Azure · jiasli · Oct 13, 2021 · Dec 31, 2020 · Jan 5, 2021 · Jan 5, 2021
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -14,7 +14,7 @@
 
 /src/azure-cli-core/ @jiasli @evelyn-ys @jsntcy @kairu-ms @zhoxing-ms
 /src/azure-cli-core/azure/cli/core/_profile.py @jiasli @evelyn-ys
-/src/azure-cli-core/azure/cli/core/adal_authentication.py @jiasli @evelyn-ys
+/src/azure-cli-core/azure/cli/core/auth/ @jiasli
 /src/azure-cli-core/azure/cli/core/extension/ @jsntcy @kairu-ms
 /src/azure-cli-core/azure/cli/core/msal_authentication.py @jiasli @evelyn-ys
 /src/azure-cli-core/azure/cli/core/style.py @jiasli @evelyn-ys @zhoxing-ms

@@ -412,9 +412,13 @@
       "_justification": "[AppService] Test certs"
     },
     {
-      "file": "src\\azure-cli-core\\azure\\cli\\core\\tests\\sp_cert.pem",
+      "file": "src\\azure-cli-core\\azure\\cli\\core\\auth\\tests\\sp_cert.pem",
       "_justification": "[Core] Test certs"
     },
+    {
+      "placeholder": "test_secret",
+      "_justification": "[Core] Test secret"
+    },
     {
       "placeholder": "0abf356884d74b4aacbd7b1ebd3da0f7",
       "_justification": "[AMS] hard code accessToken in test_ams_live_event_scenarios.py"

@@ -45,8 +45,3 @@ def change_ssl_cert_verification_track2():
         logger.debug("Using CA bundle file at '%s'.", ca_bundle_file)
         client_kwargs['connection_verify'] = ca_bundle_file
     return client_kwargs
-
-
-def allow_debug_adal_connection():
-    if should_disable_connection_verify():
-        os.environ[ADAL_PYTHON_SSL_NO_VERIFY] = '1'
@@ -0,0 +1,66 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+# --------------------------------------------------------------------------------------------
+
+import requests
+from azure.core.credentials import AccessToken
+from knack.log import get_logger
+from msrestazure.azure_active_directory import MSIAuthentication
+
+from .util import _normalize_scopes, scopes_to_resource
+
+logger = get_logger(__name__)
+
+
+class MSIAuthenticationWrapper(MSIAuthentication):
+    # This method is exposed for Azure Core. Add *scopes, **kwargs to fit azure.core requirement
+    def get_token(self, *scopes, **kwargs):  # pylint:disable=unused-argument
+        logger.debug("MSIAuthenticationWrapper.get_token invoked by Track 2 SDK with scopes=%s", scopes)
+        resource = scopes_to_resource(_normalize_scopes(scopes))
+        if resource:
+            # If available, use resource provided by SDK
+            self.resource = resource
+        self.set_token()
+        # Managed Identity token entry sample:
+        # {
+        #     "access_token": "eyJ0eXAiOiJKV...",
+        #     "client_id": "da95e381-d7ab-4fdc-8047-2457909c723b",
+        #     "expires_in": "86386",
+        #     "expires_on": "1605238724",
+        #     "ext_expires_in": "86399",
+        #     "not_before": "1605152024",
+        #     "resource": "https://management.azure.com/",
+        #     "token_type": "Bearer"
+        # }
+        return AccessToken(self.token['access_token'], int(self.token['expires_on']))
+
+    def set_token(self):
+        import traceback
+        from azure.cli.core.azclierror import AzureConnectionError, AzureResponseError
+        try:
+            super(MSIAuthenticationWrapper, self).set_token()
+        except requests.exceptions.ConnectionError as err:
+            logger.debug('throw requests.exceptions.ConnectionError when doing MSIAuthentication: \n%s',
+                         traceback.format_exc())
+            raise AzureConnectionError('Failed to connect to MSI. Please make sure MSI is configured correctly '
+                                       'and check the network connection.\nError detail: {}'.format(str(err)))
+        except requests.exceptions.HTTPError as err:
+            logger.debug('throw requests.exceptions.HTTPError when doing MSIAuthentication: \n%s',
+                         traceback.format_exc())
+            try:
+                raise AzureResponseError('Failed to connect to MSI. Please make sure MSI is configured correctly.\n'
+                                         'Get Token request returned http error: {}, reason: {}'
+                                         .format(err.response.status, err.response.reason))
+            except AttributeError:
+                raise AzureResponseError('Failed to connect to MSI. Please make sure MSI is configured correctly.\n'
+                                         'Get Token request returned: {}'.format(err.response))
+        except TimeoutError as err:
+            logger.debug('throw TimeoutError when doing MSIAuthentication: \n%s',
+                         traceback.format_exc())
+            raise AzureConnectionError('MSI endpoint is not responding. Please make sure MSI is configured correctly.\n'
+                                       'Error detail: {}'.format(str(err)))
+
+    def signed_session(self, session=None):
+        logger.debug("MSIAuthenticationWrapper.signed_session invoked by Track 1 SDK")
+        super().signed_session(session)