Issue
Currently, Azure CLI uses subscriptionId as the primary key to distinguish between accounts (stored in ~/.azure/azureProfile.json).
def _get_key_name (account , secondary_key_name ):
return (account [_SUBSCRIPTION_ID ] if secondary_key_name is None
else '{}-{}' .format (account [_SUBSCRIPTION_ID ], account [secondary_key_name ]))
def _match_account (account , subscription_id , secondary_key_name , secondary_key_val ):
return (account [_SUBSCRIPTION_ID ] == subscription_id and
(secondary_key_val is None or account [secondary_key_name ] == secondary_key_val ))
This causes problem when
az login is run twice with different accounts that have access to the same subscriptions. The subscriptions listed during the second az login will overwrite subscriptions from the first az login.
A subscription can be accessed in multiple tenants. Only the first occurrence is preserved and all subsequent occurrences are discarded. ([Core][Profile] Support lighthouse multi-tenant subscription #11886 )
# When a subscription can be listed by multiple tenants, only the first appearance is retained
for sub_to_add in subscriptions :
add_sub = True
for sub_to_compare in all_subscriptions :
if sub_to_add .subscription_id == sub_to_compare .subscription_id :
logger .warning ("Subscription %s '%s' can be accessed from tenants %s(default) and %s. "
"To select a specific tenant when accessing this subscription, "
"use 'az login --tenant TENANT_ID'." ,
sub_to_add .subscription_id , sub_to_add .display_name ,
sub_to_compare .tenant_id , sub_to_add .tenant_id )
add_sub = False
break
Proposal
CLI should use a combined primary key or 3-layer structure which consists of username + tenant_id + subscription_id.
CLI should support switching users with az account set --username.
CLI should support switching tenants with az account set --tenant.
The selected subscription should be saved for each user and each tenant, so that after switching users/tenants, the selected subscription is restored.
Issue
Currently, Azure CLI uses
subscriptionIdas the primary key to distinguish between accounts (stored in~/.azure/azureProfile.json).azure-cli/src/azure-cli-core/azure/cli/core/_profile.py
Lines 399 to 405 in 58c9f78
This causes problem when
az loginis run twice with different accounts that have access to the same subscriptions. The subscriptions listed during the secondaz loginwill overwrite subscriptions from the firstaz login.azure-cli/src/azure-cli-core/azure/cli/core/_profile.py
Lines 924 to 935 in 58c9f78
Proposal
username + tenant_id + subscription_id.az account set --username.az account set --tenant.