[Core] PREVIEW: Support managed identity on Azure Arc-enabled Linux s…

…erver (#30267)

src/azure-cli-core/azure/cli/core/_profile.py

@@ -220,8 +220,8 @@ def login(self,
         return deepcopy(consolidated)
 
     def login_with_managed_identity(self, identity_id=None, allow_no_subscriptions=None):
-        if _on_azure_arc_windows():
-            return self.login_with_managed_identity_azure_arc_windows(
+        if _on_azure_arc():
+            return self.login_with_managed_identity_azure_arc(
                 identity_id=identity_id, allow_no_subscriptions=allow_no_subscriptions)
 
         import jwt
@@ -286,7 +286,7 @@ def login_with_managed_identity(self, identity_id=None, allow_no_subscriptions=N
         self._set_subscriptions(consolidated)
         return deepcopy(consolidated)
 
-    def login_with_managed_identity_azure_arc_windows(self, identity_id=None, allow_no_subscriptions=None):
+    def login_with_managed_identity_azure_arc(self, identity_id=None, allow_no_subscriptions=None):
         import jwt
         identity_type = MsiAccountTypes.system_assigned
         from .auth.msal_credentials import ManagedIdentityCredential
@@ -388,7 +388,7 @@ def get_login_credentials(self, resource=None, subscription_id=None, aux_subscri
 
         elif managed_identity_type:
             # managed identity
-            if _on_azure_arc_windows():
+            if _on_azure_arc():
                 from .auth.msal_credentials import ManagedIdentityCredential
                 from azure.cli.core.auth.credential_adaptor import CredentialAdaptor
                 # The credential must be wrapped by CredentialAdaptor so that it can work with Track 1 SDKs.
@@ -449,7 +449,7 @@ def get_raw_token(self, resource=None, scopes=None, subscription=None, tenant=No
             # managed identity
             if tenant:
                 raise CLIError("Tenant shouldn't be specified for managed identity account")
-            if _on_azure_arc_windows():
+            if _on_azure_arc():
                 from .auth.msal_credentials import ManagedIdentityCredential
                 cred = ManagedIdentityCredential()
             else:
@@ -960,6 +960,7 @@ def _create_identity_instance(cli_ctx, authority, tenant_id=None, client_id=None
                     instance_discovery=instance_discovery)
 
 
-def _on_azure_arc_windows():
-    # This indicates an Azure Arc-enabled Windows server
-    return "IDENTITY_ENDPOINT" in os.environ and "IMDS_ENDPOINT" in os.environ
+def _on_azure_arc():
+    # This indicates an Azure Arc-enabled server
+    from msal.managed_identity import get_managed_identity_source, AZURE_ARC
+    return get_managed_identity_source() == AZURE_ARC

src/azure-cli-core/setup.py

@@ -53,7 +53,7 @@
     'jmespath',
     'knack~=0.11.0',
     'msal-extensions==1.2.0',
-    'msal[broker]==1.31.0',
+    'msal[broker]==1.31.1',
     'msrestazure~=0.6.4',
     'packaging>=20.9',
     'pkginfo>=1.5.0.1',

src/azure-cli/requirements.py3.Darwin.txt

@@ -104,7 +104,7 @@ jmespath==0.9.5
 jsondiff==2.0.0
 knack==0.11.0
 msal-extensions==1.2.0
-msal[broker]==1.31.0
+msal[broker]==1.31.1
 msrest==0.7.1
 msrestazure==0.6.4
 oauthlib==3.2.2

src/azure-cli/requirements.py3.Linux.txt

@@ -105,7 +105,7 @@ jmespath==0.9.5
 jsondiff==2.0.0
 knack==0.11.0
 msal-extensions==1.2.0
-msal[broker]==1.31.0
+msal[broker]==1.31.1
 msrest==0.7.1
 msrestazure==0.6.4
 oauthlib==3.2.2

src/azure-cli/requirements.py3.windows.txt

@@ -104,7 +104,7 @@ jmespath==0.9.5
 jsondiff==2.0.0
 knack==0.11.0
 msal-extensions==1.2.0
-msal[broker]==1.31.0
+msal[broker]==1.31.1
 msrest==0.7.1
 msrestazure==0.6.4
 oauthlib==3.2.2