Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Support Linux Hybrid Runbook Worker VM's Managed Identity
See original GitHub issueDescribe the bug
Running python script in az automation hybrid worker that uses azure.cli.core library to authenticate with a managed identity:
Command Name “az login --identity”
Error:
ERROR: Failed to connect to MSI. Please make sure MSI is configured correctly.
that’s the output for the job in the automation account.
To Reproduce
- Configure a linux hybrid worker
- create a python3 runbook
- use the following code:
#!/usr/bin/env python3
import sys
import os
from azure.cli.core import get_default_cli
def main():
commnd = f'login --identity'
exAzCli(commnd, False) #login to azure cli using service principal credentials
subs = exAzCli('account list --all', False) #executing cli command
showingSubs(subs)
def exAzCli(str):
ipt = str.split()
azc = get_default_cli()
azc.invoke(ipt, out_file = open(os.devnull, 'w'))
if azc.result.result:
return azc.result.result
elif azc.result.error:
return '{"return": "error"}'
def showingSubs(subs):
for sub in subs:
print('Subscription "' + str(sub['name']) + '" is currently ' + str(sub['state']) + ' and has the Id: ' + str(sub['id']))
if __name__ == "__main__":
main()
Expected behavior The runbook should be able to authenticate using the managed identity
If we execute the script manually, without using the runbook, it will work
Environment summary
azure-cli 2.32.0 *core 2.32.0 * telemetry 1.0.6Extensions: automation 0.1.1Dependencies: msal 1.16.0 azure-mgmt-resource 20.0.0
Install Method
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
sudo apt-get install python3-pip
sudo -H pip3 install azure-cli-core
sudo -H pip3 install azure-cli
sudo apt-get install glibc-source
sudo apt-get install openssl
sudo apt-get install libpam-modules
Additional context
When we run the python code in the hybrid worker (in the console) it works fine, however when we execute the same code, through Azure automation, we are unable to login, and we received the error.
• If the same code uses SPN, it will work fine • We need to use an hybrid worker because the azure sandbox won’t allow to install the azure.core.cli dependencies • We can’t use powershell due to standardization of their cloud automation in all clouds
Issue Analytics
- State:
- Created a year ago
- Comments:6 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@jiasli for awareness
It has been finalized that MSAL will support all variations of Managed Identity (https://github.com/AzureAD/microsoft-authentication-library-for-python/issues/58). Once MSAL code is ready, we will adopt the latest MSAL.