Skip to content

{Identity} Support Cloud Shell login#13567

Merged
jiasli merged 1 commit intoAzure:identityfrom
jiasli:identity-cloud-shell
May 20, 2020
Merged

{Identity} Support Cloud Shell login#13567
jiasli merged 1 commit intoAzure:identityfrom
jiasli:identity-cloud-shell

Conversation

@jiasli
Copy link
Member

@jiasli jiasli commented May 19, 2020
edited
Loading

Description

Currently can't test in Cloud Shell due to the lack of Python 3.6+. See internal email: Python 3.6+ support in Cloud Shell

Use pyenv to install Python 3.6+ in Cloud Shell. See https://stackoverflow.com/a/61890236/2199657. Special thanks to @NullMDR for this fascinating solution.

Log in to Cloud Shell.

$ az login --identity
Using Cloud Shell Managed Identity: {"tenant_id": "54826b22-38d6-4fb2-bad9-b7b93a3e9c5a", "unique_name": "xxx@microsoft.com"}
[
  {
    "environmentName": "AzureCloud",
    "homeTenantId": "54826b22-38d6-4fb2-bad9-b7b93a3e9c5a",
    "id": "0b1f6471-1bf0-4dda-aec3-cb9272f09590",
    "isDefault": true,
    "managedByTenants": [
      {
        "tenantId": "2f4a9838-26b7-47ee-be60-ccc1fdec5953"
      }
    ],
    "name": "AzureSDKTest",
    "state": "Enabled",
    "tenantId": "54826b22-38d6-4fb2-bad9-b7b93a3e9c5a",
    "user": {
      "cloudShellID": true,
      "name": "xxx@microsoft.com",
      "type": "user"
    }
  }
]

We can also test on a VM with managed identity and set env var ACC_CLOUD=1 to mock Cloud Shell.

C:\Users\admin\env38\Scripts\python.exe C:/Users/admin/azure-cli/src/azure-cli/azure/cli/__main__.py login --identity
Using Cloud Shell Managed Identity: {"tenant_id": "54826b22-38d6-4fb2-bad9-b7b93a3e9c5a", "unique_name": "N/A"}
[
  {
    "environmentName": "AzureCloud",
    "homeTenantId": "54826b22-38d6-4fb2-bad9-b7b93a3e9c5a",
    "id": "0b1f6471-1bf0-4dda-aec3-cb9272f09590",
    "isDefault": true,
    "managedByTenants": [
      {
        "tenantId": "2f4a9838-26b7-47ee-be60-ccc1fdec5953"
      }
    ],
    "name": "AzureSDKTest",
    "state": "Enabled",
    "tenantId": "54826b22-38d6-4fb2-bad9-b7b93a3e9c5a",
    "user": {
      "cloudShellID": true,
      "name": "N/A",
      "type": "user"
    }
  }
]

Testing Guide

# Install and configure pyenv since we don't have sudo permission in Cloud Shell
curl https://pyenv.run | bash

echo 'export PATH="$HOME/.pyenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(pyenv init -)"' >> ~/.bashrc
echo 'eval "$(pyenv virtualenv-init -)"' >> ~/.bashrc

pyenv install 3.8.3
exec $SHELL

# Follow normal workflow to set up dev environment
python -m venv env383
. ~/env383/bin/activate
pip install azdev
git clone https://github.com/Azure/azure-cli
git fetch origin refs/pull/13567/head
git checkout -b identity-cloud-shell FETCH_HEAD
git clone https://github.com/Azure/azure-sdk-for-python

azdev setup -c
pip install -e azure-sdk-for-python/sdk/identity/azure-identity

# Login with Cloud Shell's identity
az login --identity

@jiasli jiasli requested a review from qianwens May 19, 2020 09:26
@yonzhan yonzhan added this to the S170 milestone May 19, 2020
@yonzhan
Copy link
Collaborator

yonzhan commented May 19, 2020

add to S170

@jiasli jiasli marked this pull request as ready for review May 19, 2020 12:52
qianwens
qianwens approved these changes May 20, 2020
View reviewed changes
Copy link
Member

@qianwens qianwens left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@jiasli jiasli merged commit 93ef093 into Azure:identity May 20, 2020
@jiasli jiasli deleted the identity-cloud-shell branch May 20, 2020 10:39
@jiasli jiasli changed the title [Identity] Support Cloud Shell login {Identity} Support Cloud Shell login Jun 4, 2020
@jiasli jiasli mentioned this pull request Jun 4, 2020
Merged
@jiasli jiasli mentioned this pull request Jul 22, 2020
Closed
@jiasli jiasli mentioned this pull request Nov 13, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arrownj arrownj Awaiting requested review from arrownj

@fengzhou-msft fengzhou-msft Awaiting requested review from fengzhou-msft

@haroldrandom haroldrandom Awaiting requested review from haroldrandom

@Juliehzl Juliehzl Awaiting requested review from Juliehzl

1 more reviewer

@qianwens qianwens qianwens approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@jiasli jiasli

Labels

MSAL

Projects

None yet

Milestone

S170

Development

Successfully merging this pull request may close these issues.

3 participants

@jiasli @yonzhan @qianwens

Comments