Creating an Azure az cli extension for AKS Non Interactive Auth

Adrian Hynes
3 min readNov 8, 2020


In the previous 4 part article series, we went through how Authentication and Authorization works in your AKS RBAC enabled cluster, as well as how you can Non Interactively connect to your AKS cluster.

We created a simple python script to show this Non Interactive Connection via code.

In this article, we want to explore how we can integrate our previous script into an az cli extension, so we can just call our non interactive code via an az cli call.

The Azure az CLI extension setup uses a Command Line Interface framework called knack Knack allows us to specify commands, arguments, factories, validators, help etc when creating a command line interface.

Once we extend from the Azure’s azCommandLoader, we get to inherit the az part of the command structure as well as global arguments such as subscription id, which may form part of our implementations.

Next we just need to create our Python Wheel project and add this through the az extension add.

Project Structure and Files

Let’s first create our required project structure. You can check out Microsoft’s real examples here for some help on your az cli extension journey:

We’ll first create our project name aksauth and we’ll import that directory into vscode. will define our Python wheel project, it’s dependencies and it’s packages

setup.cfg will define our packaging format

Next we’ll create a directory called azext_aksauth to store our cli application package.

azext_aksauth/ Here is where we extend Azure’s az cli (AzCommandsLoader). We’ll load our own sub commands as well as the sub command’s arguments as well as the entry point to our command implementations.

azext_aksauth/ — Allows us to provide help strings to each of our sub commands.

azext_aksauth/ — Allows us to validate arguments for our sub commands

azext_aksauth/ — The implementation of our sub commands

For now that’s enough to get you started and integrate the code we wrote in the previous articles. I’d recommend you look at the documentation and check out some of Microsoft’s own examples for how you can structure your code for larger more complex projects.


I’ve pretty much lifted and shifted the code from our AKS Non Interactive Auth project in the previous series from here to here

  1. Clone down
  2. Create our python wheel
python bdist_wheel

3. Add our wheel distribution as an az extension

az extension add — source C:\Users\Adrian\aksauth\dist\aksauth-0.0.1-py2.py3-none-any.whl

4. Test it out against one of your AKS RBAC’s clusters

az aksauth connect --resource-group adrian-group --subscription xxxxxx–aaaa–bbbb-cccc–zzzzzzz --cluster-name adrian-cluster --tenant 00000000–2222–5555–9999-222222 --username --password “hard2Guess”

Appendix: Reference Material



Adrian Hynes

Cloud Platform Architect. Opinions and articles on medium are my own.