From 85ea9597a0888962472a21456545cd1cc9022062 Mon Sep 17 00:00:00 2001 From: Jiashuo Li Date: Tue, 10 Nov 2020 15:31:43 +0800 Subject: [PATCH 1/2] Prevent calling AdalAuthentication._token_retriever --- src/azure-cli-core/azure/cli/core/adal_authentication.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/azure-cli-core/azure/cli/core/adal_authentication.py b/src/azure-cli-core/azure/cli/core/adal_authentication.py index 4d42159d5f9..47c15c93751 100644 --- a/src/azure-cli-core/azure/cli/core/adal_authentication.py +++ b/src/azure-cli-core/azure/cli/core/adal_authentication.py @@ -21,6 +21,11 @@ class AdalAuthentication(Authentication): # pylint: disable=too-few-public-methods def __init__(self, token_retriever, external_tenant_token_retriever=None): + # DO NOT call _token_retriever from outside azure-cli-core. It is only available for user or + # Service Principal credential, but not for Managed Identity credential (MSIAuthenticationWrapper). + # To retrieve a raw token, either call + # - Profile.get_raw_token, which is more direct + # - AdalAuthentication.get_token, which is designed for Track 2 SDKs self._token_retriever = token_retriever self._external_tenant_token_retriever = external_tenant_token_retriever From 2b8c5889afb05ea5d4f9a472ac83e1087da7348f Mon Sep 17 00:00:00 2001 From: Jiashuo Li Date: Tue, 10 Nov 2020 15:48:13 +0800 Subject: [PATCH 2/2] Refine --- src/azure-cli-core/azure/cli/core/adal_authentication.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/azure-cli-core/azure/cli/core/adal_authentication.py b/src/azure-cli-core/azure/cli/core/adal_authentication.py index 47c15c93751..68607a820c0 100644 --- a/src/azure-cli-core/azure/cli/core/adal_authentication.py +++ b/src/azure-cli-core/azure/cli/core/adal_authentication.py @@ -22,7 +22,8 @@ class AdalAuthentication(Authentication): # pylint: disable=too-few-public-meth def __init__(self, token_retriever, external_tenant_token_retriever=None): # DO NOT call _token_retriever from outside azure-cli-core. It is only available for user or - # Service Principal credential, but not for Managed Identity credential (MSIAuthenticationWrapper). + # Service Principal credential (AdalAuthentication), but not for Managed Identity credential + # (MSIAuthenticationWrapper). # To retrieve a raw token, either call # - Profile.get_raw_token, which is more direct # - AdalAuthentication.get_token, which is designed for Track 2 SDKs