Missing high-level hello world example for certificate principal usage

[synergiator]

It seems like there is a missing link for beginners how to use certificate principal authorization in a hello world example demonstrating benefits of SDK usage beyond direct API access.

What I have tried/found out so far:

• I like the "confidential client sample" examples in MSAL and ADAL libraries, but while in the ADAL there has been no usage example, MDAL just demonstrates low-level API usage without providing a usage example in a resource class.

• The online docs for the subscription client look quite scarce and it's not obvious how exactly the auth token should be passed to it. That is, the AAD credentials class docs seem to miss the certificate usage scenario.

[changlong-liu]

Hi @synergiator ,

We are working at the new generation of Python SDK which use auzre-identity for credential. I think you may need this in azure-identity: https://azuresdkdocs.blob.core.windows.net/$web/python/azure-identity/1.4.0/azure.identity.html#azure.identity.CertificateCredential

Currently 8 packages has released preview versions for the new generation SDK: appconfiguration: https://pypi.org/project/azure-mgmt-appconfiguration/1.0.0b1/ compute: https://pypi.org/project/azure-mgmt-compute/17.0.0b1/ eventhub: https://pypi.org/project/azure-mgmt-eventhub/8.0.0b1/ keyvault: https://pypi.org/project/azure-mgmt-keyvault/7.0.0b1/ monitor: https://pypi.org/project/azure-mgmt-monitor/1.0.0b1/ network: https://pypi.org/project/azure-mgmt-network/16.0.0b1/ resource: https://pypi.org/project/azure-mgmt-resource/15.0.0b1/ storage: https://pypi.org/project/azure-mgmt-storage/16.0.0b1/

[synergiator]

Hi there @changlong-liu, thank you for your reply! I have understood so far there is ongoing work and some beta/preview releases, but what does this mean for MSAL - will it become obsolete? Will be a high-level credential configuration possible with these new packages? If possible, please share an example, can't see it from the referenced docs.

What I'm trying to achieve is something like that:

identity = azure.identity.CertificateCredential(tenant_id, client_id,, certificate_path) # or another statement
subscriptionClient =  (credentials=identity)
subscriptionClient.list()
subscriptionClient.create(..)

Is this currently possible with existing code base?

While Azure CLI is written in Python, what happens actually in the background if I run this command:

az account create ...

That is, there is already some Python code, or are Python SDK and Azure CLI completely separate projects? (in AWS for example, they have botocore as base library, and both SDK boto3 and awscli build on it afaik).

[changlong-liu]

Hi @synergiator , The "az account create" use azure-mgmt-subscription, which has not released the next generation preview.

[xiangyan99]

@msyyc looks like azure-mgmt-subscription 2.0.0 has released. Could you help to update the issue?

[ghost]

Hi @synergiator. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text “/unresolve” to remove the “issue-addressed” label and continue the conversation.