def login(cmd, username=None, password=None, service_principal=None, tenant=None, allow_no_subscriptions=False,
identity=False, use_device_code=False, use_cert_sn_issuer=None, scopes=None, client_assertion=None):
"""Log in to access Azure subscriptions"""
# quick argument usage check
if any([password, service_principal, tenant]) and identity:
raise CLIError("usage error: '--identity' is not applicable with other arguments")
if any([password, service_principal, username, identity]) and use_device_code:
raise CLIError("usage error: '--use-device-code' is not applicable with other arguments")
if use_cert_sn_issuer and not service_principal:
raise CLIError("usage error: '--use-sn-issuer' is only applicable with a service principal")
if service_principal and not username:
raise CLIError('usage error: --service-principal --username NAME --password SECRET --tenant TENANT')
interactive = False
profile = Profile(cli_ctx=cmd.cli_ctx)
if identity:
if in_cloud_console():
return profile.login_in_cloud_shell()
return profile.login_with_managed_identity(username, allow_no_subscriptions)
if in_cloud_console(): # tell users they might not need login
logger.warning(_CLOUD_CONSOLE_LOGIN_WARNING)
if username:
if not (password or client_assertion):
try:
password = prompt_pass('Password: '******'Please specify both username and password in non-interactive mode.')
else:
interactive = True
if service_principal:
from azure.cli.core.auth.identity import ServicePrincipalAuth
password = ServicePrincipalAuth.build_credential(password, client_assertion, use_cert_sn_issuer)
subscriptions = profile.login(
interactive,
username,
password,
service_principal,
tenant,
scopes=scopes,
use_device_code=use_device_code,
allow_no_subscriptions=allow_no_subscriptions,
use_cert_sn_issuer=use_cert_sn_issuer)
all_subscriptions = list(subscriptions)
for sub in all_subscriptions:
sub['cloudName'] = sub.pop('environmentName', None)
return all_subscriptions
