Add "-certificate" param support for azcli (version 2.66.0 and above)

[wawanawna]

Task name: AzureCLIV2

Description: Add support of new "--certificate" parameter since old "--password" stopped working with certificates from version of azcli 2.67.0

Documentation changes required: (Y/N) N

Added unit tests: (Y/N) N
Attached related issue: Azure/azure-cli#30283 and Certificate based auth · Issue #111 · Azure/login
Checklist:

• Task version was bumped - please check instruction how to do it
• Checked that applied changes work as expected

[wawanawna]

@microsoft-github-policy-service agree

[NakagawaMakoto]

It is great that the PR is merged. But I am wondering the PR invokes yet another az process just to checke its version. It looks to me that the task invokes "az --version" at its startup. Why not reusing the information?

My concern is that az checks whether newer versions exist and you cannot disable its behaviour. If you run your pipeline agent in a hosted environment which is not connected to Internet, this version checking takes quite a long time to just fail.

[manolerazvan]

Thank you for your comments. We will address the redundant version check by removing the extra call as suggested. Regarding your concerns about disabling the AZ CLI's version check, it seems possible to achieve this by using the environment variable AZURE_CORE_NO_TELEMETRY=1 to suppress telemetry and related functionality.

However, I am unclear about your concern regarding agents with limited internet access. If the agents lack connectivity, commands like az login would also fail, as they rely on an internet connection to function. Could you clarify this aspect further?

[NakagawaMakoto]

Using AZURE_CORE_NO_TELEMETRY=1 does not look to disable version checking. Look at the message at the bottom.

$ AZURE_CORE_NO_TELEMETRY=1 az --version
azure-cli                         2.66.0
core                              2.66.0
telemetry                          1.1.0
Extensions:
automation                         0.1.4
logic                              0.1.6
monitor-control-service               0.4.0
Dependencies:
msal                              1.31.0
azure-mgmt-resource               23.1.1

Python location '/opt/az/bin/python3'
Extensions directory '/home/dxc_nakagawa/.azure/cliextensions'

Python (Linux) 3.12.7 (main, Oct 30 2024, 03:57:15) [GCC 12.2.0]

Legal docs and information: aka.ms/AzureCliLegal
Unable to check if your CLI is up-to-date. Check your internet connection.

I verified that with or without the variable, execution time of "az --version" does not change. I expect, without version checking, it will be executed more quickly.

A network configuration I have in mind is as follows. In this configuration you can az login without any problem.

• a pipeline agent is runing in a vm in Azure
• the vm is located in a network who is assigned a udr with next hop of default route to be NONE, but selectively assigning routing to services in Azure utilizing service tags, such as AzureActiveDirectory