azure-sdk-for-python: Cannot generate token for System Managed Identity for PostgreSQL
- Package Name: azure_identity
- Package Version: 1.8.0
- Operating System: Azure App Service: Linux Python 3.9.7
- Python Version: 3.9.7
Describe the bug Cannot get access token when using System Manage Identity in Azure App Service from a Python Web App.
To Reproduce Steps to reproduce the behavior:
- Create a Python Web App with Django
- Configure your App Service to use System Managed Identity
- Cannot get the access token by using any of the following Classes:
a.
DefaultAzureCredentialerror thrown:
DefaultAzureCredential failed to retrieve a token from the included credentials.
Attempted credentials:
EnvironmentCredential: EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
Visit https://aka.ms/azsdk/python/identity/environmentcredential/troubleshoot to troubleshoot.this issue.
ManagedIdentityCredential: No connection adapters were found for
'[Managed identity has been configured. This value is not viewable in Kudu but is exposed to
the app.]?api-version=2017-09-01&resource=https://ossrdbms-aad.database.windows.net'
b. ManagedIdentityCredential
AppServiceCredential.get_token failed: No connection adapters were found for '[Managed identity has been configured.
This value is not viewable in Kudu but is exposed to the app.]?api-version=2017-09-01&resource=https://ossrdbms-aad.database.windows.net'
ManagedIdentityCredential.get_token failed: No connection adapters were found for
'[Managed identity has been configured. This value is not viewable in Kudu but is exposed to
the app.]?api-version=2017-09-01&resource=https://ossrdbms-aad.database.windows.net'
Expected behavior An access token should be generated as a result of configuring the App Service with System Managed Identity and using the client library.
Screenshots
System Managed Identity configuration in the App Service
Additional context Python code snippet to generate the token:
from azure.identity import ManagedIdentityCredential
# from azure.identity import DefaultAzureCredential
default_credential = ManagedIdentityCredential()
# default_credential = DefaultAzureCredential()
token = default_credential.get_token("https://ossrdbms-aad.database.windows.net/.default").token
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 21 (9 by maintainers)
/unresolve @xiangyan99 ssh is available only after the container has started running. To my knowledge the main python process and container lifespan are connected. So this is not an option. We get this issue during our CD pipeline on the last step. Django’s collectstatic command is triggered by the web app and it requires a connection to the database. However that is not possible, because we can’t generate the token in the pipeline, because Kudu doesn’t have access the right values.
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @antcp, @AzureAppServiceCLI.
Issue Details
Describe the bug Cannot get access token when using System Manage Identity in Azure App Service from a Python Web App.
To Reproduce Steps to reproduce the behavior:
DefaultAzureCredentialerror thrown:b.
ManagedIdentityCredentialExpected behavior An access token should be generated as a result of configuring the App Service with System Managed Identity and using the client library.
Screenshots System Managed Identity configuration in the App Service
Additional context Python code snippet to generate the token:
question,App Services,Service Attention,Client,customer-reported,Azure.Identity,needs-team-attention