Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package azure-cli-core for openSUSE:Factory
checked in at 2025-07-10 22:12:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/azure-cli-core (Old)
and /work/SRC/openSUSE:Factory/.azure-cli-core.new.7373 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "azure-cli-core"
Thu Jul 10 22:12:27 2025 rev:83 rq:1291616 version:2.75.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/azure-cli-core/azure-cli-core.changes
2025-06-11 18:35:28.521476406 +0200
+++ /work/SRC/openSUSE:Factory/.azure-cli-core.new.7373/azure-cli-core.changes
2025-07-10 22:12:28.376524862 +0200
@@ -1,0 +2,9 @@
+Wed Jul 9 07:21:15 UTC 2025 - John Paul Adrian Glaubitz
<adrian.glaub...@suse.com>
+
+- New upstream release
+ + Version 2.75.0
+ + For detailed information about changes see the
+ HISTORY.rst file provided with this package
+- Update Requires from setup.py
+
+-------------------------------------------------------------------
Old:
----
azure_cli_core-2.74.0.tar.gz
New:
----
azure_cli_core-2.75.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ azure-cli-core.spec ++++++
--- /var/tmp/diff_new_pack.yHDbub/_old 2025-07-10 22:12:29.144556805 +0200
+++ /var/tmp/diff_new_pack.yHDbub/_new 2025-07-10 22:12:29.144556805 +0200
@@ -24,7 +24,7 @@
%global _sitelibdir %{%{pythons}_sitelib}
Name: azure-cli-core
-Version: 2.74.0
+Version: 2.75.0
Release: 0
Summary: Microsoft Azure CLI Core Module
License: MIT
@@ -52,11 +52,9 @@
Requires: %{pythons}-knack >= 0.11.0
Requires: %{pythons}-microsoft-security-utilities-secret-masker >=
1.0.0~b4
Requires: %{pythons}-msal < 2.0.0
-Requires: %{pythons}-msal >= 1.32.3
+Requires: %{pythons}-msal >= 1.33.0~b1
Requires: %{pythons}-msal-extensions < 2.0.0
Requires: %{pythons}-msal-extensions >= 1.2.0
-Requires: %{pythons}-msrestazure < 0.7.0
-Requires: %{pythons}-msrestazure >= 0.6.4
Requires: %{pythons}-packaging >= 20.9
Requires: %{pythons}-pip
Requires: %{pythons}-pkginfo >= 1.5.0.1
++++++ azure_cli_core-2.74.0.tar.gz -> azure_cli_core-2.75.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/azure_cli_core-2.74.0/HISTORY.rst
new/azure_cli_core-2.75.0/HISTORY.rst
--- old/azure_cli_core-2.74.0/HISTORY.rst 2025-05-27 11:14:12.000000000
+0200
+++ new/azure_cli_core-2.75.0/HISTORY.rst 2025-06-24 12:16:29.000000000
+0200
@@ -3,6 +3,11 @@
Release History
===============
+2.75.0
+++++++
+* Resolve CVE-2025-50181 (#31669)
+* Resolve CVE-2025-50182 (#31669)
+
2.74.0
++++++
* Resolve CVE-2024-13176 (#31503)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/azure_cli_core-2.74.0/PKG-INFO
new/azure_cli_core-2.75.0/PKG-INFO
--- old/azure_cli_core-2.74.0/PKG-INFO 2025-05-27 11:14:39.939581400 +0200
+++ new/azure_cli_core-2.75.0/PKG-INFO 2025-06-24 12:17:13.254765300 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.4
Name: azure-cli-core
-Version: 2.74.0
+Version: 2.75.0
Summary: Microsoft Azure Command-Line Tools Core Module
Home-page: https://github.com/Azure/azure-cli
Author: Microsoft Corporation
@@ -28,8 +28,8 @@
Requires-Dist: knack~=0.11.0
Requires-Dist: microsoft-security-utilities-secret-masker~=1.0.0b4
Requires-Dist: msal-extensions==1.2.0
-Requires-Dist: msal[broker]==1.32.3
-Requires-Dist: msrestazure~=0.6.4
+Requires-Dist: msal[broker]==1.33.0b1; sys_platform == "win32"
+Requires-Dist: msal==1.33.0b1; sys_platform != "win32"
Requires-Dist: packaging>=20.9
Requires-Dist: pkginfo>=1.5.0.1
Requires-Dist: psutil>=5.9; sys_platform != "cygwin"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/azure_cli_core-2.74.0/azure/cli/core/__init__.py
new/azure_cli_core-2.75.0/azure/cli/core/__init__.py
--- old/azure_cli_core-2.74.0/azure/cli/core/__init__.py 2025-05-27
11:14:12.000000000 +0200
+++ new/azure_cli_core-2.75.0/azure/cli/core/__init__.py 2025-06-24
12:16:29.000000000 +0200
@@ -4,7 +4,7 @@
#
--------------------------------------------------------------------------------------------
# pylint: disable=line-too-long
-__version__ = "2.74.0"
+__version__ = "2.75.0"
import os
import sys
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/azure_cli_core-2.74.0/azure/cli/core/_profile.py
new/azure_cli_core-2.75.0/azure/cli/core/_profile.py
--- old/azure_cli_core-2.74.0/azure/cli/core/_profile.py 2025-05-27
11:14:12.000000000 +0200
+++ new/azure_cli_core-2.75.0/azure/cli/core/_profile.py 2025-06-24
12:16:29.000000000 +0200
@@ -220,69 +220,14 @@
self._set_subscriptions(consolidated)
return deepcopy(consolidated)
- def login_with_managed_identity_msrestazure(self, client_id=None,
object_id=None, resource_id=None,
- allow_no_subscriptions=None):
- # Old way of using msrestazure for managed identity
- import jwt
- from azure.cli.core.auth.adal_authentication import
MSIAuthenticationWrapper
- resource = self.cli_ctx.cloud.endpoints.active_directory_resource_id
-
- id_arg_count = len([arg for arg in (client_id, object_id, resource_id)
if arg])
- if id_arg_count > 1:
- raise CLIError('Usage error: Provide only one of --client-id,
--object-id, --resource-id.')
-
- if id_arg_count == 0:
- identity_type = MsiAccountTypes.system_assigned
- identity_id = None
- msi_creds = MSIAuthenticationWrapper(resource=resource)
- elif client_id:
- identity_type = MsiAccountTypes.user_assigned_client_id
- identity_id = client_id
- msi_creds = MSIAuthenticationWrapper(resource=resource,
client_id=client_id)
- elif object_id:
- identity_type = MsiAccountTypes.user_assigned_object_id
- identity_id = object_id
- msi_creds = MSIAuthenticationWrapper(resource=resource,
object_id=object_id)
- elif resource_id:
- identity_type = MsiAccountTypes.user_assigned_resource_id
- identity_id = resource_id
- msi_creds = MSIAuthenticationWrapper(resource=resource,
msi_res_id=resource_id)
-
- token_entry = msi_creds.token
- token = token_entry['access_token']
- logger.info('MSI: token was retrieved. Now trying to initialize local
accounts...')
- decode = jwt.decode(token, algorithms=['RS256'],
options={"verify_signature": False})
- tenant = decode['tid']
-
- subscription_finder = SubscriptionFinder(self.cli_ctx)
- subscriptions = subscription_finder.find_using_specific_tenant(tenant,
msi_creds)
- base_name = ('{}-{}'.format(identity_type, identity_id) if identity_id
else identity_type)
- user = _USER_ASSIGNED_IDENTITY if identity_id else
_SYSTEM_ASSIGNED_IDENTITY
- if not subscriptions:
- if allow_no_subscriptions:
- subscriptions = self._build_tenant_level_accounts([tenant])
- else:
- raise CLIError('No access was configured for the VM, hence no
subscriptions were found. '
- "If this is expected, use
'--allow-no-subscriptions' to have tenant level access.")
-
- consolidated = self._normalize_properties(user, subscriptions,
is_service_principal=True,
-
user_assigned_identity_id=base_name)
- self._set_subscriptions(consolidated)
- return deepcopy(consolidated)
-
def login_with_managed_identity(self, client_id=None, object_id=None,
resource_id=None,
allow_no_subscriptions=None):
- if not _use_msal_managed_identity(self.cli_ctx):
- return self.login_with_managed_identity_msrestazure(
- client_id=client_id, object_id=object_id,
resource_id=resource_id,
- allow_no_subscriptions=allow_no_subscriptions)
-
import jwt
from .auth.constants import ACCESS_TOKEN
- identity_id_type, identity_id_value = MsiAccountTypes.parse_ids(
+ identity_id_type, identity_id_value = ManagedIdentityAuth.parse_ids(
client_id=client_id, object_id=object_id, resource_id=resource_id)
- cred = MsiAccountTypes.msal_credential_factory(identity_id_type,
identity_id_value)
+ cred = ManagedIdentityAuth.credential_factory(identity_id_type,
identity_id_value)
token = cred.acquire_token(self._arm_scope)[ACCESS_TOKEN]
logger.info('Managed identity: token was retrieved. Now trying to
initialize local accounts...')
decode = jwt.decode(token, algorithms=['RS256'],
options={"verify_signature": False})
@@ -300,7 +245,7 @@
"If this is expected, use
'--allow-no-subscriptions' to have tenant level access.")
consolidated = self._normalize_properties(user, subscriptions,
is_service_principal=True,
-
user_assigned_identity_id=base_name)
+
assigned_identity_info=base_name)
self._set_subscriptions(consolidated)
return deepcopy(consolidated)
@@ -366,21 +311,14 @@
if in_cloud_console() and account[_USER_ENTITY].get(_CLOUD_SHELL_ID):
# Cloud Shell
from .auth.msal_credentials import CloudShellCredential
- # The credential must be wrapped by CredentialAdaptor so that it
can work with Track 1 SDKs.
+ # The credential must be wrapped by CredentialAdaptor so that it
can work with SDK.
sdk_cred = CredentialAdaptor(CloudShellCredential())
elif managed_identity_type:
# managed identity
- if _use_msal_managed_identity(self.cli_ctx):
- # The credential must be wrapped by CredentialAdaptor so that
it can work with Track 1 SDKs.
- cred =
MsiAccountTypes.msal_credential_factory(managed_identity_type,
managed_identity_id)
- sdk_cred = CredentialAdaptor(cred)
- else:
- # The resource is merely used by msrestazure to get the first
access token.
- # It is not actually used in an API invocation.
- sdk_cred = MsiAccountTypes.msi_auth_factory(
- managed_identity_type, managed_identity_id,
- self.cli_ctx.cloud.endpoints.active_directory_resource_id)
+ # The credential must be wrapped by CredentialAdaptor so that it
can work with SDK.
+ cred =
ManagedIdentityAuth.credential_factory(managed_identity_type,
managed_identity_id)
+ sdk_cred = CredentialAdaptor(cred)
else:
# user and service principal
@@ -427,39 +365,36 @@
if tenant:
raise CLIError("Tenant shouldn't be specified for Cloud Shell
account")
from .auth.msal_credentials import CloudShellCredential
- sdk_cred = CredentialAdaptor(CloudShellCredential())
+ cred = CloudShellCredential()
elif managed_identity_type:
# managed identity
if tenant:
raise CLIError("Tenant shouldn't be specified for managed
identity account")
- if _use_msal_managed_identity(self.cli_ctx):
- cred =
MsiAccountTypes.msal_credential_factory(managed_identity_type,
managed_identity_id)
- if credential_out:
- credential_out['credential'] = cred
- sdk_cred = CredentialAdaptor(cred)
- else:
- from .auth.util import scopes_to_resource
- sdk_cred =
MsiAccountTypes.msi_auth_factory(managed_identity_type, managed_identity_id,
-
scopes_to_resource(scopes))
+ cred =
ManagedIdentityAuth.credential_factory(managed_identity_type,
managed_identity_id)
+ if credential_out:
+ credential_out['credential'] = cred
else:
- sdk_cred = CredentialAdaptor(self._create_credential(account,
tenant_id=tenant))
+ cred = self._create_credential(account, tenant_id=tenant)
- sdk_token = sdk_cred.get_token(*scopes)
+ msal_token = cred.acquire_token(scopes)
# Convert epoch int 'expires_on' to datetime string 'expiresOn' for
backward compatibility
# WARNING: expiresOn is deprecated and will be removed in future
release.
import datetime
- expiresOn =
datetime.datetime.fromtimestamp(sdk_token.expires_on).strftime("%Y-%m-%d
%H:%M:%S.%f")
+ from .auth.util import now_timestamp
+ from .auth.constants import EXPIRES_IN, ACCESS_TOKEN
+ expires_on = now_timestamp() + msal_token[EXPIRES_IN]
+ expiresOn =
datetime.datetime.fromtimestamp(expires_on).strftime("%Y-%m-%d %H:%M:%S.%f")
token_entry = {
- 'accessToken': sdk_token.token,
- 'expires_on': sdk_token.expires_on, # epoch int, like 1605238724
+ 'accessToken': msal_token[ACCESS_TOKEN],
+ 'expires_on': expires_on, # epoch int, like 1605238724
'expiresOn': expiresOn # datetime string, like "2020-11-12
13:50:47.114324"
}
# Build a tuple of (token_type, token, token_entry)
- token_tuple = 'Bearer', sdk_token.token, token_entry
+ token_tuple = 'Bearer', msal_token[ACCESS_TOKEN], token_entry
# Return a tuple of (token_tuple, subscription, tenant)
return (token_tuple,
@@ -467,7 +402,7 @@
str(tenant if tenant else account[_TENANT_ID]))
def _normalize_properties(self, user, subscriptions, is_service_principal,
cert_sn_issuer_auth=None,
- user_assigned_identity_id=None):
+ assigned_identity_info=None):
consolidated = []
for s in subscriptions:
subscription_dict = {
@@ -490,8 +425,8 @@
if cert_sn_issuer_auth:
consolidated[-1][_USER_ENTITY][_SERVICE_PRINCIPAL_CERT_SN_ISSUER_AUTH] = True
- if user_assigned_identity_id:
- consolidated[-1][_USER_ENTITY][_ASSIGNED_IDENTITY_INFO] =
user_assigned_identity_id
+ if assigned_identity_info:
+ consolidated[-1][_USER_ENTITY][_ASSIGNED_IDENTITY_INFO] =
assigned_identity_info
return consolidated
@@ -629,16 +564,18 @@
@staticmethod
def _parse_managed_identity_account(account):
+ # user.name will always exist, so we check it first.
+ # user.userAssignedIdentity will only exist if user.name is
systemAssignedIdentity or userAssignedIdentity
user_name = account[_USER_ENTITY][_USER_NAME]
if user_name == _SYSTEM_ASSIGNED_IDENTITY:
# The account contains:
- # "assignedIdentityInfo": "MSI",
- # "name": "systemAssignedIdentity",
- return MsiAccountTypes.system_assigned, None
+ # "name": "systemAssignedIdentity"
+ # "assignedIdentityInfo": "MSI"
+ return ManagedIdentityAuth.system_assigned, None
if user_name == _USER_ASSIGNED_IDENTITY:
# The account contains:
- # "assignedIdentityInfo":
"MSIClient-xxx"/"MSIObject-xxx"/"MSIResource-xxx",
- # "name": "userAssignedIdentity",
+ # "name": "userAssignedIdentity"
+ # "assignedIdentityInfo":
"MSIClient-xxx"/"MSIObject-xxx"/"MSIResource-xxx"
return
tuple(account[_USER_ENTITY][_ASSIGNED_IDENTITY_INFO].split('-', maxsplit=1))
return None, None
@@ -760,7 +697,7 @@
return installation_id
-class MsiAccountTypes:
+class ManagedIdentityAuth:
# pylint: disable=no-method-argument,no-self-argument
system_assigned = 'MSI'
user_assigned_client_id = 'MSIClient'
@@ -768,25 +705,13 @@
user_assigned_resource_id = 'MSIResource'
@staticmethod
- def valid_msi_account_types():
- return [MsiAccountTypes.system_assigned,
MsiAccountTypes.user_assigned_client_id,
- MsiAccountTypes.user_assigned_object_id,
MsiAccountTypes.user_assigned_resource_id]
-
- @staticmethod
- def msi_auth_factory(cli_account_name, identity, resource):
- from azure.cli.core.auth.adal_authentication import
MSIAuthenticationWrapper
- if cli_account_name == MsiAccountTypes.system_assigned:
- return MSIAuthenticationWrapper(resource=resource)
- if cli_account_name == MsiAccountTypes.user_assigned_client_id:
- return MSIAuthenticationWrapper(resource=resource,
client_id=identity)
- if cli_account_name == MsiAccountTypes.user_assigned_object_id:
- return MSIAuthenticationWrapper(resource=resource,
object_id=identity)
- if cli_account_name == MsiAccountTypes.user_assigned_resource_id:
- return MSIAuthenticationWrapper(resource=resource,
msi_res_id=identity)
- raise ValueError("unrecognized msi account name
'{}'".format(cli_account_name))
-
- @staticmethod
def parse_ids(client_id=None, object_id=None, resource_id=None):
+ """Parse IDs into ID type and ID value:
+ - system-assigned: MSI, None
+ - user-assigned client ID: MSIClient, <GUID>
+ - user-assigned object ID: MSIObject, <GUID>
+ - user-assigned resource ID: MSIResource, <Resource ID>
+ """
id_arg_count = len([arg for arg in (client_id, object_id, resource_id)
if arg])
if id_arg_count > 1:
raise CLIError('Usage error: Provide only one of --client-id,
--object-id, --resource-id.')
@@ -794,29 +719,29 @@
id_type = None
id_value = None
if id_arg_count == 0:
- id_type = MsiAccountTypes.system_assigned
+ id_type = ManagedIdentityAuth.system_assigned
id_value = None
elif client_id:
- id_type = MsiAccountTypes.user_assigned_client_id
+ id_type = ManagedIdentityAuth.user_assigned_client_id
id_value = client_id
elif object_id:
- id_type = MsiAccountTypes.user_assigned_object_id
+ id_type = ManagedIdentityAuth.user_assigned_object_id
id_value = object_id
elif resource_id:
- id_type = MsiAccountTypes.user_assigned_resource_id
+ id_type = ManagedIdentityAuth.user_assigned_resource_id
id_value = resource_id
return id_type, id_value
@staticmethod
- def msal_credential_factory(id_type, id_value):
+ def credential_factory(id_type, id_value):
from azure.cli.core.auth.msal_credentials import
ManagedIdentityCredential
- if id_type == MsiAccountTypes.system_assigned:
+ if id_type == ManagedIdentityAuth.system_assigned:
return ManagedIdentityCredential()
- if id_type == MsiAccountTypes.user_assigned_client_id:
+ if id_type == ManagedIdentityAuth.user_assigned_client_id:
return ManagedIdentityCredential(client_id=id_value)
- if id_type == MsiAccountTypes.user_assigned_object_id:
+ if id_type == ManagedIdentityAuth.user_assigned_object_id:
return ManagedIdentityCredential(object_id=id_value)
- if id_type == MsiAccountTypes.user_assigned_resource_id:
+ if id_type == ManagedIdentityAuth.user_assigned_resource_id:
return ManagedIdentityCredential(resource_id=id_value)
raise ValueError("Unrecognized managed identity ID type
'{}'".format(id_type))
@@ -931,9 +856,7 @@
.format(ResourceType.MGMT_RESOURCE_SUBSCRIPTIONS, self.cli_ctx.cloud.profile))
api_version = get_api_version(self.cli_ctx,
ResourceType.MGMT_RESOURCE_SUBSCRIPTIONS)
- # MSIAuthenticationWrapper already implements get_token, so no need to
wrap it with CredentialAdaptor
- from azure.cli.core.auth.adal_authentication import
MSIAuthenticationWrapper
- sdk_cred = credential if isinstance(credential,
MSIAuthenticationWrapper) else CredentialAdaptor(credential)
+ sdk_cred = CredentialAdaptor(credential)
client_kwargs = _prepare_mgmt_client_kwargs_track2(self.cli_ctx,
sdk_cred)
client = client_type(sdk_cred, api_version=api_version,
base_url=self.cli_ctx.cloud.endpoints.resource_manager,
@@ -984,11 +907,3 @@
use_msal_http_cache=use_msal_http_cache,
enable_broker_on_windows=enable_broker_on_windows,
instance_discovery=instance_discovery)
-
-
-def _use_msal_managed_identity(cli_ctx):
- from azure.cli.core.telemetry import set_use_msal_managed_identity
- # Use core.use_msal_managed_identity=false to use the old msrestazure
implementation
- use_msal_managed_identity = cli_ctx.config.getboolean('core',
'use_msal_managed_identity', fallback=True)
- set_use_msal_managed_identity(use_msal_managed_identity)
- return use_msal_managed_identity
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_cli_core-2.74.0/azure/cli/core/auth/adal_authentication.py
new/azure_cli_core-2.75.0/azure/cli/core/auth/adal_authentication.py
--- old/azure_cli_core-2.74.0/azure/cli/core/auth/adal_authentication.py
2025-05-27 11:14:12.000000000 +0200
+++ new/azure_cli_core-2.75.0/azure/cli/core/auth/adal_authentication.py
1970-01-01 01:00:00.000000000 +0100
@@ -1,129 +0,0 @@
-#
--------------------------------------------------------------------------------------------
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See License.txt in the project root for
license information.
-#
--------------------------------------------------------------------------------------------
-
-import requests
-from knack.log import get_logger
-from msrestazure.azure_active_directory import MSIAuthentication
-
-from .util import scopes_to_resource, AccessToken
-
-logger = get_logger(__name__)
-
-
-class MSIAuthenticationWrapper(MSIAuthentication):
- # This method is exposed for Azure Core. Add *scopes, **kwargs to fit
azure.core requirement
- # pylint: disable=line-too-long
- def get_token(self, *scopes, **kwargs): # pylint:disable=unused-argument
- logger.debug("MSIAuthenticationWrapper.get_token: scopes=%r,
kwargs=%r", scopes, kwargs)
-
- if 'data' in kwargs:
- from azure.cli.core.util import in_cloud_console
- if in_cloud_console():
- # Use MSAL to get VM SSH certificate
- import msal
- from .util import check_result, build_sdk_access_token
- from .constants import AZURE_CLI_CLIENT_ID
- app = msal.PublicClientApplication(
- AZURE_CLI_CLIENT_ID, # Use a real client_id, so that
cache would work
- # TODO: This PoC does not currently maintain a token cache;
- # Ideally we should reuse the real MSAL app object which
has cache configured.
- # token_cache=...,
- )
- result = app.acquire_token_interactive(list(scopes),
prompt="none", data=kwargs["data"])
- check_result(result, scopes=scopes)
- return build_sdk_access_token(result)
-
- from azure.cli.core.azclierror import AuthenticationError
- raise AuthenticationError("VM SSH currently doesn't support
managed identity.")
-
- # Use msrestazure to get access token
- resource = scopes_to_resource(scopes)
- if resource:
- # If available, use resource provided by SDK
- self.resource = resource
- self.set_token()
- # VM managed identity endpoint 2018-02-01 token entry sample:
- # curl
"http://169.254.169.254:80/metadata/identity/oauth2/token?resource=https://management.core.windows.net/&api-version=2018-02-01";
-H "Metadata: true"
- # {
- # "access_token": "eyJ0eXAiOiJKV...",
- # "client_id": "da95e381-d7ab-4fdc-8047-2457909c723b",
- # "expires_in": "86386",
- # "expires_on": "1605238724",
- # "ext_expires_in": "86399",
- # "not_before": "1605152024",
- # "resource": "https://management.core.windows.net/";,
- # "token_type": "Bearer"
- # }
-
- # App Service managed identity endpoint 2017-09-01 token entry sample:
- # curl
"${MSI_ENDPOINT}?resource=https://management.core.windows.net/&api-version=2017-09-01";
-H "secret: ${MSI_SECRET}"
- # {
- # "access_token": "eyJ0eXAiOiJKV...",
- # "expires_on":"11/05/2021 15:18:31 +00:00",
- # "resource":"https://management.core.windows.net/";,
- # "token_type":"Bearer",
- # "client_id":"df45d93a-de31-47ca-acef-081ca60d1a83"
- # }
- return AccessToken(self.token['access_token'],
_normalize_expires_on(self.token['expires_on']))
-
- def set_token(self):
- import traceback
- from azure.cli.core.azclierror import AzureConnectionError,
AzureResponseError
- try:
- super().set_token()
- except requests.exceptions.ConnectionError as err:
- logger.debug('throw requests.exceptions.ConnectionError when doing
MSIAuthentication: \n%s',
- traceback.format_exc())
- raise AzureConnectionError('Failed to connect to MSI. Please make
sure MSI is configured correctly '
- 'and check the network
connection.\nError detail: {}'.format(str(err)))
- except requests.exceptions.HTTPError as err:
- logger.debug('throw requests.exceptions.HTTPError when doing
MSIAuthentication: \n%s',
- traceback.format_exc())
- try:
- raise AzureResponseError('Failed to connect to MSI. Please
make sure MSI is configured correctly.\n'
- 'Get Token request returned http
error: {}, reason: {}'
- .format(err.response.status,
err.response.reason))
- except AttributeError:
- raise AzureResponseError('Failed to connect to MSI. Please
make sure MSI is configured correctly.\n'
- 'Get Token request returned:
{}'.format(err.response))
- except TimeoutError as err:
- logger.debug('throw TimeoutError when doing MSIAuthentication:
\n%s',
- traceback.format_exc())
- raise AzureConnectionError('MSI endpoint is not responding. Please
make sure MSI is configured correctly.\n'
- 'Error detail: {}'.format(str(err)))
-
- def signed_session(self, session=None):
- logger.debug("MSIAuthenticationWrapper.signed_session invoked by Track
1 SDK")
- super().signed_session(session)
-
- def get_auxiliary_tokens(self, *scopes, **kwargs): #
pylint:disable=no-self-use,unused-argument
- """This method is added to align with
CredentialAdaptor.get_auxiliary_tokens
- Since managed identity belongs to a single tenant and currently
doesn't support cross-tenant authentication,
- simply return None."""
- return None
-
-
-def _normalize_expires_on(expires_on):
- """
- The expires_on field returned by managed identity differs on Azure VM
(epoch str) and App Service (datetime str).
- Normalize to epoch int.
- """
- try:
- # Treat as epoch string "1605238724"
- expires_on_epoch_int = int(expires_on)
- except ValueError:
- import datetime
-
- # Python 3.6 doesn't recognize timezone as +00:00.
- # These lines can be dropped after Python 3.6 is dropped.
- #
https://stackoverflow.com/questions/30999230/how-to-parse-timezone-with-colon
- if expires_on[-3] == ":":
- expires_on = expires_on[:-3] + expires_on[-2:]
-
- # Treat as datetime string "11/05/2021 15:18:31 +00:00"
- expires_on_epoch_int = int(datetime.datetime.strptime(expires_on,
'%m/%d/%Y %H:%M:%S %z').timestamp())
-
- logger.debug("Normalize expires_on: %r -> %r", expires_on,
expires_on_epoch_int)
- return expires_on_epoch_int
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_cli_core-2.74.0/azure/cli/core/auth/credential_adaptor.py
new/azure_cli_core-2.75.0/azure/cli/core/auth/credential_adaptor.py
--- old/azure_cli_core-2.74.0/azure/cli/core/auth/credential_adaptor.py
2025-05-27 11:14:12.000000000 +0200
+++ new/azure_cli_core-2.75.0/azure/cli/core/auth/credential_adaptor.py
2025-06-24 12:16:29.000000000 +0200
@@ -76,7 +76,7 @@
# 'token_source': 'cache'
# }
from .constants import ACCESS_TOKEN, EXPIRES_IN
- from .util import _now_timestamp
+ from .util import now_timestamp
from azure.core.credentials import AccessTokenInfo
- return AccessTokenInfo(token_entry[ACCESS_TOKEN], _now_timestamp() +
token_entry[EXPIRES_IN])
+ return AccessTokenInfo(token_entry[ACCESS_TOKEN], now_timestamp() +
token_entry[EXPIRES_IN])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/azure_cli_core-2.74.0/azure/cli/core/auth/util.py
new/azure_cli_core-2.75.0/azure/cli/core/auth/util.py
--- old/azure_cli_core-2.74.0/azure/cli/core/auth/util.py 2025-05-27
11:14:12.000000000 +0200
+++ new/azure_cli_core-2.75.0/azure/cli/core/auth/util.py 2025-06-24
12:16:29.000000000 +0200
@@ -151,7 +151,7 @@
# This can slow down commands that doesn't need azure.core, like `az
account get-access-token`.
# So We define our own AccessToken.
from .constants import ACCESS_TOKEN, EXPIRES_IN
- return AccessToken(token_entry[ACCESS_TOKEN], _now_timestamp() +
token_entry[EXPIRES_IN])
+ return AccessToken(token_entry[ACCESS_TOKEN], now_timestamp() +
token_entry[EXPIRES_IN])
def decode_access_token(access_token):
@@ -177,6 +177,6 @@
return success_template, error_template
-def _now_timestamp():
+def now_timestamp():
import time
return int(time.time())
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_cli_core-2.74.0/azure/cli/core/breaking_change.py
new/azure_cli_core-2.75.0/azure/cli/core/breaking_change.py
--- old/azure_cli_core-2.74.0/azure/cli/core/breaking_change.py 2025-05-27
11:14:12.000000000 +0200
+++ new/azure_cli_core-2.75.0/azure/cli/core/breaking_change.py 2025-06-24
12:16:29.000000000 +0200
@@ -106,10 +106,10 @@
self.tags = list(tags)
def _get_merged_tag(self):
- return ''.join({tag._get_tag(self) for tag in self.tags}) #
pylint: disable=protected-access
+ return ''.join({tag._get_tag(tag) for tag in self.tags}) #
pylint: disable=protected-access
def _get_merged_msg(self):
- return '\n'.join({tag._get_message(self) for tag in self.tags}) #
pylint: disable=protected-access
+ return '\n'.join({tag._get_message(tag) for tag in self.tags}) #
pylint: disable=protected-access
super().__init__(cli_ctx, tag.object_type, tag.target,
tag_func=_get_merged_tag,
message_func=_get_merged_msg, color=tag._color)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_cli_core-2.74.0/azure/cli/core/commands/__init__.py
new/azure_cli_core-2.75.0/azure/cli/core/commands/__init__.py
--- old/azure_cli_core-2.74.0/azure/cli/core/commands/__init__.py
2025-05-27 11:14:12.000000000 +0200
+++ new/azure_cli_core-2.75.0/azure/cli/core/commands/__init__.py
2025-06-24 12:16:29.000000000 +0200
@@ -1054,7 +1054,13 @@
logger.warning('%s during progress reporting: %s',
getattr(type(ex), '__name__', type(ex)), ex)
try:
if self.progress_bar:
- self.progress_bar.update_progress()
+ status = ""
+ # some pollers do not have a status method (eg.
AAZLROPoller)
+ try:
+ status = poller.status()
+ except AttributeError:
+ pass
+ self.progress_bar.update_progress_with_msg(status)
self._delay()
except KeyboardInterrupt:
if self.progress_bar:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_cli_core-2.74.0/azure/cli/core/commands/progress.py
new/azure_cli_core-2.75.0/azure/cli/core/commands/progress.py
--- old/azure_cli_core-2.74.0/azure/cli/core/commands/progress.py
2025-05-27 11:14:12.000000000 +0200
+++ new/azure_cli_core-2.75.0/azure/cli/core/commands/progress.py
2025-06-24 12:16:29.000000000 +0200
@@ -192,5 +192,11 @@
def update_progress(self):
self.hook.add(message=self.message)
+ def update_progress_with_msg(self, message):
+ if message != "":
+ self.hook.add(message=message)
+ else:
+ self.hook.add(message=self.message)
+
def end(self):
self.hook.end()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_cli_core-2.74.0/azure/cli/core/profiles/_shared.py
new/azure_cli_core-2.75.0/azure/cli/core/profiles/_shared.py
--- old/azure_cli_core-2.74.0/azure/cli/core/profiles/_shared.py
2025-05-27 11:14:12.000000000 +0200
+++ new/azure_cli_core-2.75.0/azure/cli/core/profiles/_shared.py
2025-06-24 12:16:29.000000000 +0200
@@ -218,6 +218,7 @@
ResourceType.DATA_STORAGE_FILESHARE: '2025-05-05',
ResourceType.DATA_STORAGE_QUEUE: '2018-03-28',
ResourceType.DATA_COSMOS_TABLE: '2017-04-17',
+ ResourceType.DATA_STORAGE_TABLE: None,
ResourceType.MGMT_SERVICEBUS: '2022-10-01-preview',
ResourceType.MGMT_EVENTHUB: '2022-01-01-preview',
ResourceType.MGMT_MONITOR: None,
@@ -229,7 +230,7 @@
ResourceType.MGMT_ARO: '2023-11-22',
ResourceType.MGMT_DATABOXEDGE: '2021-02-01-preview',
ResourceType.MGMT_CUSTOMLOCATION: '2021-03-15-preview',
- ResourceType.MGMT_CONTAINERSERVICE: SDKProfile('2025-03-01'),
+ ResourceType.MGMT_CONTAINERSERVICE: SDKProfile('2025-04-01'),
ResourceType.MGMT_APPCONTAINERS: '2022-10-01',
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/azure_cli_core-2.74.0/azure/cli/core/telemetry.py
new/azure_cli_core-2.75.0/azure/cli/core/telemetry.py
--- old/azure_cli_core-2.74.0/azure/cli/core/telemetry.py 2025-05-27
11:14:12.000000000 +0200
+++ new/azure_cli_core-2.75.0/azure/cli/core/telemetry.py 2025-06-24
12:16:29.000000000 +0200
@@ -78,7 +78,6 @@
self.enable_broker_on_windows = None
self.msal_telemetry = None
self.login_experience_v2 = None
- self.use_msal_managed_identity = None
def add_event(self, name, properties):
for key in self.instrumentation_key:
@@ -235,7 +234,6 @@
set_custom_properties(result, 'EnableBrokerOnWindows',
str(self.enable_broker_on_windows))
set_custom_properties(result, 'MsalTelemetry', self.msal_telemetry)
set_custom_properties(result, 'LoginExperienceV2',
str(self.login_experience_v2))
- set_custom_properties(result, 'UseMsalManagedIdentity',
str(self.use_msal_managed_identity))
return result
@@ -488,11 +486,6 @@
@decorators.suppress_all_exceptions()
def set_login_experience_v2(login_experience_v2):
_session.login_experience_v2 = login_experience_v2
-
-
-@decorators.suppress_all_exceptions()
-def set_use_msal_managed_identity(use_msal_managed_identity):
- _session.use_msal_managed_identity = use_msal_managed_identity
# endregion
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_cli_core-2.74.0/azure_cli_core.egg-info/PKG-INFO
new/azure_cli_core-2.75.0/azure_cli_core.egg-info/PKG-INFO
--- old/azure_cli_core-2.74.0/azure_cli_core.egg-info/PKG-INFO 2025-05-27
11:14:39.000000000 +0200
+++ new/azure_cli_core-2.75.0/azure_cli_core.egg-info/PKG-INFO 2025-06-24
12:17:13.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.4
Name: azure-cli-core
-Version: 2.74.0
+Version: 2.75.0
Summary: Microsoft Azure Command-Line Tools Core Module
Home-page: https://github.com/Azure/azure-cli
Author: Microsoft Corporation
@@ -28,8 +28,8 @@
Requires-Dist: knack~=0.11.0
Requires-Dist: microsoft-security-utilities-secret-masker~=1.0.0b4
Requires-Dist: msal-extensions==1.2.0
-Requires-Dist: msal[broker]==1.32.3
-Requires-Dist: msrestazure~=0.6.4
+Requires-Dist: msal[broker]==1.33.0b1; sys_platform == "win32"
+Requires-Dist: msal==1.33.0b1; sys_platform != "win32"
Requires-Dist: packaging>=20.9
Requires-Dist: pkginfo>=1.5.0.1
Requires-Dist: psutil>=5.9; sys_platform != "cygwin"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_cli_core-2.74.0/azure_cli_core.egg-info/SOURCES.txt
new/azure_cli_core-2.75.0/azure_cli_core.egg-info/SOURCES.txt
--- old/azure_cli_core-2.74.0/azure_cli_core.egg-info/SOURCES.txt
2025-05-27 11:14:39.000000000 +0200
+++ new/azure_cli_core-2.75.0/azure_cli_core.egg-info/SOURCES.txt
2025-06-24 12:17:13.000000000 +0200
@@ -58,7 +58,6 @@
azure/cli/core/aaz/exceptions.py
azure/cli/core/aaz/utils.py
azure/cli/core/auth/__init__.py
-azure/cli/core/auth/adal_authentication.py
azure/cli/core/auth/binary_cache.py
azure/cli/core/auth/constants.py
azure/cli/core/auth/credential_adaptor.py
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_cli_core-2.74.0/azure_cli_core.egg-info/requires.txt
new/azure_cli_core-2.75.0/azure_cli_core.egg-info/requires.txt
--- old/azure_cli_core-2.74.0/azure_cli_core.egg-info/requires.txt
2025-05-27 11:14:39.000000000 +0200
+++ new/azure_cli_core-2.75.0/azure_cli_core.egg-info/requires.txt
2025-06-24 12:17:13.000000000 +0200
@@ -7,8 +7,6 @@
knack~=0.11.0
microsoft-security-utilities-secret-masker~=1.0.0b4
msal-extensions==1.2.0
-msal[broker]==1.32.3
-msrestazure~=0.6.4
packaging>=20.9
pkginfo>=1.5.0.1
PyJWT>=2.1.0
@@ -19,5 +17,11 @@
[:sys_platform != "cygwin"]
psutil>=5.9
+[:sys_platform != "win32"]
+msal==1.33.0b1
+
[:sys_platform == "linux"]
distro
+
+[:sys_platform == "win32"]
+msal[broker]==1.33.0b1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/azure_cli_core-2.74.0/setup.py
new/azure_cli_core-2.75.0/setup.py
--- old/azure_cli_core-2.74.0/setup.py 2025-05-27 11:14:12.000000000 +0200
+++ new/azure_cli_core-2.75.0/setup.py 2025-06-24 12:16:29.000000000 +0200
@@ -8,7 +8,7 @@
from codecs import open
from setuptools import setup, find_packages
-VERSION = "2.74.0"
+VERSION = "2.75.0"
# If we have source, validate that our version numbers match
# This should prevent uploading releases with mismatched versions.
@@ -54,8 +54,8 @@
'knack~=0.11.0',
'microsoft-security-utilities-secret-masker~=1.0.0b4',
'msal-extensions==1.2.0',
- 'msal[broker]==1.32.3',
- 'msrestazure~=0.6.4',
+ 'msal[broker]==1.33.0b1; sys_platform == "win32"',
+ 'msal==1.33.0b1; sys_platform != "win32"',
'packaging>=20.9',
'pkginfo>=1.5.0.1',
# psutil can't install on cygwin:
https://github.com/Azure/azure-cli/issues/9399
