Azure CLI is a command line tool built with Python that sends REST API requests to Azure Resource Manager. The tool packages command modules, a core engine, authentication logic, and an HTTP pipeline. Each command follows a consistent pattern: parse input, authenticate, build a request model, send the request to Azure, and return structured output in JSON or table format.
**
Architecture overview**
Azure CLI has two major layers: the CLI core and the command modules.
The CLI core includes:
Command loader
Parser engine
Authentication subsystem
HTTP pipeline
Output formatter
Telemetry engine
Command modules provide commands for specific Azure services such as Compute, Storage, Key Vault, and Networking. Each module maps its commands to operations in the Azure REST API or the Azure SDK for Python.
Command loading
The CLI core identifies installed command modules during startup. The loader reads the command table that each module exposes. The command table maps a command name to an operation handler. For example, “az vm create” maps to a Python function in the Compute module that prepares the request body for the Virtual Machines REST API.
Parsing and command routing
The CLI uses the knack parser (part of the azure-cli-core package). The parser resolves the command group, maps flags and arguments to parameters, applies default values, and validates required parameters. After parsing, the router identifies the function that implements the command.
Error messages, argument conflicts, and type conversions are handled in the parser before any network call is made.
Request construction
Once the target handler function runs, it builds a request model using either:
Direct REST payloads, or
Azure SDK for Python data models such as ComputeManagementClient, StorageManagementClient, or KeyVaultManagementClient.
Older parts of Azure CLI use handwritten REST calls. Newer modules use the Azure SDK for Python, which generates clients from the swagger-based Azure REST API definitions.
Authentication flow
Authentication is managed by the Azure Identity library. The CLI stores authentication tokens in the Azure CLI token cache file located in:
`
Linux and macOS: ~/.azure/msal_token_cache.jsonWindows: %USERPROFILE%.azure\msal_token_cache.json
Azure CLI
supports:
`
Device login
Browser-based login
Service principal with secret
Service principal with certificate
Managed identity when running inside Azure
Azure CLI uses MSAL to obtain and refresh tokens. Tokens are added to the Authorization header as “Bearer ” in every request to Azure Resource Manager.
HTTP pipeline
The CLI uses the msrest pipeline or Azure Core pipeline, depending on whether the command uses older or newer SDK clients. The pipeline consists of:
Authentication policy
User agent policy
Retry policy
HTTP logging policy
Transport layer (Requests library by default)
Each request is sent to: https://management.azure.com/?api-version=Azure Resource Manager validates the token, processes the request, and returns a JSON response.
Output formatting
Azure CLI supports JSON, JSONC, table, TSV, and YAML. Formatting is handled by the CLI core after the HTTP response is received. Table and TSV formats rely on flattening rules that convert nested REST responses into simple rows.
Internals mind map
How Azure CLI differs from Azure Portal?
Azure Portal is a graphical interface built on top of the same Azure Resource Manager REST APIs. Both tools trigger the same backend operations. The difference lies in how actions are executed and exposed to the user.
Execution path
Azure CLI constructs and sends REST calls directly from your machine or Cloud Shell.
Azure Portal sends REST calls through user actions in the browser, which are translated by the portal’s front end into REST API calls.
State handling
Azure CLI is stateless per command. Each command is independent.
Azure Portal maintains client state within the browser session. It tracks UI context, browsing history, and cached resource metadata.
Automation capability
Azure CLI can be used inside scripts, pipelines, scheduled jobs, and automation servers. Azure Portal is manual and interaction based.
Discovery and guidance
Azure Portal offers visual menus, blades, and step based wizards for many resources. Azure CLI presents documentation and inline help using “az find”, “az –help”, and autogenerated examples.
**
Resource update model**
Azure CLI updates resources through patch or put operations based on REST API service rules. Azure Portal may combine several operations behind one UI action. For example, creating a VM with defaults triggers multiple backend requests for NIC, VNet, IP, Disk, and VM objects.
Structure:
• Azure CLI vs Azure Portal
• Architecture
• CLI: Local Python tool
• Portal: Browser SPA on top of ARM
• Input
• CLI: Commands and flags
• Portal: UI actions
• Execution
• CLI: Direct REST calls
• Portal: Frontend orchestrated REST calls
• Automation
• CLI: Scripts and pipelines
• Portal: Manual
• Output
• CLI: JSON, table, YAML
• Portal: Charts, cards, forms
Top comments (0)