-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Azure Identity 1.9.0 but fails in v 1.10 fails #38218
Comments
Hi @BC89 - |
Hi @BC89. Thank you for opening this issue and giving us the opportunity to assist. To help our team better understand your issue and the details of your scenario please provide a response to the question asked above or the information requested above. This will help us more accurately address your issue. |
|
|
I am also experiencing the same issue. I just upgraded from 1.9.0 to 1.10.0 and started getting a 403 exception when using DefaultCredentials() against AzureKeyVault. I triple checked my permissions and my user is fine. I downgraded back to 1.9.0 and it works again. Worth mentioning I run my .NET 7 Web API from VS 2022 Enterprise in a docker container (linux). Code in question:
Error:
Screenshot of the code breaking: |
Thanks for the additional information. @BC89 - I have a few things that would help isolate the issue, if you'd be willing to try them. I'll also work on setting up a repro locally, but these things may help short circuit the investigation.
@thremendus - If you are willing to try the same, please do. |
Hi @BC89. Thank you for opening this issue and giving us the opportunity to assist. To help our team better understand your issue and the details of your scenario please provide a response to the question asked above or the information requested above. This will help us more accurately address your issue. |
Just a quick update - I have a local repro and understand the reason we are seeing this new behavior. I'll update this issue when we decide on how to address this behavior. |
We're still deciding how we want to address this issue, since the issue seems to be how Docker Desktop response to requests to an unreachable network. For example, here is a curl command to the IMDS endpoint run on my repro machine across 3 different environments
On Windows: On WSL2 Ubuntu: On Docker Desktop from a Linux container: But, as a workaround, when running in the local environment, excluding the var options = new DefaultAzureCredentialOptions { ExcludeManagedIdentityCredential = true };
var credential = new DefaultAzureCredential(options); |
Thanks. I had the same issue for Open AI + Cognitive Search but christothes's fix seems to working. |
Why was this closed? It is still a major issue for me and my team. |
This workaround is not viable in Python when my Function input trigger is service bus using managed identity. I guess I need to start using connection strings in the meantime, until a fix is provided? |
This should be fixed in version 1.10.1 , which was recently released. |
This is not working when attempting to connect to SQL Azure from within a docker-compose project using Dockerfile base image:
Connection String: docker-compose output stack-trace (abbreviated):
|
Seems like there was a regression here. Running As of a few days ago started getting the 403 error while attempting to get a token from KeyVault. Fixed by simply adding ExcludeManagedIdentityCredential = true but prior it was working fine without. Removing/adding ExcludeManagedIdentityCredential is like an feature error switch now :) Running inside a docker-compose on windows but linux containers. .Net 8 -FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base |
@BC89 - Could you share the details of the exception including the full error message? |
Im experiencing a similar issue when connecting to EventHubs using the Function Binding EventHubTrigger with an Identity based connection string. The error appears to be related to ManagedIdentity. When running the function locally, the error is logged as a Credential failure, but the credential is successfully obtained via VisualStudioCredential and the function continues to work as expected. However, once the function is deployed, it stops working because the server uses ManagedIdentityCredential. Reverting Azure.Identity back to version 1.9.0 resolves the issue
|
I'm getting this error with the same setup as @BC89. Here is my full error.
|
Looks like this is due to the error message text changing slightly. Will look at a fix that matches the error message more loosely. |
Library name and version
Azure.Identity v1.10.0
Describe the bug
This code works in Azure Identity 1.9.0 but fails in v 1.10 fails:
If I upgrade the nuget and rollback w/out any other changes in the codebase this breaks every time. The error is as follows:
Expected behavior
Functionality would not break.
Actual behavior
Does not work.
Reproduction Steps
Upgrade the nuget and watch it fail.
Environment
net7.0
Running inside a docker-compose on windows but linux containers. Have logged in between sessions to ensure local token cache is up to date from within VS 2022 IDE Account Settings -
Microsoft Visual Studio Professional 2022 (64-bit) - Preview
Version 17.8.0 Preview 1.0
The text was updated successfully, but these errors were encountered: