-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
User Managed Identity unable to get tokens - Unable to load the proper Managed Identity #442
Comments
Raised in error Once I switched to |
It does work with See here for more details: #325 (comment) |
Yes that would also be a fix, but it varies from SDK to SDK In my case with Go, that AZURE_CLIENT_ID is checked, but other SDKs provide different routes to specify it |
This works for me with Azure.Identity 1.9.0, and setting explicitly the Managed Identity client ID to use (because it's a User Managed Identity). Depending on the time when you need these credential, you may source the setting from environment variables instead of from var getRuntimeAzureCredentials = () => new ManagedIdentityCredential(Environment.GetEnvironmentVariable("AZURE_CLIENT_ID")); |
|
We're also facing the same issue - was this fixed somehow becuase issue is closed? |
I tried all the mentioned solutions/answers, it didn't work for me, tried below solutions
|
The reasons for this issue are multiple, but if it helps anyone, this was my case: I was using a Beforevar tokenCredential = new DefaultAzureCredential();
// rest of code ... Aftervar defaultCredentialOptions = new DefaultAzureCredentialOptions { ManagedIdentityClientId = "<guid of my user assigned identity's client id>" };
var tokenCredential = new DefaultAzureCredential(defaultCredentialOptions);
// rest of code ... Reason: looks like because one or more Hope this helps someone. |
<!--- Provide a general summary of your changes in the Title above --> ## Description - Add AZURE_CLIENT_ID because it is needed when using user assigned identities: microsoft/azure-container-apps#442 <!--- Describe your changes in detail --> ## Related Issue(s) - #{issue number} ## Verification - [ ] **Your** code builds clean without any errors or warnings - [ ] Manual testing done (required) - [ ] Relevant automated test added (if you find this hard, leave it and we'll help out) ## Documentation - [ ] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Introduced a managed identity for secure access to Azure resources. - Updated environment variable configuration to include `AZURE_CLIENT_ID` for enhanced security. - **Improvements** - Restructured managed identity usage for better resource management and permissions. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
This issue is a: (mark with an x)
Issue description
Assigning a User Managed Identity doesn't work, and the container can not get tokens from the IMDS endpoint when using the SDKs
NOTE. Switching to System Managed Identity the problem immediately goes away
Steps to reproduce
DefaultAzureCredential
Expected behavior [What you expected to happen.]
Actual behavior [What actually happened.]
Error output from the Azure SDK for Go
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
N/A
The text was updated successfully, but these errors were encountered: