Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

AzureML: User managed identity attached to compute cluster does not work

See original GitHub issue

Package Name: azure-identity
Package Version: 1.5.0
Operating System: Linux
Python Version: 3.7

Describe the bug

A custom docker container running on a compute cluster with a user managed identity does not seem to authenticate with Azure identity when running in AzureML

This is the logs I when I run my python code:

WARNING 2020-12-21 18:04:30,166 azure.identity._internal.get_token_mixin AppServiceCredential.get_token failed: No token received.
WARNING 2020-12-21 18:04:30,166 azure.identity._internal.decorators ManagedIdentityCredential.get_token failed: No token received.
WARNING 2020-12-21 18:04:30,166 azure.identity._credentials.chained ChainedTokenCredential.get_token failed: ManagedIdentityCredential raised unexpected error "No token received."
WARNING 2020-12-21 18:04:30,166 azure.identity._credentials.chained ChainedTokenCredential failed to retrieve a token from the included credentials.
Attempted credentials:
	ManagedIdentityCredential: No token received.

To Reproduce Steps to reproduce the behavior:

Create a compute cluster with a managed identiy attached to read data from a blob storage
Create a custom docker image with the azure sdk to fetch data from blob storage
Run the aforementioned docker image in the AzureML cluster created above.

Expected behavior Python SDK can authenticate using a manged identity.

Issue Analytics

State:
Created 3 years ago
Comments:23 (12 by maintainers)

Top GitHub Comments

1reaction

gdippolitocommented, Jan 4, 2021

Hi @mccoyp thanks for your response.

Yes I have used a custom docker images based on nvidia/cuda runtime image.

I have managed to fix the issue by doing the following things:

Rollback azure-identity to 1.4.1 (due to https://github.com/Azure/azure-sdk-for-python/issues/15361)
Authenticate with identity.ManagedIdentityCredential(client_id='MY_CLIENT_ID) (MY_CLIENT_ID is the client id of the managed identity attached to the compute cluster in the workspace). Without setting the client_id the authentication fails.

Does this make sense to you?

Thanks

0reactions

raz4commented, May 18, 2021

Ok understood. I get warnings and eventually a clear authentication error like below…

WARNING:azure.identity._internal.get_token_mixin:AppServiceCredential.get_token failed: No token received.
WARNING:azure.identity._internal.decorators:ManagedIdentityCredential.get_token failed: No token received.
WARNING:azure.identity._credentials.chained:DefaultAzureCredential.get_token failed: ManagedIdentityCredential raised unexpected error "No token received."
WARNING:azure.identity._credentials.chained:DefaultAzureCredential failed to retrieve a token from the included credentials.
Attempted credentials:
	EnvironmentCredential: EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
	ManagedIdentityCredential: No token received.
...
azure.core.exceptions.ClientAuthenticationError: DefaultAzureCredential failed to retrieve a token from the included credentials.

The warnings are similar to what the original issue described, so that’s how I ended up here. Anyway, thanks for your help!