azure-sdk-for-python: AzureML: User managed identity attached to compute cluster does not work

Package Name: azure-identity
Package Version: 1.5.0
Operating System: Linux
Python Version: 3.7

Describe the bug

A custom docker container running on a compute cluster with a user managed identity does not seem to authenticate with Azure identity when running in AzureML

This is the logs I when I run my python code:

WARNING 2020-12-21 18:04:30,166 azure.identity._internal.get_token_mixin AppServiceCredential.get_token failed: No token received.
WARNING 2020-12-21 18:04:30,166 azure.identity._internal.decorators ManagedIdentityCredential.get_token failed: No token received.
WARNING 2020-12-21 18:04:30,166 azure.identity._credentials.chained ChainedTokenCredential.get_token failed: ManagedIdentityCredential raised unexpected error "No token received."
WARNING 2020-12-21 18:04:30,166 azure.identity._credentials.chained ChainedTokenCredential failed to retrieve a token from the included credentials.
Attempted credentials:
	ManagedIdentityCredential: No token received.

To Reproduce Steps to reproduce the behavior:

Create a compute cluster with a managed identiy attached to read data from a blob storage
Create a custom docker image with the azure sdk to fetch data from blob storage
Run the aforementioned docker image in the AzureML cluster created above.

Expected behavior Python SDK can authenticate using a manged identity.

About this issue

Original URL
State: closed
Created 4 years ago
Comments: 23 (12 by maintainers)

Commits related to this issue

CodeGen from PR 15892 in Azure/azure-rest-api-specs Update readme.python.md (#15892) — committed to AzureSDKAutomation/azure-sdk-for-python by deleted user 3 years ago
[AutoRelease] t2-rdbms-2021-09-02-91864 (#20513) * CodeGen from PR 15892 in Azure/azure-rest-api-specs Update readme.python.md (#15892) * version,CHANGELOG * Update CHANGELOG.md Co-authored... — committed to Azure/azure-sdk-for-python by deleted user 3 years ago
[AutoRelease] t2-rdbms-2021-09-02-91864 (#20513) * CodeGen from PR 15892 in Azure/azure-rest-api-specs Update readme.python.md (#15892) * version,CHANGELOG * Update CHANGELOG.md Co-authored... — committed to Azure/azure-sdk-for-python by deleted user 3 years ago

Most upvoted comments

Hi @mccoyp thanks for your response.

Yes I have used a custom docker images based on nvidia/cuda runtime image.

I have managed to fix the issue by doing the following things:

Rollback azure-identity to 1.4.1 (due to https://github.com/Azure/azure-sdk-for-python/issues/15361)
Authenticate with identity.ManagedIdentityCredential(client_id='MY_CLIENT_ID) (MY_CLIENT_ID is the client id of the managed identity attached to the compute cluster in the workspace). Without setting the client_id the authentication fails.

Does this make sense to you?

Thanks

gdippolito on Jan 4, 2021