py2docfx 0.1.11.dev1985872__py3-none-any.whl → 0.1.11.dev1989123__py3-none-any.whl

py2docfx/venv/venv1/Lib/site-packages/azure/identity/_credentials/azure_cli.py

@@ -6,6 +6,7 @@ from datetime import datetime
 import json
 import os
 import re
+import logging
 import shutil
 import subprocess
 import sys
@@ -15,12 +16,22 @@ from azure.core.credentials import AccessToken, AccessTokenInfo, TokenRequestOpt
 from azure.core.exceptions import ClientAuthenticationError
 
 from .. import CredentialUnavailableError
-from .._internal import _scopes_to_resource, resolve_tenant, within_dac, validate_tenant_id, validate_scope
+from .._internal import (
+    _scopes_to_resource,
+    resolve_tenant,
+    within_dac,
+    validate_tenant_id,
+    validate_scope,
+    validate_subscription,
+)
 from .._internal.decorators import log_get_token
 
 
+_LOGGER = logging.getLogger(__name__)
+
 CLI_NOT_FOUND = "Azure CLI not found on path"
-COMMAND_LINE = "az account get-access-token --output json --resource {}"
+# COMMAND_LINE = "account get-access-token --output json --resource {}"
+COMMAND_LINE = ["account", "get-access-token", "--output", "json"]
 EXECUTABLE_NAME = "az"
 NOT_LOGGED_IN = "Please run 'az login' to set up an account"
 
@@ -31,6 +42,8 @@ class AzureCliCredential:
     This requires previously logging in to Azure via "az login", and will use the CLI's currently logged in identity.
 
     :keyword str tenant_id: Optional tenant to include in the token request.
+    :keyword str subscription: The name or ID of a subscription. Set this to acquire tokens for an account other
+        than the Azure CLI's current account.
     :keyword List[str] additionally_allowed_tenants: Specifies tenants in addition to the specified "tenant_id"
         for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to
         acquire tokens for any tenant the application can access.
@@ -50,12 +63,17 @@ class AzureCliCredential:
         self,
         *,
         tenant_id: str = "",
+        subscription: Optional[str] = None,
         additionally_allowed_tenants: Optional[List[str]] = None,
         process_timeout: int = 10,
     ) -> None:
         if tenant_id:
             validate_tenant_id(tenant_id)
+        if subscription:
+            validate_subscription(subscription)
+
         self.tenant_id = tenant_id
+        self.subscription = subscription
         self._additionally_allowed_tenants = additionally_allowed_tenants or []
         self._process_timeout = process_timeout
 
@@ -135,7 +153,7 @@ class AzureCliCredential:
             validate_scope(scope)
 
         resource = _scopes_to_resource(*scopes)
-        command = COMMAND_LINE.format(resource)
+        command_args = COMMAND_LINE + ["--resource", resource]
         tenant = resolve_tenant(
             default_tenant=self.tenant_id,
             tenant_id=tenant_id,
@@ -143,8 +161,11 @@ class AzureCliCredential:
             **kwargs,
         )
         if tenant:
-            command += " --tenant " + tenant
-        output = _run_command(command, self._process_timeout)
+            command_args += ["--tenant", tenant]
+
+        if self.subscription:
+            command_args += ["--subscription", self.subscription]
+        output = _run_command(command_args, self._process_timeout)
 
         token = parse_token(output)
         if not token:
@@ -211,15 +232,13 @@ def sanitize_output(output: str) -> str:
     return re.sub(r"\"accessToken\": \"(.*?)(\"|$)", "****", output)
 
 
-def _run_command(command: str, timeout: int) -> str:
+def _run_command(command_args: List[str], timeout: int) -> str:
     # Ensure executable exists in PATH first. This avoids a subprocess call that would fail anyway.
-    if shutil.which(EXECUTABLE_NAME) is None:
+    az_path = shutil.which(EXECUTABLE_NAME)
+    if not az_path:
         raise CredentialUnavailableError(message=CLI_NOT_FOUND)
 
-    if sys.platform.startswith("win"):
-        args = ["cmd", "/c", command]
-    else:
-        args = ["/bin/sh", "-c", command]
+    args = [az_path] + command_args
     try:
         working_directory = get_safe_working_dir()
 
@@ -231,13 +250,16 @@ def _run_command(command: str, timeout: int) -> str:
             "timeout": timeout,
             "env": dict(os.environ, AZURE_CORE_NO_COLOR="true"),
         }
+        _LOGGER.debug("Executing subprocess with the following arguments %s", args)
         return subprocess.check_output(args, **kwargs)
     except subprocess.CalledProcessError as ex:
         # non-zero return from shell
         # Fallback check in case the executable is not found while executing subprocess.
-        if ex.returncode == 127 or ex.stderr.startswith("'az' is not recognized"):
+        if ex.returncode == 127 or (ex.stderr is not None and ex.stderr.startswith("'az' is not recognized")):
             raise CredentialUnavailableError(message=CLI_NOT_FOUND) from ex
-        if ("az login" in ex.stderr or "az account set" in ex.stderr) and "AADSTS" not in ex.stderr:
+        if ex.stderr is not None and (
+            ("az login" in ex.stderr or "az account set" in ex.stderr) and "AADSTS" not in ex.stderr
+        ):
             raise CredentialUnavailableError(message=NOT_LOGGED_IN) from ex
 
         # return code is from the CLI -> propagate its output
@@ -252,7 +274,7 @@ def _run_command(command: str, timeout: int) -> str:
         # failed to execute 'cmd' or '/bin/sh'
         error = CredentialUnavailableError(message="Failed to execute '{}'".format(args[0]))
         raise error from ex
-    except Exception as ex:  # pylint:disable=broad-except
+    except Exception as ex:
         # could be a timeout, for example
         error = CredentialUnavailableError(message="Failed to invoke the Azure CLI")
         raise error from ex

py2docfx/venv/venv1/Lib/site-packages/azure/identity/_credentials/azure_powershell.py

@@ -192,7 +192,7 @@ def run_command_line(command_line: List[str], timeout: int) -> str:
             proc = start_process(command_line)
             stdout, stderr = proc.communicate(**kwargs)
 
-    except Exception as ex:  # pylint:disable=broad-except
+    except Exception as ex:
         # failed to execute "cmd" or "/bin/sh", or timed out; PowerShell and Az.Account may or may not be installed
         # (handling Exception here because subprocess.SubprocessError and .TimeoutExpired were added in 3.3)
         if proc and not proc.returncode:

py2docfx/venv/venv1/Lib/site-packages/azure/identity/_credentials/chained.py

@@ -37,8 +37,8 @@ class ChainedTokenCredential:
     """A sequence of credentials that is itself a credential.
 
     Its :func:`get_token` method calls ``get_token`` on each credential in the sequence, in order, returning the first
-    valid token received. For more information, see
-    https://aka.ms/azsdk/python/identity/credential-chains#chainedtokencredential-overview.
+    valid token received. For more information, see `ChainedTokenCredential overview
+    <"https://aka.ms/azsdk/python/identity/credential-chains#chainedtokencredential-overview">`__.
 
     :param credentials: credential instances to form the chain
     :type credentials: ~azure.core.credentials.TokenCredential

py2docfx/venv/venv1/Lib/site-packages/azure/identity/_credentials/default.py

@@ -24,8 +24,9 @@ _LOGGER = logging.getLogger(__name__)
 
 
 class DefaultAzureCredential(ChainedTokenCredential):
-    """A credential capable of handling most Azure SDK authentication scenarios. See
-    https://aka.ms/azsdk/python/identity/credential-chains#usage-guidance-for-defaultazurecredential.
+    """A credential capable of handling most Azure SDK authentication scenarios. For more information, See
+    `Usage guidance for DefaultAzureCredential
+    <"https://aka.ms/azsdk/python/identity/credential-chains#usage-guidance-for-defaultazurecredential">`__.
 
     The identity it uses depends on the environment. When an access token is needed, it requests one using these
     identities in turn, stopping when one provides a token:
@@ -153,7 +154,7 @@ class DefaultAzureCredential(ChainedTokenCredential):
                     WorkloadIdentityCredential(
                         client_id=cast(str, client_id),
                         tenant_id=workload_identity_tenant_id,
-                        file=os.environ[EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE],
+                        token_file_path=os.environ[EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE],
                         **kwargs
                     )
                 )

py2docfx/venv/venv1/Lib/site-packages/azure/identity/_credentials/imds.py

@@ -89,7 +89,7 @@ class ImdsCredential(MsalManagedIdentityClient):
                 # IMDS responded
                 _check_forbidden_response(ex)
                 self._endpoint_available = True
-            except Exception as ex:  # pylint:disable=broad-except
+            except Exception as ex:
                 error_message = (
                     "ManagedIdentityCredential authentication unavailable, no response from the IMDS endpoint."
                 )
@@ -119,7 +119,7 @@ class ImdsCredential(MsalManagedIdentityClient):
             raise ClientAuthenticationError(message=ex.message, response=ex.response) from ex
         except json.decoder.JSONDecodeError as ex:
             raise CredentialUnavailableError(message="ManagedIdentityCredential authentication unavailable.") from ex
-        except Exception as ex:  # pylint:disable=broad-except
+        except Exception as ex:
             # if anything else was raised, assume the endpoint is unavailable
             error_message = "ManagedIdentityCredential authentication unavailable, no response from the IMDS endpoint."
             raise CredentialUnavailableError(error_message) from ex

py2docfx/venv/venv1/Lib/site-packages/azure/identity/_credentials/managed_identity.py

@@ -108,7 +108,7 @@ class ManagedIdentityCredential:
             self._credential = WorkloadIdentityCredential(
                 tenant_id=os.environ[EnvironmentVariables.AZURE_TENANT_ID],
                 client_id=workload_client_id,
-                file=os.environ[EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE],
+                token_file_path=os.environ[EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE],
                 **kwargs,
             )
         else:

py2docfx/venv/venv1/Lib/site-packages/azure/identity/_internal/__init__.py

@@ -13,6 +13,7 @@ from .utils import (
     normalize_authority,
     resolve_tenant,
     validate_scope,
+    validate_subscription,
     validate_tenant_id,
     within_credential_chain,
     within_dac,
@@ -49,6 +50,7 @@ __all__ = [
     "normalize_authority",
     "resolve_tenant",
     "validate_scope",
+    "validate_subscription",
     "within_credential_chain",
     "within_dac",
     "wrap_exceptions",

py2docfx/venv/venv1/Lib/site-packages/azure/identity/_internal/auth_code_redirect_handler.py

@@ -28,7 +28,7 @@ class AuthCodeRedirectHandler(BaseHTTPRequestHandler):
 
         self.wfile.write(b"Authentication complete. You can close this window.")
 
-    def log_message(self, format, *args):  # pylint: disable=redefined-builtin,unused-argument
+    def log_message(self, format, *args):  # pylint: disable=redefined-builtin
         pass  # this prevents server dumping messages to stdout
 
 

py2docfx/venv/venv1/Lib/site-packages/azure/identity/_internal/decorators.py

@@ -22,24 +22,32 @@ def log_get_token(fn):
         try:
             token = fn(*args, **kwargs)
             _LOGGER.log(
-                logging.DEBUG if within_credential_chain.get() else logging.INFO, "%s succeeded", fn.__qualname__
+                logging.DEBUG if within_credential_chain.get() else logging.INFO,
+                "%s succeeded",
+                fn.__qualname__,
             )
             if _LOGGER.isEnabledFor(logging.DEBUG):
                 try:
-                    base64_meta_data = token.token.split(".")[1].encode("utf-8") + b"=="
-                    json_bytes = base64.decodebytes(base64_meta_data)
+                    base64_meta_data = token.token.split(".")[1]
+                    padding_needed = -len(base64_meta_data) % 4
+                    if padding_needed:
+                        base64_meta_data += "=" * padding_needed
+                    json_bytes = base64.urlsafe_b64decode(base64_meta_data)
                     json_string = json_bytes.decode("utf-8")
                     json_dict = json.loads(json_string)
                     upn = json_dict.get("upn", "unavailableUpn")
+                    appid = json_dict.get("appid", "<unavailable>")
+                    tid = json_dict.get("tid", "<unavailable>")
+                    oid = json_dict.get("oid", "<unavailable>")
                     log_string = (
-                        "[Authenticated account] Client ID: {}. Tenant ID: {}. User Principal Name: {}. "
-                        "Object ID (user): {}".format(json_dict["appid"], json_dict["tid"], upn, json_dict["oid"])
+                        f"[Authenticated account] Client ID: {appid}. "
+                        f"Tenant ID: {tid}. User Principal Name: {upn}. Object ID (user): {oid}"
                     )
                     _LOGGER.debug(log_string)
                 except Exception as ex:  # pylint: disable=broad-except
                     _LOGGER.debug("Failed to log the account information: %s", ex, exc_info=True)
             return token
-        except Exception as ex:  # pylint: disable=broad-except
+        except Exception as ex:
             _LOGGER.log(
                 logging.DEBUG if within_credential_chain.get() else logging.WARNING,
                 "%s failed: %s",
@@ -67,7 +75,7 @@ def wrap_exceptions(fn):
             return fn(*args, **kwargs)
         except ClientAuthenticationError:
             raise
-        except Exception as ex:  # pylint:disable=broad-except
+        except Exception as ex:
             auth_error = ClientAuthenticationError(message="Authentication failed: {}".format(ex))
             raise auth_error from ex
 

py2docfx/venv/venv1/Lib/site-packages/azure/identity/_internal/interactive.py

@@ -224,7 +224,7 @@ class InteractiveCredential(MsalCredential, ABC):
 
             # this may be the first authentication, or the user may have authenticated a different identity
             self._auth_record = _build_auth_record(result)
-        except Exception as ex:  # pylint:disable=broad-except
+        except Exception as ex:
             _LOGGER.warning(
                 "%s.%s failed: %s",
                 self.__class__.__name__,

py2docfx/venv/venv1/Lib/site-packages/azure/identity/_internal/managed_identity_client.py

@@ -19,7 +19,6 @@ from .._internal.pipeline import build_pipeline
 
 
 class ManagedIdentityClientBase(abc.ABC):
-    # pylint:disable=missing-client-constructor-parameter-credential
     def __init__(
         self,
         request_factory: Callable[[str, dict], HttpRequest],

py2docfx/venv/venv1/Lib/site-packages/azure/identity/_internal/msal_client.py

@@ -7,7 +7,7 @@ from typing import Any, Dict, Optional, Union
 
 from azure.core.exceptions import ClientAuthenticationError
 from azure.core.pipeline.policies import ContentDecodePolicy
-from azure.core.pipeline.transport import (  # pylint:disable=unknown-option-value,no-legacy-azure-core-http-response-import
+from azure.core.pipeline.transport import (  # pylint:disable=no-legacy-azure-core-http-response-import
     HttpRequest,
     HttpResponse,
 )

py2docfx/venv/venv1/Lib/site-packages/azure/identity/_internal/msal_managed_identity_client.py

@@ -59,6 +59,7 @@ class MsalManagedIdentityClient(abc.ABC):  # pylint:disable=client-accepts-api-v
                 token_type=result.get("token_type", "Bearer"),
                 refresh_on=refresh_on,
             )
+        error_desc = ""
         if result and "error" in result:
             error_desc = cast(str, result["error"])
         error_message = self.get_unavailable_message(error_desc)
@@ -186,7 +187,7 @@ class MsalManagedIdentityClient(abc.ABC):  # pylint:disable=client-accepts-api-v
                 exc_info=_LOGGER.isEnabledFor(logging.DEBUG),
             )
             raise ClientAuthenticationError(self.get_unavailable_message(str(ex))) from ex
-        except Exception as ex:  # pylint:disable=broad-except
+        except Exception as ex:
             _LOGGER.log(
                 logging.DEBUG if within_credential_chain.get() else logging.WARNING,
                 "%s.%s failed: %s",

py2docfx/venv/venv1/Lib/site-packages/azure/identity/_internal/shared_token_cache.py

@@ -88,7 +88,7 @@ class SharedTokenCacheBase(ABC):  # pylint: disable=too-many-instance-attributes
         authority: Optional[str] = None,
         tenant_id: Optional[str] = None,
         **kwargs: Any
-    ) -> None:  # pylint:disable=unused-argument
+    ) -> None:
         self._authority = normalize_authority(authority) if authority else get_default_authority()
         environment = urlparse(self._authority).netloc
         self._environment_aliases = KNOWN_ALIASES.get(environment) or frozenset((environment,))
@@ -246,7 +246,7 @@ class SharedTokenCacheBase(ABC):  # pylint: disable=too-many-instance-attributes
                     return AccessTokenInfo(
                         token["secret"], expires_on, token_type=token.get("token_type", "Bearer"), refresh_on=refresh_on
                     )
-        except Exception as ex:  # pylint:disable=broad-except
+        except Exception as ex:
             message = "Error accessing cached data: {}".format(ex)
             raise CredentialUnavailableError(message=message) from ex
 
@@ -262,7 +262,7 @@ class SharedTokenCacheBase(ABC):  # pylint: disable=too-many-instance-attributes
                 msal.TokenCache.CredentialType.REFRESH_TOKEN, query={"home_account_id": account["home_account_id"]}
             )
             return [token["secret"] for token in cache_entries if "secret" in token]
-        except Exception as ex:  # pylint:disable=broad-except
+        except Exception as ex:
             message = "Error accessing cached data: {}".format(ex)
             raise CredentialUnavailableError(message=message) from ex
 

py2docfx/venv/venv1/Lib/site-packages/azure/identity/_internal/utils.py

@@ -20,6 +20,7 @@ _LOGGER = logging.getLogger(__name__)
 
 VALID_TENANT_ID_CHARACTERS = frozenset(ascii_letters + digits + "-.")
 VALID_SCOPE_CHARACTERS = frozenset(ascii_letters + digits + "_-.:/")
+VALID_SUBSCRIPTION_CHARACTERS = frozenset(ascii_letters + digits + "_-. ")
 
 
 def normalize_authority(authority: str) -> str:
@@ -68,7 +69,21 @@ def validate_tenant_id(tenant_id: str) -> None:
     if not tenant_id or any(c not in VALID_TENANT_ID_CHARACTERS for c in tenant_id):
         raise ValueError(
             "Invalid tenant ID provided. You can locate your tenant ID by following the instructions here: "
-            + "https://learn.microsoft.com/partner-center/find-ids-and-domain-names"
+            "https://learn.microsoft.com/partner-center/find-ids-and-domain-names"
+        )
+
+
+def validate_subscription(subscription: str) -> None:
+    """Raise ValueError if subscription is empty or contains a character invalid for a subscription name/ID.
+
+    :param str subscription: subscription ID to validate
+    :raises: ValueError if subscription is empty or contains a character invalid for a subscription ID.
+    """
+    if not subscription or any(c not in VALID_SUBSCRIPTION_CHARACTERS for c in subscription):
+        raise ValueError(
+            f"Subscription '{subscription}' contains invalid characters. If this is the name of a subscription, use "
+            "its ID instead. You can locate your subscription by following the instructions listed here: "
+            "https://learn.microsoft.com/azure/azure-portal/get-subscription-tenant-id"
         )
 
 
@@ -77,7 +92,7 @@ def resolve_tenant(
     tenant_id: Optional[str] = None,
     *,
     additionally_allowed_tenants: Optional[List[str]] = None,
-    **_
+    **_,
 ) -> str:
     """Returns the correct tenant for a token request given a credential's configuration.
 

py2docfx/venv/venv1/Lib/site-packages/azure/identity/_version.py

@@ -2,4 +2,4 @@
 # Copyright (c) Microsoft Corporation.
 # Licensed under the MIT License.
 # ------------------------------------
-VERSION = "1.19.0"
+VERSION = "1.20.0"

py2docfx/venv/venv1/Lib/site-packages/azure/identity/aio/_credentials/azd_cli.py

@@ -3,6 +3,7 @@
 # Licensed under the MIT License.
 # ------------------------------------
 import asyncio
+import logging
 import os
 import shutil
 import sys
@@ -26,6 +27,9 @@ from ..._credentials.azd_cli import (
 from ..._internal import resolve_tenant, within_dac, validate_tenant_id, validate_scope
 
 
+_LOGGER = logging.getLogger(__name__)
+
+
 class AzureDeveloperCliCredential(AsyncContextManager):
     """Authenticates by requesting a token from the Azure Developer CLI.
 
@@ -153,8 +157,9 @@ class AzureDeveloperCliCredential(AsyncContextManager):
         for scope in scopes:
             validate_scope(scope)
 
-        commandString = " --scope ".join(scopes)
-        command = COMMAND_LINE.format(commandString)
+        command_args = COMMAND_LINE.copy()
+        for scope in scopes:
+            command_args += ["--scope", scope]
         tenant = resolve_tenant(
             default_tenant=self.tenant_id,
             tenant_id=tenant_id,
@@ -163,8 +168,8 @@ class AzureDeveloperCliCredential(AsyncContextManager):
         )
 
         if tenant:
-            command += " --tenant-id " + tenant
-        output = await _run_command(command, self._process_timeout)
+            command_args += ["--tenant-id", tenant]
+        output = await _run_command(command_args, self._process_timeout)
 
         token = parse_token(output)
         if not token:
@@ -184,19 +189,17 @@ class AzureDeveloperCliCredential(AsyncContextManager):
         """Calling this method is unnecessary"""
 
 
-async def _run_command(command: str, timeout: int) -> str:
+async def _run_command(command_args: List[str], timeout: int) -> str:
     # Ensure executable exists in PATH first. This avoids a subprocess call that would fail anyway.
-    if shutil.which(EXECUTABLE_NAME) is None:
+    azd_path = shutil.which(EXECUTABLE_NAME)
+    if not azd_path:
         raise CredentialUnavailableError(message=CLI_NOT_FOUND)
 
-    if sys.platform.startswith("win"):
-        args = ("cmd", "/c " + command)
-    else:
-        args = ("/bin/sh", "-c", command)
-
+    args = [azd_path] + command_args
     working_directory = get_safe_working_dir()
 
     try:
+        _LOGGER.debug("Executing subprocess with the following arguments %s", args)
         proc = await asyncio.create_subprocess_exec(
             *args,
             stdout=asyncio.subprocess.PIPE,

py2docfx/venv/venv1/Lib/site-packages/azure/identity/aio/_credentials/azure_cli.py

@@ -3,6 +3,7 @@
 # Licensed under the MIT License.
 # ------------------------------------
 import asyncio
+import logging
 import os
 import shutil
 import sys
@@ -23,7 +24,17 @@ from ..._credentials.azure_cli import (
     parse_token,
     sanitize_output,
 )
-from ..._internal import _scopes_to_resource, resolve_tenant, within_dac, validate_tenant_id, validate_scope
+from ..._internal import (
+    _scopes_to_resource,
+    resolve_tenant,
+    within_dac,
+    validate_tenant_id,
+    validate_scope,
+    validate_subscription,
+)
+
+
+_LOGGER = logging.getLogger(__name__)
 
 
 class AzureCliCredential(AsyncContextManager):
@@ -32,6 +43,8 @@ class AzureCliCredential(AsyncContextManager):
     This requires previously logging in to Azure via "az login", and will use the CLI's currently logged in identity.
 
     :keyword str tenant_id: Optional tenant to include in the token request.
+    :keyword str subscription: The name or ID of a subscription. Set this to acquire tokens for an account other
+        than the Azure CLI's current account.
     :keyword List[str] additionally_allowed_tenants: Specifies tenants in addition to the specified "tenant_id"
         for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to
         acquire tokens for any tenant the application can access.
@@ -51,12 +64,17 @@ class AzureCliCredential(AsyncContextManager):
         self,
         *,
         tenant_id: str = "",
+        subscription: Optional[str] = None,
         additionally_allowed_tenants: Optional[List[str]] = None,
         process_timeout: int = 10,
     ) -> None:
         if tenant_id:
             validate_tenant_id(tenant_id)
+        if subscription:
+            validate_subscription(subscription)
+
         self.tenant_id = tenant_id
+        self.subscription = subscription
         self._additionally_allowed_tenants = additionally_allowed_tenants or []
         self._process_timeout = process_timeout
 
@@ -131,7 +149,7 @@ class AzureCliCredential(AsyncContextManager):
             validate_scope(scope)
 
         resource = _scopes_to_resource(*scopes)
-        command = COMMAND_LINE.format(resource)
+        command_args = COMMAND_LINE + ["--resource", resource]
         tenant = resolve_tenant(
             default_tenant=self.tenant_id,
             tenant_id=tenant_id,
@@ -140,8 +158,11 @@ class AzureCliCredential(AsyncContextManager):
         )
 
         if tenant:
-            command += " --tenant " + tenant
-        output = await _run_command(command, self._process_timeout)
+            command_args += ["--tenant", tenant]
+
+        if self.subscription:
+            command_args += ["--subscription", self.subscription]
+        output = await _run_command(command_args, self._process_timeout)
 
         token = parse_token(output)
         if not token:
@@ -161,19 +182,16 @@ class AzureCliCredential(AsyncContextManager):
         """Calling this method is unnecessary"""
 
 
-async def _run_command(command: str, timeout: int) -> str:
+async def _run_command(command_args: List[str], timeout: int) -> str:
     # Ensure executable exists in PATH first. This avoids a subprocess call that would fail anyway.
-    if shutil.which(EXECUTABLE_NAME) is None:
+    az_path = shutil.which(EXECUTABLE_NAME)
+    if not az_path:
         raise CredentialUnavailableError(message=CLI_NOT_FOUND)
 
-    if sys.platform.startswith("win"):
-        args = ("cmd", "/c " + command)
-    else:
-        args = ("/bin/sh", "-c", command)
-
+    args = [az_path] + command_args
     working_directory = get_safe_working_dir()
-
     try:
+        _LOGGER.debug("Executing subprocess with the following arguments %s", args)
         proc = await asyncio.create_subprocess_exec(
             *args,
             stdout=asyncio.subprocess.PIPE,

py2docfx/venv/venv1/Lib/site-packages/azure/identity/aio/_credentials/default.py

@@ -89,7 +89,7 @@ class DefaultAzureCredential(ChainedTokenCredential):
             :caption: Create a DefaultAzureCredential.
     """
 
-    def __init__(self, **kwargs: Any) -> None:  # pylint: disable=too-many-statements, too-many-locals
+    def __init__(self, **kwargs: Any) -> None:  # pylint: disable=too-many-statements
         if "tenant_id" in kwargs:
             raise TypeError("'tenant_id' is not supported in DefaultAzureCredential.")
 
@@ -145,7 +145,7 @@ class DefaultAzureCredential(ChainedTokenCredential):
                     WorkloadIdentityCredential(
                         client_id=cast(str, client_id),
                         tenant_id=workload_identity_tenant_id,
-                        file=os.environ[EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE],
+                        token_file_path=os.environ[EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE],
                         **kwargs
                     )
                 )

py2docfx/venv/venv1/Lib/site-packages/azure/identity/aio/_credentials/imds.py

@@ -37,7 +37,7 @@ class ImdsCredential(AsyncContextManager, GetTokenMixin):
     async def _acquire_token_silently(self, *scopes: str, **kwargs: Any) -> Optional[AccessTokenInfo]:
         return self._client.get_cached_token(*scopes)
 
-    async def _request_token(self, *scopes: str, **kwargs: Any) -> AccessTokenInfo:  # pylint:disable=unused-argument
+    async def _request_token(self, *scopes: str, **kwargs: Any) -> AccessTokenInfo:
 
         if within_credential_chain.get() and not self._endpoint_available:
             # If within a chain (e.g. DefaultAzureCredential), we do a quick check to see if the IMDS endpoint
@@ -49,7 +49,7 @@ class ImdsCredential(AsyncContextManager, GetTokenMixin):
                 # IMDS responded
                 _check_forbidden_response(ex)
                 self._endpoint_available = True
-            except Exception as ex:  # pylint:disable=broad-except
+            except Exception as ex:
                 error_message = (
                     "ManagedIdentityCredential authentication unavailable, no response from the IMDS endpoint."
                 )
@@ -78,7 +78,7 @@ class ImdsCredential(AsyncContextManager, GetTokenMixin):
             _check_forbidden_response(ex)
             # any other error is unexpected
             raise ClientAuthenticationError(message=ex.message, response=ex.response) from ex
-        except Exception as ex:  # pylint:disable=broad-except
+        except Exception as ex:
             # if anything else was raised, assume the endpoint is unavailable
             error_message = "ManagedIdentityCredential authentication unavailable, no response from the IMDS endpoint."
             raise CredentialUnavailableError(error_message) from ex

py2docfx/venv/venv1/Lib/site-packages/azure/identity/aio/_credentials/managed_identity.py

@@ -96,7 +96,7 @@ class ManagedIdentityCredential(AsyncContextManager):
             self._credential = WorkloadIdentityCredential(
                 tenant_id=os.environ[EnvironmentVariables.AZURE_TENANT_ID],
                 client_id=workload_client_id,
-                file=os.environ[EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE],
+                token_file_path=os.environ[EnvironmentVariables.AZURE_FEDERATED_TOKEN_FILE],
                 **kwargs
             )
         else: