Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
`ManagedIdentityCredential` hangs indefinity when using keyvault
See original GitHub issue- Package Name: @azure/keyvault-secrets
- Package Version: 2.1.0
- Operating system: MacOS M1
- nodejs
- version: v16.16.0
Describe the bug
Using ManagedIdentityCredential with @azure/keyvault-secrets hangs when managed identity not available.
I want to use DefaultAzureCredential because my laptop uses AzureCliCredential and our cloud environments use ManagedIdentityCredential
However, I can not use DefaultAzureCredential because it tries to use ManagedIdentityCredential first which hangs.
To Reproduce Steps to reproduce the behavior:
- Ensure your laptop does not have any
ManagedIdentityCredential:rm ~/.azure - Use the example found in the documentation here to try out keyvault.
- Notice process hangs when trying to run the script.
Expected behavior The script should run correctly.
Additional context
I opened up Wireshark and the socket remains open with keep-alives
Workaround
My current workaround is to create my own ChainedTokenCredential which has AzureCliCredential listed before ManagedIdentityCredential
const providers = [AzureCliCredential, ManagedIdentityCredential]
class Credentials extends ChainedTokenCredential {
constructor(options) {
super(...providers.map(ctor => new ctor(options)))
this.UnavailableMessage =
'Credentials => failed to retrieve a token from the included credentials. To troubleshoot, visit https://aka.ms/azsdk/js/identity/defaultazurecredential/troubleshoot.'
}
}
Issue Analytics
- State:
- Created a year ago
- Reactions:1
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Out of curiosity, from a node module library engineering perspective, how did you manage to support two versions of
@azure/identityfrom within 4.6.0? Is it as simple as that the interface between the two versions are compatible? And you set the dependency version range accordingly; allowing for two major version ranges?With 3.0.0 our local experience runs smooth again. With version 2.1.0,
ManagedIdentityCredentialwas trying to reach out to the token endpoint but failed with a timeout:ManagedIdentityCredential: Authentication failed. Message connect ETIMEDOUT 169.254.169.254:80With 3.0.0 it is apparently able to detect way quicker that the endpoint is not there and fails way more quickly. I wonder how this logic goes.
Hi @anandkumarpatel. It looks like this issue slipped through the cracks, sorry about that! I think you might be running into the same problem described in #23017. Are you able to upgrade to the new
@azure/identity3.0.0 (and the 4.6.0 version of@azure/keyvault-secretsfor good measure) and see if the problem persists? The new release of Identity includes a fix which will hopefully fix the hang.