Skip to content

Commit 14084ad

Browse files
jiaslijiasli
authored
[Profile] Drop support for old-style managed identity account (#30321)
1 parent b639c9d commit 14084ad

File tree

2 files changed

+74
-81
lines changed

2 files changed

+74
-81
lines changed

src/azure-cli-core/azure/cli/core/_profile.py

Lines changed: 14 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -377,7 +377,7 @@ def get_login_credentials(self, resource=None, subscription_id=None, aux_subscri
377377

378378
account = self.get_subscription(subscription_id)
379379

380-
managed_identity_type, managed_identity_id = Profile._try_parse_msi_account_name(account)
380+
managed_identity_type, managed_identity_id = Profile._parse_managed_identity_account(account)
381381

382382
if in_cloud_console() and account[_USER_ENTITY].get(_CLOUD_SHELL_ID):
383383
# Cloud Shell
@@ -436,7 +436,7 @@ def get_raw_token(self, resource=None, scopes=None, subscription=None, tenant=No
436436

437437
account = self.get_subscription(subscription)
438438

439-
managed_identity_type, managed_identity_id = Profile._try_parse_msi_account_name(account)
439+
managed_identity_type, managed_identity_id = Profile._parse_managed_identity_account(account)
440440

441441
if in_cloud_console() and account[_USER_ENTITY].get(_CLOUD_SHELL_ID):
442442
# Cloud Shell
@@ -642,15 +642,18 @@ def get_subscription_id(self, subscription=None): # take id or name
642642
return self.get_subscription(subscription)[_SUBSCRIPTION_ID]
643643

644644
@staticmethod
645-
def _try_parse_msi_account_name(account):
646-
msi_info, user = account[_USER_ENTITY].get(_ASSIGNED_IDENTITY_INFO), account[_USER_ENTITY].get(_USER_NAME)
647-
648-
if user in [_SYSTEM_ASSIGNED_IDENTITY, _USER_ASSIGNED_IDENTITY]:
649-
if not msi_info:
650-
msi_info = account[_SUBSCRIPTION_NAME] # fall back to old persisting way
651-
parts = msi_info.split('-', 1)
652-
if parts[0] in MsiAccountTypes.valid_msi_account_types():
653-
return parts[0], (None if len(parts) <= 1 else parts[1])
645+
def _parse_managed_identity_account(account):
646+
user_name = account[_USER_ENTITY][_USER_NAME]
647+
if user_name == _SYSTEM_ASSIGNED_IDENTITY:
648+
# The account contains:
649+
# "assignedIdentityInfo": "MSI",
650+
# "name": "systemAssignedIdentity",
651+
return MsiAccountTypes.system_assigned, None
652+
if user_name == _USER_ASSIGNED_IDENTITY:
653+
# The account contains:
654+
# "assignedIdentityInfo": "MSIClient-xxx"/"MSIObject-xxx"/"MSIResource-xxx",
655+
# "name": "userAssignedIdentity",
656+
return tuple(account[_USER_ENTITY][_ASSIGNED_IDENTITY_INFO].split('-', maxsplit=1))
654657
return None, None
655658

656659
def _create_credential(self, account, tenant_id=None, client_id=None):

0 commit comments

Comments
 (0)