[Profile] az login: Add --get-subscriptions to limit the subscriptions that are retrieved

src/azure-cli-core/azure/cli/core/_profile.py

@@ -147,6 +147,7 @@ def login(self,
               password,
               is_service_principal,
               tenant,
+              get_subscriptions=None,
               scopes=None,
               use_device_code=False,
               allow_no_subscriptions=False,
@@ -199,7 +200,8 @@ def login(self,
             credential = identity.get_service_principal_credential(username)
 
         if tenant:
-            subscriptions = subscription_finder.find_using_specific_tenant(tenant, credential)
+            subscriptions = subscription_finder.find_using_specific_tenant(tenant, credential,
+                                                                           get_subscriptions=get_subscriptions)
         else:
             subscriptions = subscription_finder.find_using_common_tenant(username, credential)
 
@@ -841,14 +843,21 @@ def find_using_common_tenant(self, username, credential=None):
                 logger.warning("%s", t.tenant_id_name)
         return all_subscriptions
 
-    def find_using_specific_tenant(self, tenant, credential, tenant_id_description=None):
+    def find_using_specific_tenant(self, tenant, credential, tenant_id_description=None, get_subscriptions=None):
         """List subscriptions that can be accessed from a specific tenant.
         If called from find_using_common_tenant, tenant_id_description is TenantIdDescription retrieved from
         'Tenants - List' REST API. If directly called, tenant_id_description is None.
         """
         client = self._create_subscription_client(credential)
         # https://learn.microsoft.com/en-us/rest/api/resources/subscriptions/list
-        subscriptions = client.subscriptions.list()
+
+        subscriptions = []
+        if get_subscriptions:
+            for s in get_subscriptions:
+                subscriptions.append(client.subscriptions.get(s))
+        else:
+            subscriptions = client.subscriptions.list()
+
         all_subscriptions = []
         for s in subscriptions:
             _attach_token_tenant(s, tenant, tenant_id_description=tenant_id_description)

src/azure-cli/azure/cli/command_modules/profile/__init__.py

@@ -50,6 +50,10 @@ def load_arguments(self, command):
                        help='User password or service principal secret. Will prompt if not given.')
             c.argument('tenant', options_list=['--tenant', '-t'], validator=validate_tenant,
                        help='The Microsoft Entra tenant, must be provided when using a service principal.')
+            c.argument('get_subscriptions', nargs='+',
+                       help='Space-separated list of subscriptions to retrieve. '
+                            'This argument must be used together with --tenant. '
+                            'Without this argument, all subscriptions will be retrieved.')
             c.argument('scopes', options_list=['--scope'], nargs='+',
                        help='Used in the /authorize request. It can cover only one static resource.')
             c.argument('allow_no_subscriptions', action='store_true',

src/azure-cli/azure/cli/command_modules/profile/custom.py

@@ -121,7 +121,9 @@ def account_clear(cmd):
 
 
 # pylint: disable=too-many-branches, too-many-locals
-def login(cmd, username=None, password=None, tenant=None, scopes=None, allow_no_subscriptions=False,
+def login(cmd, username=None, password=None,
+          tenant=None, get_subscriptions=None,
+          scopes=None, allow_no_subscriptions=False,
           claims_challenge=None,
           # Device code flow
           use_device_code=False,
@@ -132,6 +134,8 @@ def login(cmd, username=None, password=None, tenant=None, scopes=None, allow_no_
     """Log in to access Azure subscriptions"""
 
     # quick argument usage check
+    if get_subscriptions and not tenant:
+        raise CLIError("usage error: --get-subscription must be used together with --tenant")
     if any([password, service_principal, tenant]) and identity:
         raise CLIError("usage error: '--identity' is not applicable with other arguments")
     if identity and username:
@@ -195,6 +199,7 @@ def login(cmd, username=None, password=None, tenant=None, scopes=None, allow_no_
         password,
         service_principal,
         tenant,
+        get_subscriptions=get_subscriptions,
         scopes=scopes,
         use_device_code=use_device_code,
         allow_no_subscriptions=allow_no_subscriptions,