Azure · bim-msft · Nov 9, 2020 · Nov 6, 2020 · Nov 7, 2020 · Nov 7, 2020
@@ -296,7 +296,11 @@ def __read_kv_from_config_store(azconfig_client,
     elif top is None:
         top = 100
 
-    keyvault_client = __get_keyvault_client(cli_ctx) if cli_ctx else None
+    if cli_ctx:
+        from azure.cli.command_modules.keyvault._client_factory import keyvault_data_plane_factory
+        keyvault_client = keyvault_data_plane_factory(cli_ctx, None)
+    else:
+        keyvault_client = None
 
     for setting in configsetting_iterable:
         kv = convert_configurationsetting_to_keyvalue(setting)
@@ -959,18 +963,6 @@ def __compact_key_values(key_values):
     return compacted
 
 
-def __get_keyvault_client(cli_ctx):
-    from azure.cli.core._profile import Profile
-    from azure.keyvault import KeyVaultAuthentication, KeyVaultClient
-    from azure.cli.core.profiles import ResourceType, get_api_version
-    version = str(get_api_version(cli_ctx, ResourceType.DATA_KEYVAULT))
-
-    def _get_token(server, resource, scope):  # pylint: disable=unused-argument
-        return Profile(cli_ctx=cli_ctx).get_login_credentials(resource)[0]._token_retriever()  # pylint: disable=protected-access
-
-    return KeyVaultClient(KeyVaultAuthentication(_get_token), api_version=version)
-
-
 def __resolve_secret(keyvault_client, keyvault_reference):
     from azure.keyvault.key_vault_id import SecretId
     try:

@@ -1,4 +1,4 @@
-#Thu Oct 08 19:49:30 Pacific Daylight Time 2020
+#Sat Nov 07 15:41:37 Pacific Standard Time 2020
 Color=Red
 Region=West US
 feature-management.FalseFeature=false

@@ -467,7 +467,7 @@ def test_resolve_keyvault(self, key_vault, resource_group):
             'imported_format': 'json',
         })
 
-        self.cmd('appconfig kv export -n {config_store_name} -d file --path {exported_file_path} --format json --resolve-keyvault -y')
+        self.cmd('appconfig kv export -n {config_store_name} -d file --path "{exported_file_path}" --format json --resolve-keyvault -y')
         with open(exported_file_path) as json_file:
             exported_kvs = json.load(json_file)
 
@@ -1984,6 +1984,8 @@ def test_azconfig_key_validation(self, resource_group, location):
 
 class AppConfigAadAuthLiveScenarioTest(LiveScenarioTest):
 
+    # Due to a bug in LiveScenarioTest, self.assertRaisesRegex() will not detect the exception.
+    # To run this testcase in local with --live, temporarily change to ScenarioTest and add AllowLargeResponse annotation.
     @ResourceGroupPreparer(parameter_name_for_location='location')
     def test_azconfig_aad_auth(self, resource_group, location):
         config_store_name = self.create_random_name(prefix='AadTest', length=15)
@@ -2043,8 +2045,9 @@ def test_azconfig_aad_auth(self, resource_group, location):
             'endpoint': endpoint
         })
 
-        # Before assigning data reader role, read operation should fail with AAD auth
-        with self.assertRaisesRegex(CLIError, "Operation returned an invalid status 'Unauthorized'"):
+        # Before assigning data reader role, read operation should fail with AAD auth.
+        # The exception really depends on the which identity is used to run this testcase.
+        with self.assertRaisesRegex(CLIError, "Operation returned an invalid status '(?:Unauthorized|Forbidden)'"):
             self.cmd('appconfig kv show --endpoint {endpoint} --auth-mode login --key {key}')
 
         # Assign data reader role to current user