Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[BUG] Bump from Azure.Identity 1.5.0 to 1.6.0 throws for ManagedIdentityCredential
See original GitHub issueLibrary name and version
Azure.Identity 1.6.0
Describe the bug
After upgrading from Azure.Identity 1.5.0 to Azure.Identity 1.6.0 our applications kept working except for the applications creating the ManagedIdentityCredential throwing the next error from MSI/token/?api-version=2019-08-01&resource=REDACTED&client_id=REDACTED:
ManagedIdentityCredential authentication failed: No Managed Identity found for specified ClientId/ResourceId/PrincipalId.
Status: 400 (Bad Request)
Headers:
Date: Thu, 07 Apr 2022 09:44:52 GMT
Content-Length: 158
See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/managedidentitycredential/troubleshoot
The release note states:
ManagedIdentityCredential now attempts to use the newest "2019-08-01" api version for App Service Managed Identity sources. The newer API version will be used if the IDENTITY_ENDPOINT and IDENTITY_HEADER environment variables are set.
but our services don’t have the IDENTITY_ENDPOINT and IDENTITY_HEADER environment variables set, at least not where we know about (https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=portal%2Chttp#rest-endpoint-reference) and the “2019-08-01” version is still being used.
Expected behavior
Doesn’t throw when doing the request to MSI/token/?api-version=2019-08-01&resource=REDACTED&client_id=REDACTED for a ManagedIdentityCredential
Actual behavior
Throws when doing the request to MSI/token/?api-version=2019-08-01&resource=REDACTED&client_id=REDACTED for a ManagedIdentityCredential
Reproduction Steps
Bump from Azure.Identity 1.5.0 to Azure.Identity 1.6.0 and ask a ManagedIdentityCredential from MSI/token/?api-version=2019-08-01&resource=REDACTED&client_id=REDACTED
Environment
in an Azure function, if that would matter
Issue Analytics
- State:
- Created a year ago
- Reactions:1
- Comments:26 (7 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Not sure what the actual problem was, but when we switched from using the
ManagedIdenityCredentialstoDefaultAzureCredentialsit fixed the issue.After additional troubleshooting we have determined that our AKS cluster is impacted by this current outage/issue:
I’m going to wait until the Azure issue is resolved and will respond back here early next week if we are still having an issue or not.