Broker on macOS | Azure CLI Code Changes.

src/azure-cli-core/azure/cli/core/_profile.py

@@ -908,8 +908,10 @@ def _create_identity_instance(cli_ctx, authority, tenant_id=None, client_id=None
 
     # On Windows, use core.enable_broker_on_windows=false to disable broker (WAM) for authentication.
     enable_broker_on_windows = cli_ctx.config.getboolean('core', 'enable_broker_on_windows', fallback=True)
+    # On macOS, use core.enable_broker_on_mac=false to disable broker for authentication.
+    enable_broker_on_mac = cli_ctx.config.getboolean('core', 'enable_broker_on_mac', fallback=True)
     from .telemetry import set_broker_info
-    set_broker_info(enable_broker_on_windows)
+    set_broker_info(enable_broker_on_windows, enable_broker_on_mac)
 
     # PREVIEW: In Azure Stack environment, use core.instance_discovery=false to disable MSAL's instance discovery.
     instance_discovery = cli_ctx.config.getboolean('core', 'instance_discovery', True)
@@ -918,4 +920,5 @@ def _create_identity_instance(cli_ctx, authority, tenant_id=None, client_id=None
                     encrypt=encrypt,
                     use_msal_http_cache=use_msal_http_cache,
                     enable_broker_on_windows=enable_broker_on_windows,
+                    enable_broker_on_mac=enable_broker_on_mac,
                     instance_discovery=instance_discovery)

src/azure-cli-core/azure/cli/core/auth/identity.py

@@ -58,7 +58,7 @@ class Identity:  # pylint: disable=too-many-instance-attributes
     _service_principal_store_instance = None
 
     def __init__(self, authority, tenant_id=None, client_id=None, encrypt=False, use_msal_http_cache=True,
-                 enable_broker_on_windows=None, instance_discovery=None):
+                 enable_broker_on_windows=None, enable_broker_on_mac=None, instance_discovery=None):
         """
         :param authority: Authentication authority endpoint. For example,
             - AAD: https://login.microsoftonline.com
@@ -74,6 +74,7 @@ def __init__(self, authority, tenant_id=None, client_id=None, encrypt=False, use
         self._encrypt = encrypt
         self._use_msal_http_cache = use_msal_http_cache
         self._enable_broker_on_windows = enable_broker_on_windows
+        self._enable_broker_on_mac = enable_broker_on_mac
         self._instance_discovery = instance_discovery
 
         # Build the authority in MSAL style
@@ -111,9 +112,10 @@ def _msal_app_kwargs(self):
     @property
     def _msal_public_app_kwargs(self):
         """kwargs for creating PublicClientApplication."""
-        # enable_broker_on_windows can only be used on PublicClientApplication.
+        # enable_broker_on_windows and enable_broker_on_mac can only be used on PublicClientApplication.
         return {**self._msal_app_kwargs,
                 "enable_broker_on_windows": self._enable_broker_on_windows,
+            "enable_broker_on_mac": self._enable_broker_on_mac,
                 "enable_pii_log": True}
 
     @property

src/azure-cli-core/azure/cli/core/telemetry.py

@@ -78,6 +78,7 @@ def __init__(self, correlation_id=None, application=None):
         self.user_agent = None
         # authentication-related
         self.enable_broker_on_windows = None
+        self.enable_broker_on_mac = None
         self.msal_telemetry = None
         self.login_experience_v2 = None
 
@@ -237,6 +238,7 @@ def _get_azure_cli_properties(self):
         set_custom_properties(result, 'SecretNames', ','.join(self.secret_names or []))
         # authentication-related
         set_custom_properties(result, 'EnableBrokerOnWindows', str(self.enable_broker_on_windows))
+        set_custom_properties(result, 'EnableBrokerOnMac', str(self.enable_broker_on_mac))
         set_custom_properties(result, 'MsalTelemetry', self.msal_telemetry)
         set_custom_properties(result, 'LoginExperienceV2', str(self.login_experience_v2))
 
@@ -484,9 +486,10 @@ def set_region_identified(region_input, region_identified):
 
 # region authentication-related
 @decorators.suppress_all_exceptions()
-def set_broker_info(enable_broker_on_windows):
-    # Log the value of `enable_broker_on_windows`
+def set_broker_info(enable_broker_on_windows, enable_broker_on_mac=None):
+    # Log the value of `enable_broker_on_windows` and `enable_broker_on_mac`
     _session.enable_broker_on_windows = enable_broker_on_windows
+    _session.enable_broker_on_mac = enable_broker_on_mac
 
 
 @decorators.suppress_all_exceptions()

src/azure-cli-core/setup.py

@@ -55,8 +55,8 @@
     'knack~=0.11.0',
     'microsoft-security-utilities-secret-masker~=1.0.0b4',
     'msal-extensions==1.2.0',
-    'msal[broker]==1.35.0b1; sys_platform == "win32"',
-    'msal==1.35.0b1; sys_platform != "win32"',
+    'msal[broker]==1.35.0b1; sys_platform == "win32" or sys_platform == "darwin"',
+    'msal==1.35.0b1; sys_platform != "win32" and sys_platform != "darwin"',
     'packaging>=20.9',
     'pkginfo>=1.5.0.1',
     # psutil can't install on cygwin: https://github.com/Azure/azure-cli/issues/9399

src/azure-cli/requirements.py3.Darwin.txt

@@ -109,6 +109,8 @@ jmespath==0.9.5
 jsondiff==2.0.0
 knack==0.11.0
 msal-extensions==1.2.0
+# macOS/Darwin: standard msal without broker support. (this is for homebrew-core parallel run for next few months).
+# For broker support, use requirements.py3.MacOS.txt
 msal==1.35.0b1
 msrest==0.7.1
 oauthlib==3.2.2

src/azure-cli/requirements.py3.MacOS.txt

@@ -0,0 +1,138 @@
+antlr4-python3-runtime==4.13.1
+applicationinsights==0.11.9
+argcomplete==3.5.2
+asn1crypto==0.24.0
+azure-appconfiguration==1.7.2
+azure-batch==15.0.0b1
+azure-cli-core==2.83.0
+azure-cli-telemetry==1.1.0
+azure-cli==2.83.0
+azure-common==1.1.22
+azure-core==1.38.0
+azure-cosmos==3.2.0
+azure-data-tables==12.4.0
+azure-datalake-store==1.0.1
+azure-keyvault-administration==4.4.0
+azure-keyvault-certificates==4.7.0
+azure-keyvault-keys==4.11.0
+azure-keyvault-secrets==4.7.0
+azure-keyvault-securitydomain==1.0.0b1
+azure-mgmt-advisor==9.0.0
+azure-mgmt-apimanagement==4.0.0
+azure-mgmt-appconfiguration==5.0.0
+azure-mgmt-appcontainers==2.0.0
+azure-mgmt-applicationinsights==1.0.0
+azure-mgmt-authorization==5.0.0b1
+azure-mgmt-batch==17.3.0
+azure-mgmt-batchai==7.0.0b1
+azure-mgmt-billing==6.0.0
+azure-mgmt-botservice==2.0.0b3
+azure-mgmt-cdn==12.0.0
+azure-mgmt-cognitiveservices==14.1.0
+azure-mgmt-compute==34.1.0
+azure-mgmt-containerinstance==10.2.0b1
+azure-mgmt-containerregistry==14.1.0b1
+azure-mgmt-containerservice==40.2.0
+azure-mgmt-core==1.6.0
+azure-mgmt-cosmosdb==9.9.0
+azure-mgmt-datalake-nspkg==3.0.1
+azure-mgmt-datalake-store==1.1.0b1
+azure-mgmt-datamigration==10.0.0
+azure-mgmt-eventgrid==10.2.0b2
+azure-mgmt-eventhub==12.0.0b1
+azure-mgmt-extendedlocation==1.0.0b2
+azure-mgmt-hdinsight==9.1.0b2
+azure-mgmt-imagebuilder==1.3.0
+azure-mgmt-iotcentral==10.0.0b1
+azure-mgmt-iothub==5.0.0b1
+azure-mgmt-iothubprovisioningservices==1.1.0
+azure-mgmt-keyvault==13.0.0
+azure-mgmt-loganalytics==13.0.0b4
+azure-mgmt-managementgroups==1.0.0
+azure-mgmt-maps==2.0.0
+azure-mgmt-marketplaceordering==1.1.0
+azure-mgmt-media==9.0.0
+azure-mgmt-monitor==7.0.0b1
+azure-mgmt-msi==7.1.0
+azure-mgmt-netapp==10.1.0
+azure-mgmt-policyinsights==1.1.0b4
+azure-mgmt-postgresqlflexibleservers==2.0.0
+azure-mgmt-privatedns==1.0.0
+azure-mgmt-rdbms==10.2.0b17
+azure-mgmt-mysqlflexibleservers==1.1.0b2
+azure-mgmt-recoveryservices==4.0.0
+azure-mgmt-recoveryservicesbackup==9.2.0
+azure-mgmt-redhatopenshift==1.5.0
+azure-mgmt-redis==14.5.0
+azure-mgmt-resource==23.3.0
+azure-mgmt-resource-deployments==1.0.0b1
+azure-mgmt-resource-deploymentscripts==1.0.0b1
+azure-mgmt-resource-deploymentstacks==1.0.0b1
+azure-mgmt-resource-templatespecs==1.0.0b1
+azure-mgmt-search==9.0.0
+azure-mgmt-security==6.0.0
+azure-mgmt-servicebus==10.0.0b1
+azure-mgmt-servicefabric==2.1.0
+azure-mgmt-servicefabricmanagedclusters==2.1.0b1
+azure-mgmt-servicelinker==1.2.0b3
+azure-mgmt-sql==4.0.0b22
+azure-mgmt-signalr==2.0.0b2
+azure-mgmt-sqlvirtualmachine==1.0.0b5
+azure-mgmt-storage==24.0.0
+azure-mgmt-synapse==2.1.0b5
+azure-mgmt-trafficmanager==1.0.0
+azure-mgmt-web==9.0.0
+azure-monitor-query==1.2.0
+azure-nspkg==3.0.2
+azure-storage-common==1.4.2
+azure-storage-blob==12.28.0b1
+azure-storage-file-datalake==12.23.0b1
+azure-storage-file-share==12.24.0b1
+azure-storage-queue==12.15.0b1
+azure-synapse-accesscontrol==0.5.0
+azure-synapse-artifacts==0.21.0
+azure-synapse-managedprivateendpoints==0.4.0
+azure-synapse-spark==0.7.0
+bcrypt==3.2.0
+certifi==2024.7.4
+cffi==2.0.0
+chardet==5.2.0
+colorama==0.4.6
+cryptography==44.0.1
+fabric==3.2.2
+humanfriendly==10.0
+idna==3.7
+invoke==2.2.0
+isodate==0.6.1
+javaproperties==0.5.1
+jmespath==0.9.5
+jsondiff==2.0.0
+knack==0.11.0
+msal-extensions==1.2.0
+msal[broker]==1.35.0b1
+msrest==0.7.1
+oauthlib==3.2.2
+packaging==25.0
+paramiko==3.5.0
+pbr==7.0.3
+pkginfo==1.8.2
+portalocker==2.3.2
+psutil==6.1.0
+pycomposefile==0.0.34
+PyGithub==1.55
+PyJWT==2.10.1
+PyNaCl==1.6.2
+pyOpenSSL==25.0.0
+PySocks==1.7.1
+python-dateutil==2.8.0
+requests-oauthlib==1.2.0
+requests==2.32.4
+scp==0.13.2
+semver==3.0.4
+six==1.16.0
+sshtunnel==0.1.5
+tabulate==0.8.9
+urllib3==2.6.3
+wcwidth==0.1.7
+websocket-client==1.8.0
+xmltodict==0.12.0