diff --git a/src/azure-cli-core/azure/cli/core/_profile.py b/src/azure-cli-core/azure/cli/core/_profile.py index ee2cd6d9de6..e33ef48b108 100644 --- a/src/azure-cli-core/azure/cli/core/_profile.py +++ b/src/azure-cli-core/azure/cli/core/_profile.py @@ -413,7 +413,7 @@ def get_login_credentials(self, resource=None, client_id=None, subscription_id=N credential = self._create_credential(account, client_id=client_id) external_credentials = [] for external_tenant in external_tenants: - external_credentials.append(self._create_credential(account, external_tenant, client_id=client_id)) + external_credentials.append(self._create_credential(account, tenant_id=external_tenant)) from azure.cli.core.auth.credential_adaptor import CredentialAdaptor cred = CredentialAdaptor(credential, auxiliary_credentials=external_credentials, @@ -460,7 +460,7 @@ def get_raw_token(self, resource=None, scopes=None, subscription=None, tenant=No scopes_to_resource(scopes)) else: - cred = self._create_credential(account, tenant) + cred = self._create_credential(account, tenant_id=tenant) sdk_token = cred.get_token(*scopes) # Convert epoch int 'expires_on' to datetime string 'expiresOn' for backward compatibility @@ -655,7 +655,7 @@ def _try_parse_msi_account_name(account): return parts[0], (None if len(parts) <= 1 else parts[1]) return None, None - def _create_credential(self, account, tenant_id=None, client_id=None): + def _create_credential(self, account, tenant_id=None): """Create a credential object driven by MSAL :param account: @@ -665,8 +665,8 @@ def _create_credential(self, account, tenant_id=None, client_id=None): """ user_type = account[_USER_ENTITY][_USER_TYPE] username_or_sp_id = account[_USER_ENTITY][_USER_NAME] - tenant_id = tenant_id if tenant_id else account[_TENANT_ID] - identity = _create_identity_instance(self.cli_ctx, self._authority, tenant_id=tenant_id, client_id=client_id) + tenant_id = tenant_id or account[_TENANT_ID] + identity = _create_identity_instance(self.cli_ctx, self._authority, tenant_id=tenant_id) # User if user_type == _USER: @@ -694,7 +694,7 @@ def refresh_accounts(self): tenant = s[_TENANT_ID] subscriptions = [] try: - identity_credential = self._create_credential(s, tenant) + identity_credential = self._create_credential(s, tenant_id=tenant) if is_service_principal: subscriptions = subscription_finder.find_using_specific_tenant(tenant, identity_credential) else: @@ -938,7 +938,7 @@ def _transform_subscription_for_multiapi(s, s_dict): s_dict[_MANAGED_BY_TENANTS] = [{_TENANT_ID: t.tenant_id} for t in s.managed_by_tenants] -def _create_identity_instance(cli_ctx, *args, **kwargs): +def _create_identity_instance(cli_ctx, authority, tenant_id=None): """Lazily import and create Identity instance to avoid unnecessary imports.""" from .auth.identity import Identity from .util import should_encrypt_token_cache @@ -955,9 +955,11 @@ def _create_identity_instance(cli_ctx, *args, **kwargs): # PREVIEW: In Azure Stack environment, use core.instance_discovery=false to disable MSAL's instance discovery. instance_discovery = cli_ctx.config.getboolean('core', 'instance_discovery', True) - return Identity(*args, encrypt=encrypt, use_msal_http_cache=use_msal_http_cache, + return Identity(authority, tenant_id=tenant_id, + encrypt=encrypt, + use_msal_http_cache=use_msal_http_cache, enable_broker_on_windows=enable_broker_on_windows, - instance_discovery=instance_discovery, **kwargs) + instance_discovery=instance_discovery) def _on_azure_arc_windows():