-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Weird difference with user assigned managed identity between windows and linux VMs #35645
Comments
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @jalauzon-msft @vincenttran-msft. |
Thanks for reaching out. Could you try same code on windows using managed identity? My guess is
|
Hi @lovettchris. Thank you for opening this issue and giving us the opportunity to assist. To help our team better understand your issue and the details of your scenario please provide a response to the question asked above or the information requested above. This will help us more accurately address your issue. |
Ok, I tried again on my Windows VM creating the VM from scratch and it appears this VM really does also need to use So this is the official answer then, to use user assigned managed identity one must use Would be nice if the docs said this clearly. Any idea why Would also be nice if there was an easy az command line to fetch this client id (since it is not the object_id). The only way I could find it was to add the managed identity to my azure devops project then I could see the id there. |
The difference is you need client id information to make ManagedIdentity work. I asked you to try ManagedIdentity directly rather than DefaultAzureCredential just to narrow down the issue. You can use DefaultAzureCredential(), but you need to provide the client_id like DefaultAzureCredential(client_id="499fe662-662e-47b6-a9b0-4a186151268e"). :) |
Hi @lovettchris. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text "/unresolve" to remove the "issue-addressed" label and continue the conversation. |
Thanks just one remaining question, how can I automate the lookup of the user assigned managed identity client id "499fe662-662e-47b6-a9b0-4a186151268e" using an az command line? |
Never mind, I found it,
This has the clientId in it, nice! |
azure-core 1.30.1
azure-data-tables 12.5.0
azure-identity 1.16.0
azure-keyvault-keys 4.9.0
azure-keyvault-secrets 4.8.0
azure-storage-blob 12.20.0
Describe the bug
I have setup some vm's to use a user assigned managed identity which I have then given the appropriate access to on my azure storage account. The following then code works on windows VM:
On an Ubuntu Linux machine setup the same way, the above code fails with
ErrorCode:AuthorizationPermissionMismatch
But the following code works on both:
I'd prefer to be able to use DefaultAzureCredential as this is much easier to maintain across devbox/azure VMs. Anyone know why it is not working on my Linux VM ?
To Reproduce
Steps to reproduce the behavior:
Expected behavior
The DefaultAzureCredential should work on both Windows and Linux.
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
The debug logging output on Windows is:
while the debug logging output on Linux is:
The text was updated successfully, but these errors were encountered: