_valid_resource_id(identity_id):
                msi_creds = MSIAuthenticationWrapper(resource=resource, msi_res_id=identity_id)
                identity_type = MsiAccountTypes.user_assigned_resource_id
            else:
                authenticated = False
                from azure.cli.core.azclierror import AzureResponseError
                try:
                    msi_creds = MSIAuthenticationWrapper(resource=resource, client_id=identity_id)
                    identity_type = MsiAccountTypes.user_assigned_client_id
                    authenticated = True
                except AzureResponseError as ex:
                    if 'http error: 400, reason: Bad Request' in ex.error_msg:
                        logger.info('Sniff: not an MSI client id')
                    else:
                        raise

                if not authenticated:
                    try:
                        identity_type = MsiAccountTypes.user_assigned_object_id
                        msi_creds = MSIAuthenticationWrapper(resource=resource, object_id=identity_id)
                        authenticated = True
                    except AzureResponseError as ex:
                        if 'http error: 400, reason: Bad Request' in ex.error_msg:
                            logger.info('Sniff: not an MSI object id')
                        else:
                            raise

                if not authenticated:
                    raise CLIError('Failed to connect to MSI, check your managed service identity id.')

        else:
            identity_type = MsiAccountTypes.system_assigned
            msi_creds = MSIAuthenticationWrapper(resource=resource)

        token_entry = msi_creds.token
        token = token_entry['access_token']
        logger.info('MSI: token was retrieved. Now trying to initialize local accounts...')
        decode = jwt.decode(token, algorithms=['RS256'], options={"verify_signature": False})
        tenant = decode['tid']

        subscription_finder = SubscriptionFinder(self.cli_ctx)
        subscriptions = subscription_finder.find_using_specific_tenant(tenant, msi_creds)
        base_name = ('{}-{}'.format(identity_type, identity_id) if identity_id else identity_type)
        user = _USER_ASSIGNED_IDENTITY if identity_id else _SYSTEM_ASSIGNED_IDENTITY
        if not subscriptions:
            if allow_no_subscriptions:
                subscriptions = self._build_tenant_level_accounts([tenant])
            else:
>               raise CLIError('No access was configured for the VM, hence no subscriptions were found. '
                               "If this is expected, use '--allow-no-subscriptions' to have tenant level access.")
E               knack.util.CLIError: No access was configured for the VM, hence no subscriptions were found. If this is expected, use '--allow-no-subscriptions' to have tenant level access.

src/azure-cli-core/azure/cli/core/_profile.py:281: CLIError src/azure-cli-core/azure/cli/core/tests/test_profile.py:569

Failed test_find_subscriptions_in_vm_with_msi_user_assigned_with_object_id self = <azure.cli.core.tests.test_profile.TestProfile testMethod=test_find_subscriptions_in_vm_with_msi_user_assigned_with_object_id>
create_subscription_client_mock = <function create_subscription_client at 0x7fd8062c82c0>
mock_msi_auth = <MagicMock name='MSIAuthenticationWrapper' spec='MSIAuthenticationWrapper' id='140565793235280'>

    @mock.patch('azure.cli.core.auth.adal_authentication.MSIAuthenticationWrapper', autospec=True)
    @mock.patch('azure.cli.core.profile.SubscriptionFinder.create_subscription_client', autospec=True)
    def test_find_subscriptions_in_vm_with_msi_user_assigned_with_object_id(self, create_subscription_client_mock,
                                                                            mock_msi_auth):
        mock_subscription_client = mock.MagicMock()
        mock_subscription_client.subscriptions.list.return_value = [deepcopy(self.subscription1_raw)]
        create_subscription_client_mock.return_value = mock_subscription_client

        from azure.cli.core.azclierror import AzureResponseError
        class AuthStub:
            def init(self, **kwargs):
                self.token = None
                self.client_id = kwargs.get('client_id')
                self.object_id = kwargs.get('object_id')
                # since msrestazure 0.4.34, set_token in init
                self.set_token()

            def set_token(self):
                # here we will reject the 1st sniffing of trying with client_id and then acccept the 2nd
                if self.object_id:
                    self.token = {
                        'token_type': 'Bearer',
                        'access_token': TestProfile.test_msi_access_token
                    }
                else:
                    raise AzureResponseError('Failed to connect to MSI. Please make sure MSI is configured correctly.\n'
                                             'Get Token request returned http error: 400, reason: Bad Request')

        profile = Profile(cli_ctx=DummyCli(), storage={'subscriptions': None})

        mock_msi_auth.side_effect = AuthStub
        test_object_id = '54826b22-38d6-4fb2-bad9-b7b93a3e9999'

>       subscriptions = profile.login_with_managed_identity(identity_id=test_object_id)

src/azure-cli-core/azure/cli/core/tests/test_profile.py:637:
                                       _

self = <azure.cli.core._profile.Profile object at 0x7fd807d68a10>
identity_id = '54826b22-38d6-4fb2-bad9-b7b93a3e9999'
allow_no_subscriptions = None

    def login_with_managed_identity(self, identity_id=None, allow_no_subscriptions=None):
        import jwt
        from azure.mgmt.core.tools import is_valid_resource_id
        from azure.cli.core.auth.adal_authentication import MSIAuthenticationWrapper
        resource = self.cli_ctx.cloud.endpoints.active_directory_resource_id

        if identity_id:
            if is_valid_resource_id(identity_id):
                msi_creds = MSIAuthenticationWrapper(resource=resource, msi_res_id=identity_id)
                identity_type = MsiAccountTypes.user_assigned_resource_id
            else:
                authenticated = False
                from azure.cli.core.azclierror import AzureResponseError
                try:
                    msi_creds = MSIAuthenticationWrapper(resource=resource, client_id=identity_id)
                    identity_type = MsiAccountTypes.user_assigned_client_id
                    authenticated = True
                except AzureResponseError as ex:
                    if 'http error: 400, reason: Bad Request' in ex.error_msg:
                        logger.info('Sniff: not an MSI client id')
                    else:
                        raise

                if not authenticated:
                    try:
                        identity_type = MsiAccountTypes.user_assigned_object_id
                        msi_creds = MSIAuthenticationWrapper(resource=resource, object_id=identity_id)
                        authenticated = True
                    except AzureResponseError as ex:
                        if 'http error: 400, reason: Bad Request' in ex.error_msg:
                            logger.info('Sniff: not an MSI object id')
                        else:
                            raise

                if not authenticated:
                    raise CLIError('Failed to connect to MSI, check your managed service identity id.')

        else:
            identity_type = MsiAccountTypes.system_assigned
            msi_creds = MSIAuthenticationWrapper(resource=resource)

        token_entry = msi_creds.token
        token = token_entry['access_token']
        logger.info('MSI: token was retrieved. Now trying to initialize local accounts...')
        decode = jwt.decode(token, algorithms=['RS256'], options={"verify_signature": False})
        tenant = decode['tid']

        subscription_finder = SubscriptionFinder(self.cli_ctx)
        subscriptions = subscription_finder.find_using_specific_tenant(tenant, msi_creds)
        base_name = ('{}-{}'.format(identity_type, identity_id) if identity_id else identity_type)
        user = _USER_ASSIGNED_IDENTITY if identity_id else _SYSTEM_ASSIGNED_IDENTITY
        if not subscriptions:
            if allow_no_subscriptions:
                subscriptions = self._build_tenant_level_accounts([tenant])
            else:
>               raise CLIError('No access was configured for the VM, hence no subscriptions were found. '
                               "If this is expected, use '--allow-no-subscriptions' to have tenant level access.")
E               knack.util.CLIError: No access was configured for the VM, hence no subscriptions were found. If this is expected, use '--allow-no-subscriptions' to have tenant level access.

src/azure-cli-core/azure/cli/core/_profile.py:281: CLIError src/azure-cli-core/azure/cli/core/tests/test_profile.py:603

Failed test_find_subscriptions_in_vm_with_msi_user_assigned_with_res_id self = <azure.cli.core.tests.test_profile.TestProfile testMethod=test_find_subscriptions_in_vm_with_msi_user_assigned_with_res_id>
create_subscription_client_mock = <function create_subscription_client at 0x7fd8062c8360>
mock_get = <function get at 0x7fd8062c8900>

    @mock.patch('requests.get', autospec=True)
    @mock.patch('azure.cli.core.profile.SubscriptionFinder.create_subscription_client', autospec=True)
    def test_find_subscriptions_in_vm_with_msi_user_assigned_with_res_id(self, create_subscription_client_mock,
                                                                         mock_get):

        mock_subscription_client = mock.MagicMock()
        mock_subscription_client.subscriptions.list.return_value = [deepcopy(self.subscription1_raw)]
        create_subscription_client_mock.return_value = mock_subscription_client

        cli = DummyCli()
        storage_mock = {'subscriptions': None}
        profile = Profile(cli_ctx=cli, storage=storage_mock)

        test_token_entry = {
            'token_type': 'Bearer',
            'access_token': TestProfile.test_msi_access_token
        }
        test_res_id = ('/subscriptions/0b1f6471-1bf0-4dda-aec3-cb9272f09590/resourcegroups/g1/'
                       'providers/Microsoft.ManagedIdentity/userAssignedIdentities/id1')

        encoded_test_token = json.dumps(test_token_entry).encode()
        good_response = mock.MagicMock()
        good_response.status_code = 200
        good_response.content = encoded_test_token
        mock_get.return_value = good_response

>       subscriptions = profile.login_with_managed_identity(identity_id=test_res_id)

src/azure-cli-core/azure/cli/core/tests/test_profile.py:670:
                                       _

self = <azure.cli.core._profile.Profile object at 0x7fd807d81450>
identity_id = '/subscriptions/0b1f6471-1bf0-4dda-aec3-cb9272f09590/resourcegroups/g1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id1'
allow_no_subscriptions = None

    def login_with_managed_identity(self, identity_id=None, allow_no_subscriptions=None):
        import jwt
        from azure.mgmt.core.tools import is_valid_resource_id
        from azure.cli.core.auth.adal_authentication import MSIAuthenticationWrapper
        resource = self.cli_ctx.cloud.endpoints.active_directory_resource_id

        if identity_id:
            if is_valid_resource_id(identity_id):
                msi_creds = MSIAuthenticationWrapper(resource=resource, msi_res_id=identity_id)
                identity_type = MsiAccountTypes.user_assigned_resource_id
            else:
                authenticated = False
                from azure.cli.core.azclierror import AzureResponseError
                try:
                    msi_creds = MSIAuthenticationWrapper(resource=resource, client_id=identity_id)
                    identity_type = MsiAccountTypes.user_assigned_client_id
                    authenticated = True
                except AzureResponseError as ex:
                    if 'http error: 400, reason: Bad Request' in ex.error_msg:
                        logger.info('Sniff: not an MSI client id')
                    else:
                        raise

                if not authenticated:
                    try:
                        identity_type = MsiAccountTypes.user_assigned_object_id
                        msi_creds = MSIAuthenticationWrapper(resource=resource, object_id=identity_id)
                        authenticated = True
                    except AzureResponseError as ex:
                        if 'http error: 400, reason: Bad Request' in ex.error_msg:
                            logger.info('Sniff: not an MSI object id')
                        else:
                            raise

                if not authenticated:
                    raise CLIError('Failed to connect to MSI, check your managed service identity id.')

        else:
            identity_type = MsiAccountTypes.system_assigned
            msi_creds = MSIAuthenticationWrapper(resource=resource)

        token_entry = msi_creds.token
        token = token_entry['access_token']
        logger.info('MSI: token was retrieved. Now trying to initialize local accounts...')
        decode = jwt.decode(token, algorithms=['RS256'], options={"verify_signature": False})
        tenant = decode['tid']

        subscription_finder = SubscriptionFinder(self.cli_ctx)
        subscriptions = subscription_finder.find_using_specific_tenant(tenant, msi_creds)
        base_name = ('{}-{}'.format(identity_type, identity_id) if identity_id else identity_type)
        user = _USER_ASSIGNED_IDENTITY if identity_id else _SYSTEM_ASSIGNED_IDENTITY
        if not subscriptions:
            if allow_no_subscriptions:
                subscriptions = self._build_tenant_level_accounts([tenant])
            else:
>               raise CLIError('No access was configured for the VM, hence no subscriptions were found. '
                               "If this is expected, use '--allow-no-subscriptions' to have tenant level access.")
E               knack.util.CLIError: No access was configured for the VM, hence no subscriptions were found. If this is expected, use '--allow-no-subscriptions' to have tenant level access.

src/azure-cli-core/azure/cli/core/_profile.py:281: CLIError src/azure-cli-core/azure/cli/core/tests/test_profile.py:643

Failed test_get_auth_info_for_newly_created_service_principal The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1472

Failed test_get_current_account_user The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:918

Failed test_get_login_credentials The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:931

Failed test_get_login_credentials_aux_subscriptions The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:955

Failed test_get_login_credentials_aux_tenants The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:984

Failed test_get_login_credentials_msi_system_assigned The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1020

Failed test_get_login_credentials_msi_user_assigned_with_client_id The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1044

Failed test_get_login_credentials_msi_user_assigned_with_object_id The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1067

Failed test_get_login_credentials_msi_user_assigned_with_res_id The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1091

Failed test_get_raw_token The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1115

Failed test_get_raw_token_for_sp The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1162

Failed test_get_raw_token_in_cloud_console The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1246

Failed test_get_raw_token_msi_system_assigned The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1202

Failed test_get_subscription The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:890

Failed test_login_common_tenant_mfa_warning The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1429

Failed test_login_fallback_to_device_code_github_codespaces The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:374

Failed test_login_fallback_to_device_code_no_browser The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:352

Failed test_login_in_cloud_shell The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:474

Failed test_login_no_subscription The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:676

Failed test_login_with_auth_code The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:308

Failed test_login_with_auth_code_adfs The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:723

Failed test_login_with_device_code The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:331

Failed test_login_with_device_code_for_tenant The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:400

Failed test_login_with_service_principal The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:441

Failed test_login_with_username_password_for_tenant The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:421

Failed test_logout The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1293

Failed test_logout_all The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1314

Failed test_normalize The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:757

Failed test_normalize_v2016_06_01 The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:767

Failed test_refresh_accounts_one_user_account The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1339

Failed test_refresh_accounts_one_user_account_one_sp_account The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1371

Failed test_refresh_accounts_with_nothing The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1409

Failed test_set_active_subscription The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:855

Failed test_subscription_finder_constructor The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:909

Failed test_update_add_two_different_subscriptions The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:798

Failed test_update_with_same_subscription_added_twice The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:832

Failed test_attach_token_tenant_v2016_06_01 The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1550

Failed test_attach_token_tenant_v2022_12_01 The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1557

Failed test_transform_subscription_for_multiapi The error message is too long, please check the pipeline log for details. src/azure-cli-core/azure/cli/core/tests/test_profile.py:1565

️✔️databoxedge

️✔️2020-09-01-hybrid

️✔️3.11

️✔️iot

️✔️2020-09-01-hybrid

️✔️3.11

️✔️keyvault

️✔️2018-03-01-hybrid

️✔️3.11

️✔️3.9

️✔️2020-09-01-hybrid

️✔️3.11

️✔️network

️✔️2018-03-01-hybrid

️✔️3.11

️✔️3.9

️✔️resource

️✔️2018-03-01-hybrid

️✔️3.11

️✔️3.9

️✔️storage

️✔️2018-03-01-hybrid

️✔️3.11

️✔️3.9

️✔️2020-09-01-hybrid

️✔️3.11

️✔️telemetry

️✔️2018-03-01-hybrid

️✔️3.11

️✔️3.9

️✔️2020-09-01-hybrid

️✔️3.11

️✔️vm

️✔️2018-03-01-hybrid

️✔️3.11

️✔️3.9

️✔️2020-09-01-hybrid

️✔️3.11

azure-client-tools-bot-prd · 2024-10-16T11:39:39Z

️✔️AzureCLI-BreakingChangeTest

️✔️Non Breaking Changes

yonzhan · 2024-10-16T11:48:50Z

lightweight ARM client

arm-client

6bc01c9

azure-client-tools-bot-prd bot added this to the October 2024 (2024-11-05) milestone Oct 16, 2024

jiasli modified the milestones: October 2024 (2024-11-05), Backlog Oct 16, 2024

microsoft-github-policy-service bot requested a review from yonzhan October 16, 2024 11:39

microsoft-github-policy-service bot added the Auto-Assign Auto assign by bot label Oct 16, 2024

microsoft-github-policy-service bot assigned jiasli Oct 16, 2024

microsoft-github-policy-service bot added Account az login/account Core CLI core infrastructure labels Oct 16, 2024

a0x1ab added act-identity-squad act-platform-engineering-squad labels Apr 1, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

{Core} Add lightweight ARM client#30103

{Core} Add lightweight ARM client#30103
jiasli wants to merge 1 commit intoAzure:devfrom
jiasli:arm-client

jiasli commented Oct 16, 2024 •

edited

Loading

Uh oh!

azure-client-tools-bot-prd bot commented Oct 16, 2024 •

edited

Loading

Uh oh!

azure-client-tools-bot-prd bot commented Oct 16, 2024 •

edited

Loading

Uh oh!

yonzhan commented Oct 16, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

jiasli commented Oct 16, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

azure-client-tools-bot-prd bot commented Oct 16, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

azure-client-tools-bot-prd bot commented Oct 16, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

yonzhan commented Oct 16, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

jiasli commented Oct 16, 2024 •

edited

Loading

azure-client-tools-bot-prd bot commented Oct 16, 2024 •

edited

Loading

azure-client-tools-bot-prd bot commented Oct 16, 2024 •

edited

Loading