mi-account

jiasli · jiasli · commit cc98229d7c98 · 2024-11-12T17:20:43.000+08:00
diff --git a/src/azure-cli-core/azure/cli/core/_profile.py b/src/azure-cli-core/azure/cli/core/_profile.py
@@ -379,7 +379,7 @@ def get_login_credentials(self, resource=None, client_id=None, subscription_id=N
 
         account = self.get_subscription(subscription_id)
 
-        managed_identity_type, managed_identity_id = Profile._try_parse_msi_account_name(account)
+        managed_identity_type, managed_identity_id = Profile._parse_managed_identity_account(account)
 
         if in_cloud_console() and account[_USER_ENTITY].get(_CLOUD_SHELL_ID):
             # Cloud Shell
@@ -438,7 +438,7 @@ def get_raw_token(self, resource=None, scopes=None, subscription=None, tenant=No
 
         account = self.get_subscription(subscription)
 
-        managed_identity_type, managed_identity_id = Profile._try_parse_msi_account_name(account)
+        managed_identity_type, managed_identity_id = Profile._parse_managed_identity_account(account)
 
         if in_cloud_console() and account[_USER_ENTITY].get(_CLOUD_SHELL_ID):
             # Cloud Shell
@@ -644,15 +644,20 @@ def get_subscription_id(self, subscription=None):  # take id or name
         return self.get_subscription(subscription)[_SUBSCRIPTION_ID]
 
     @staticmethod
-    def _try_parse_msi_account_name(account):
-        msi_info, user = account[_USER_ENTITY].get(_ASSIGNED_IDENTITY_INFO), account[_USER_ENTITY].get(_USER_NAME)
-
-        if user in [_SYSTEM_ASSIGNED_IDENTITY, _USER_ASSIGNED_IDENTITY]:
-            if not msi_info:
-                msi_info = account[_SUBSCRIPTION_NAME]  # fall back to old persisting way
-            parts = msi_info.split('-', 1)
-            if parts[0] in MsiAccountTypes.valid_msi_account_types():
-                return parts[0], (None if len(parts) <= 1 else parts[1])
+    def _parse_managed_identity_account(account):
+        user_name = account[_USER_ENTITY].get(_USER_NAME)
+        assigned_identity_info = account[_USER_ENTITY].get(_ASSIGNED_IDENTITY_INFO)
+
+        if user_name == _SYSTEM_ASSIGNED_IDENTITY:
+            # The account contains:
+            #   "assignedIdentityInfo": "MSI",
+            #   "name": "systemAssignedIdentity",
+            return assigned_identity_info, None
+        if user_name == _USER_ASSIGNED_IDENTITY:
+            # The account contains:
+            #   "assignedIdentityInfo": "MSIClient-xxx"/"MSIObject-xxx"/"MSIResource-xxx",
+            #   "name": "userAssignedIdentity",
+            return tuple(assigned_identity_info.split('-', 1))
         return None, None
 
     def _create_credential(self, account, tenant_id=None, client_id=None):
