Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Is there an equivalent to AppServiceCredential ManagedIdentity in rust azure_identity? #1148

Closed
tomasro27 opened this issue Nov 8, 2022 · 2 comments

Comments

@tomasro27
Copy link
Member

Is there an equivalent to AppServiceCredential ManagedIdentity in rust azure_identity?

https://github.com/Azure/azure-sdk-for-python/blob/40f3d19b92381699f348f354d3f4d0dc2df88bf0/sdk/identity/azure-identity/azure/identity/_credentials/app_service.py

Looking at the python sdk, AppServiceCredential uses both MSI_ENDPOINT and MSI_SECRET env vars, which I cant' find on the azure identity in rust.

imds_managed_identity_credentials.rs uses
const MSI_ENDPOINT_ENV_KEY: &str = "IDENTITY_ENDPOINT";
const MSI_SECRET_ENV_KEY: &str = "IDENTITY_HEADER";

which is different from msi endpoint in python sdk

IDENTITY_ENDPOINT = "IDENTITY_ENDPOINT"
IDENTITY_HEADER = "IDENTITY_HEADER"
IDENTITY_SERVER_THUMBPRINT = "IDENTITY_SERVER_THUMBPRINT"
IMDS_ENDPOINT = "IMDS_ENDPOINT"
MSI_ENDPOINT = "MSI_ENDPOINT"
MSI_SECRET = "MSI_SECRET"
https://github.com/Azure/azure-sdk-for-python/blob/40f3d19b92381699f348f354d3f4d0dc2df88bf0/sdk/identity/azure-identity/azure/identity/_constants.py

@tomasro27
Copy link
Member Author

Looking more into this it seems there are multiple types of managed identity, and this particular one is "App Service MSI version 2017-09-01" which is equivalent to "AppServiceV2017ManagedIdentitySource" in dotnet.

This looks like the full list, at least from dotnet side.

ServiceFabricManagedIdentitySource.TryCreate(options) ??
AppServiceV2019ManagedIdentitySource.TryCreate(options) ??
AppServiceV2017ManagedIdentitySource.TryCreate(options) ??
CloudShellManagedIdentitySource.TryCreate(options) ??
AzureArcManagedIdentitySource.TryCreate(options) ??
TokenExchangeManagedIdentitySource.TryCreate(options) ??
new ImdsManagedIdentitySource(options);

Are there plans to support them?

@cataggar
Copy link
Member

cataggar commented Nov 8, 2022

Hi @tomasro27, we would like to have parity. No one is actively working on it right now. There is additional analysis at #1016 (comment)

It would be nice if all credential options failed fast if unavailable. I think our ImdsManagedIdentityCredential is actually a combination of these two source types in .NET:
AppServiceV2019ManagedIdentitySource
ImdsManagedIdentitySource

May be see if ImdsManagedIdentityCredential meets your needs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants