azure_rm inventory not work for MSI auth with others AzureCloud.

[tu-doan]

Description:

In azure_rm.yaml, my config is:

---
plugin: azure.azcollection.azure_rm
cloud_environment: AzureChinaCloud
subscription_id: XXXXXX-XXXXXX-XXXX-XXXXX
auth_source: msi

Did't know why but ansible playbook return 404 with my subscription.

[WARNING]:  * Failed to parse /runner/inventory/ag1/azure_rm.yml with auto plugin: a batched request failed with status code 404

Debugging

After debugging, I found out that the playbook use AzurePublicCloud endpoint, instead of AzureChinaCloud . That's why the response is 404 with my subcribtion_id.

Here is the issue with the library:
Return AZURE_PUBLIC_CLOUD when variable raw_cloud_env is None:

azure/plugins/module_utils/azure_rm_common.py

Lines 1462 to 1466 in 7b1611d

	raw_cloud_env = self.credentials.get('cloud_environment')
	if self.credentials.get('credentials') is not None and raw_cloud_env is not None:
	self._cloud_environment = raw_cloud_env
	elif not raw_cloud_env:
	self._cloud_environment = azure_cloud.AZURE_PUBLIC_CLOUD # SDK default

However, when auth_source=msi, the return object is not including cloud_environment, while the cli method has:

azure/plugins/module_utils/azure_rm_common.py

Lines 1587 to 1625 in 7b1611d

	def _get_msi_credentials(self, subscription_id=None, client_id=None, **kwargs):
	credentials = MSIAuthentication(client_id=client_id)
	credential = MSIAuthenticationWrapper(client_id=client_id)
	subscription_id = subscription_id or self._get_env('subscription_id')
	if not subscription_id:
	try:
	# use the first subscription of the MSI
	subscription_client = SubscriptionClient(credentials)
	subscription = next(subscription_client.subscriptions.list())
	subscription_id = str(subscription.subscription_id)
	except Exception as exc:
	self.fail("Failed to get MSI token: {0}. "
	"Please check whether your machine enabled MSI or grant access to any subscription.".format(str(exc)))
	return {
	'credentials': credentials,
	'credential': credential,
	'subscription_id': subscription_id,
	'auth_source': 'msi'
	}
	def _get_azure_cli_credentials(self, subscription_id=None, resource=None):
	if self.is_ad_resource:
	resource = 'https://graph.windows.net/'
	subscription_id = subscription_id or self._get_env('subscription_id')
	try:
	profile = get_cli_profile()
	except Exception as exc:
	self.fail("Failed to load CLI profile {0}.".format(str(exc)))
	credentials, subscription_id, tenant = profile.get_login_credentials(
	subscription_id=subscription_id, resource=resource)
	cloud_environment = get_cli_active_cloud()
	cli_credentials = {
	'credentials': credentials,
	'subscription_id': subscription_id,
	'cloud_environment': cloud_environment
	}
	return cli_credentials

Despite the authentication via msi is success, these line-of-codes lead the object to none when select attribute cloud_environment. Then with the if clause, it selects the cloud as AzurePublicCloud. After all, other module send batch_request uses the wrong endpoint because of the wrong cloud_environment.

TL;DR

Module AzureRMAuth does not treat msi auth method as same as the cli method.
Function _get_msi_credentials is missing attribute cloud_environment when returns.

[tu-doan]

A fixed PR was introduced here: #894