{Core} support get msal accesstoken with adal refresh token for vm ssh feature

[arrownj]

Description
This PR is try to provide an workaround solution for vmssh on adal.

As vmssh feature can only be implemented based on a msal access token. After investigation, we find it's possible to get msal access token with adal refresh token. Thus we can unblock vmssh before we adapt to msal completely.

These codes may be deprecated after the msal adoption finished.

Testing Guide
It should be tested through ssh extension which is in developing.

History Notes

[Component Name 1] BREAKING CHANGE: az command a: Make some customer-facing breaking change.
[Component Name 2] az command b: Add some customer-facing feature.

---

This checklist is used to make sure that common guidelines for a pull request are followed.

• The PR title and description has followed the guideline in Submitting Pull Requests.

• I adhere to the Command Guidelines.

[yungezz]

seems account not used, how about remove this wrapper?

[arrownj]

It's a method which defined in the parent class. We'd better not to change the method signature in subclasses.

[yungezz]

will this be different under different cloud env?

[arrownj]

Currently there is only one link. This was described in this document. The document says it may change to sshservice.azure.net in the future.

[qianwens]

This feature currently seems only supported in public cloud https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows#supported-azure-regions-and-windows-distributions, but we should add this endpoint in the cloud.py and throw error for non-public cloud

---

In reply to: 412720221 [](ancestors = 412720221)

[qianwens]

I think you should let the client pass scopes and data to get token to make this method more generic, this method contain too much implementation detail for SSHcert

---

In reply to: 413537394 [](ancestors = 413537394,412720221)

[arrownj]

I think you should let the client pass scopes and data to get token to make this method more generic, this method contain too much implementation detail for SSHcert

In reply to: 413537394 [](ancestors = 413537394,412720221)

Agreed. I will change it.

[rlrossiter]

This shouldn't be using the built-in hash because the value changes between runs. Here's the code that I've modified it to locally to make it generate the same hash each run to use the same SSH cert out of the token cache.

        key_hash = hashlib.sha256()
        key_hash.update(modulus.encode('utf-8'))
        key_hash.update(exponent.encode('utf-8'))
        key_id = key_hash.hexdigest()

        jwk = {
            "kty": "RSA",
            "n": modulus,
            "e": exponent,
            "kid": key_id
        }

[arrownj]

Thanks @rlrossiter . Updated.

[yonzhan]

vm ssh

[qianwens]

can you add test for this api

[yonzhan]

vm ssh

[qianwens]

ssh_certificate [](start = 13, length = 15)

please just implement a method like get_msal_for_resource and put the SSH related logic in vm module

[qianwens]