sp-cert2

jiasli · jiasli · commit 58e01df39ffe · 2024-11-01T14:19:33.000+08:00
diff --git a/src/azure-cli-core/azure/cli/core/auth/identity.py b/src/azure-cli-core/azure/cli/core/auth/identity.py
@@ -37,10 +37,6 @@
     "Select the account you want to log in with. "
     "For more information on login with Azure CLI, see https://go.microsoft.com/fwlink/?linkid=2271136")
 
-PASSWORD_CERTIFICATE_WARNING = (
-    "Passing the service principal certificate with `--password` is deprecated and will be removed "
-    "by version 2.74. Please use `--certificate` instead.")
-
 logger = get_logger(__name__)
 
 
@@ -307,7 +303,7 @@ def build_from_credential(cls, tenant_id, client_id, credential):
         return ServicePrincipalAuth(entry)
 
     @classmethod
-    def build_credential(cls, secret_or_certificate=None,
+    def build_credential(cls, client_secret=None,
                          certificate=None, use_cert_sn_issuer=None,
                          client_assertion=None):
         """Build credential from user input. The credential looks like below, but only one key can exist.
@@ -318,20 +314,12 @@ def build_credential(cls, secret_or_certificate=None,
         }
         """
         entry = {}
-        if certificate:
+        if client_secret:
+            entry[_CLIENT_SECRET] = client_secret
+        elif certificate:
             entry[_CERTIFICATE] = os.path.expanduser(certificate)
             if use_cert_sn_issuer:
                 entry[_USE_CERT_SN_ISSUER] = use_cert_sn_issuer
-        elif secret_or_certificate:
-            # TODO: Make secret_or_certificate secret only
-            user_expanded = os.path.expanduser(secret_or_certificate)
-            if os.path.isfile(user_expanded):
-                logger.warning(PASSWORD_CERTIFICATE_WARNING)
-                entry[_CERTIFICATE] = user_expanded
-                if use_cert_sn_issuer:
-                    entry[_USE_CERT_SN_ISSUER] = use_cert_sn_issuer
-            else:
-                entry[_CLIENT_SECRET] = secret_or_certificate
         elif client_assertion:
             entry[_CLIENT_ASSERTION] = client_assertion
         return entry
diff --git a/src/azure-cli-core/azure/cli/core/auth/tests/test_identity.py b/src/azure-cli-core/azure/cli/core/auth/tests/test_identity.py
@@ -264,20 +264,10 @@ def test_service_principal_auth_client_assertion(self):
         assert client_credential == {'client_assertion': 'test_jwt'}
 
     def test_build_credential(self):
-        # secret
-        cred = ServicePrincipalAuth.build_credential(secret_or_certificate="test_secret")
+        # client_secret
+        cred = ServicePrincipalAuth.build_credential(client_secret="test_secret")
         assert cred == {"client_secret": "test_secret"}
 
-        # secret with '~', which is preserved as-is
-        cred = ServicePrincipalAuth.build_credential(secret_or_certificate="~test_secret")
-        assert cred == {"client_secret": "~test_secret"}
-
-        # certificate as password (deprecated)
-        current_dir = os.path.dirname(os.path.realpath(__file__))
-        test_cert_file = os.path.join(current_dir, 'sp_cert.pem')
-        cred = ServicePrincipalAuth.build_credential(secret_or_certificate=test_cert_file)
-        assert cred == {'certificate': test_cert_file}
-
         # certificate
         current_dir = os.path.dirname(os.path.realpath(__file__))
         test_cert_file = os.path.join(current_dir, 'sp_cert.pem')
@@ -297,7 +287,7 @@ def test_build_credential(self):
         cred = ServicePrincipalAuth.build_credential(certificate=test_cert_file, use_cert_sn_issuer=True)
         assert cred == {'certificate': test_cert_file, 'use_cert_sn_issuer': True}
 
-        # client assertion
+        # client_assertion
         cred = ServicePrincipalAuth.build_credential(client_assertion="test_jwt")
         assert cred == {"client_assertion": "test_jwt"}
 
diff --git a/src/azure-cli/azure/cli/command_modules/profile/_help.py b/src/azure-cli/azure/cli/command_modules/profile/_help.py
@@ -21,10 +21,6 @@
     For more details, see https://go.microsoft.com/fwlink/?linkid=2276314
 
 
-    [WARNING] Passing the service principal certificate with `--password` is deprecated and will be removed
-    by version 2.74. Please use `--certificate` instead.
-
-
     To log in with a service principal, specify --service-principal.
 
 
diff --git a/src/azure-cli/azure/cli/command_modules/profile/custom.py b/src/azure-cli/azure/cli/command_modules/profile/custom.py
@@ -159,7 +159,7 @@ def login(cmd, username=None, password=None, tenant=None, scopes=None, allow_no_
     if service_principal:
         from azure.cli.core.auth.identity import ServicePrincipalAuth
         password = ServicePrincipalAuth.build_credential(
-            secret_or_certificate=password,
+            client_secret=password,
             certificate=certificate, use_cert_sn_issuer=use_cert_sn_issuer,
             client_assertion=client_assertion)
 
