diff --git a/src/azure-cli-core/azure/cli/core/_profile.py b/src/azure-cli-core/azure/cli/core/_profile.py index 4c49377d842..3e178c10aaa 100644 --- a/src/azure-cli-core/azure/cli/core/_profile.py +++ b/src/azure-cli-core/azure/cli/core/_profile.py @@ -220,8 +220,8 @@ def login(self, return deepcopy(consolidated) def login_with_managed_identity(self, identity_id=None, allow_no_subscriptions=None): - if _on_azure_arc_windows(): - return self.login_with_managed_identity_azure_arc_windows( + if _on_azure_arc(): + return self.login_with_managed_identity_azure_arc( identity_id=identity_id, allow_no_subscriptions=allow_no_subscriptions) import jwt @@ -286,7 +286,7 @@ def login_with_managed_identity(self, identity_id=None, allow_no_subscriptions=N self._set_subscriptions(consolidated) return deepcopy(consolidated) - def login_with_managed_identity_azure_arc_windows(self, identity_id=None, allow_no_subscriptions=None): + def login_with_managed_identity_azure_arc(self, identity_id=None, allow_no_subscriptions=None): import jwt identity_type = MsiAccountTypes.system_assigned from .auth.msal_credentials import ManagedIdentityCredential @@ -388,7 +388,7 @@ def get_login_credentials(self, resource=None, subscription_id=None, aux_subscri elif managed_identity_type: # managed identity - if _on_azure_arc_windows(): + if _on_azure_arc(): from .auth.msal_credentials import ManagedIdentityCredential from azure.cli.core.auth.credential_adaptor import CredentialAdaptor # The credential must be wrapped by CredentialAdaptor so that it can work with Track 1 SDKs. @@ -449,7 +449,7 @@ def get_raw_token(self, resource=None, scopes=None, subscription=None, tenant=No # managed identity if tenant: raise CLIError("Tenant shouldn't be specified for managed identity account") - if _on_azure_arc_windows(): + if _on_azure_arc(): from .auth.msal_credentials import ManagedIdentityCredential cred = ManagedIdentityCredential() else: @@ -960,6 +960,7 @@ def _create_identity_instance(cli_ctx, authority, tenant_id=None, client_id=None instance_discovery=instance_discovery) -def _on_azure_arc_windows(): - # This indicates an Azure Arc-enabled Windows server - return "IDENTITY_ENDPOINT" in os.environ and "IMDS_ENDPOINT" in os.environ +def _on_azure_arc(): + # This indicates an Azure Arc-enabled server + from msal.managed_identity import get_managed_identity_source, AZURE_ARC + return get_managed_identity_source() == AZURE_ARC diff --git a/src/azure-cli-core/setup.py b/src/azure-cli-core/setup.py index 7971e427b95..b1f6f20ab9e 100644 --- a/src/azure-cli-core/setup.py +++ b/src/azure-cli-core/setup.py @@ -53,7 +53,7 @@ 'jmespath', 'knack~=0.11.0', 'msal-extensions==1.2.0', - 'msal[broker]==1.31.0', + 'msal[broker]==1.31.1', 'msrestazure~=0.6.4', 'packaging>=20.9', 'pkginfo>=1.5.0.1', diff --git a/src/azure-cli/requirements.py3.Darwin.txt b/src/azure-cli/requirements.py3.Darwin.txt index 6f4257c47f9..fc5f5aaeb04 100644 --- a/src/azure-cli/requirements.py3.Darwin.txt +++ b/src/azure-cli/requirements.py3.Darwin.txt @@ -104,7 +104,7 @@ jmespath==0.9.5 jsondiff==2.0.0 knack==0.11.0 msal-extensions==1.2.0 -msal[broker]==1.31.0 +msal[broker]==1.31.1 msrest==0.7.1 msrestazure==0.6.4 oauthlib==3.2.2 diff --git a/src/azure-cli/requirements.py3.Linux.txt b/src/azure-cli/requirements.py3.Linux.txt index a65a02c2aca..8c5b5091283 100644 --- a/src/azure-cli/requirements.py3.Linux.txt +++ b/src/azure-cli/requirements.py3.Linux.txt @@ -105,7 +105,7 @@ jmespath==0.9.5 jsondiff==2.0.0 knack==0.11.0 msal-extensions==1.2.0 -msal[broker]==1.31.0 +msal[broker]==1.31.1 msrest==0.7.1 msrestazure==0.6.4 oauthlib==3.2.2 diff --git a/src/azure-cli/requirements.py3.windows.txt b/src/azure-cli/requirements.py3.windows.txt index 80a4f88f222..2f00fa0faa4 100644 --- a/src/azure-cli/requirements.py3.windows.txt +++ b/src/azure-cli/requirements.py3.windows.txt @@ -104,7 +104,7 @@ jmespath==0.9.5 jsondiff==2.0.0 knack==0.11.0 msal-extensions==1.2.0 -msal[broker]==1.31.0 +msal[broker]==1.31.1 msrest==0.7.1 msrestazure==0.6.4 oauthlib==3.2.2