Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Erroneous logging message when getting secrets.

See original GitHub issue

Package Name: azure-common==1.1.25 azure-core==1.8.0 azure-identity==1.4.0 azure-keyvault-certificates==4.1.0 azure-keyvault-keys==4.1.0 azure-keyvault-secrets==4.1.0 azure-storage-blob==12.3.2
Operating System: ubuntu 18.04
Python Version: Python 3.7.7 (default, Jun 9 2020, 18:08:39) [GCC 8.3.0] on linux

Describe the bug Using AKS with VMSS and an Azure Identity user assigned. Any time I get a secret I also get this message. This is a non-fatal event and the code retrieves the secret and continues on.

EnvironmentCredential.get_token failed: EnvironmentCredential authentication unavailable. Environment variables are not fully configured.

No system variables are set for the azure credential authentication.

To Reproduce Steps to reproduce the behavior:

AKS cluster with VMSS with user assigned identity no in same resource group as cluster.
Launch python and get secret from azure vault.

from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient

credential = DefaultAzureCredential()
secret_client = SecretClient(vault_url="https://XXXXXXX.vault.azure.net", credential=credential)
secret_client.get_secret('XXXXX').value

Expected behavior Secret without odd message that doesn’t make sense when not using environment variables.

Additional context I’m going to verify this happens with a base python container and report back.

Issue Analytics

State:
Created 3 years ago
Comments:8 (4 by maintainers)

Top GitHub Comments

1reaction

chlowellcommented, Aug 12, 2020

Is there a way to disable warnings?

You could use logging to filter this particular warning. Here’s one way:

import logging
import sys

def filter_environment_credential_warning(record):
    if record.name.startswith("azure.identity") and record.levelno == logging.WARNING:
        message = record.getMessage()
        return not message.startswith("EnvironmentCredential.get_token")
    return True

handler = logging.StreamHandler(sys.stdout)
handler.addFilter(filter_environment_credential_warning)
logging.basicConfig(level=logging.INFO, handlers=[handler])

I am using dask and pulling credentials over and over again for each workers job.

Do you mean you’re creating multiple instances of DefaultAzureCredential?

0reactions

washcyclecommented, Aug 20, 2020

Gotcha, thanks.

I ended up pulling the credentials to a higher scope so the tasks would have them without having to fetch them again.

I wanted to keep the DefaultAzureCredential call because we use .env files for development and managed credentials for production and it doesn’t require any extra code to handle the different c onfigurations.

Thanks for clearing up the warning messages for me though @chlowell.