Azure-cli: Azure password not working if password starts or contains "-"

Same experience with $ and (.

Putting the password in single or double quotes doesn't fix the issue.

@yugangw-msft

I would start with:
https://www.gnu.org/software/bash/manual/html_node/Double-Quotes.html

Also, what shell are you using?

This is on bash on ubuntu 16.04 LTS.

works for me in bash on ubuntu 16.04

az login --service-principal -t xxxxaxxxxxx -u xxxxxxxxxxx --allow-no-subscriptions -p haha-haha 

Is the dash a unicode in your password?

You can also capture the trace on the wire and cross check whether the password got sent to the service end w/o modifications

I'm not using service principal, just username and password.
The password is a string that would look like: "-a1b2c3d4"

Using service principal or not doesn't matter from command parser's aspect as both flows share the same argument.
You do need to wrap -a1b2c3d4 with single quote as the leading - will confuse the parser to think -a is a flag.
To get me on the same page, if you wrap the password with quote, does it work now? if not, can you please check out the trace on the wire and see whether the right password get sent?

You do need to wrap -a1b2c3d4 with single quote as the leading - will confuse the parser to think -a is a flag.

I don't think this is correct: on Unix, as opposed to Windows, quotes are interpreted by the shell, and are only needed if there are shell special characters that need escaping. - is not a shell special character. The az Python program will never see the quotes or know if they are there.

I can reproduce the leading-dash "expected one argument" behavior on macOS 10.13.6 with azure-cli (2.0.43). Quotes do not affect it.

$ az login -u foo -p -helloworld
az login: error: argument --password/-p: expected one argument
usage: az login [-h] [--verbose] [--debug] [--output {json,jsonc,table,tsv}]
                [--query JMESPATH] [--username USERNAME] [--password PASSWORD]
                [--service-principal] [--tenant TENANT]
                [--allow-no-subscriptions] [-i] [--use-device-code]
                [--subscription _SUBSCRIPTION]
$ az login -u foo -p '-helloworld'
az login: error: argument --password/-p: expected one argument
$ az --version | head
azure-cli (2.0.43)

I suspect that for this particular case, you may actually be running in to a bug in Python's argparse library, which is currently under discussion: https://bugs.python.org/issue9334. It exhibits the same "expected one argument" error.

(This doesn't apply to dashes in the middle of the password, which I haven't tested, or "$" or "(", which do need to be quoted, because they are shell special characters (and I also haven't tested).)

@apjanke, I think your analysis is right. I didn't tried out the password with leading dash, nor did I question argparse's behavior. Thanks.

@apjanke this is indeed the bug that we are hitting in the az cli. Apparently AWS had the same issue since 2015 https://github.com/aws/aws-cli/issues/1135
@yugangw-msft the workaround is to use the long parameter set following this syntax:
az login --username=$azureUserName --password=$azurePassword

@dcaro the workaround does not work for non-interactive mode. When running:
$ az login --service-principal --username=$client --tenant=$tenant --password=$password
i get :
ERROR: Please specify both username and password in non-interactive mode.
Is there any solution available as of now?

@jakobfischer17, the code hit here:

https://github.com/Azure/azure-cli/blob/944c0c3b1f30530a280bfaa6b7c7d799e3248f28/src/azure-cli/azure/cli/command_modules/profile/custom.py#L132-L137

It seems --password isn't received by Azure CLI correctly.

1. Could you share your user name and password? (Please remove some letters.)
2. What is the system and shell?