azure-sdk-for-python: Uncaught Exception in DefaultAzureCredential

  • Package Name: azure-identity
  • Package Version: 1.13.0
  • Operating System: AzureML Instance: Ubuntu 20.04
  • Python Version: 3.8

Describe the bug When using DefaultAzureCredential, there is an exception coming from ManagedIdentityClient that causes DefaultAzureCredential to stop trying different methods and ends up failing to get credentials.

I can work around this by using AzureCliCredential (or one of the other credential methods) but I cannot use this workaround when using other packages like mltable or azure-fsspec since they seem to run their own credential routine.

To Reproduce Steps to reproduce the behavior:

  1. I don’t know what it is about my Managed Identity setup that causes this, but you need to trigger the raise here.
  2. The ClientAuthenticationError makes it back to this try/except where it is caught as an Exception and the for loop is broken.

Expected behavior DefaultAzureCredential loops though all selected credential routines until it receives a token.

Screenshots Only 2 credentials attempted. 251795502-5cec91d3-2ac7-485c-bc5d-8d10990acd15

Additional context I don’t seem to have this problem from my local computer but I have to work on AzureML instances and that is where this pops up. There is likely a deeper problem here but I found that specifically catching the ClientAuthenticationError allows the routine to proceed and get a proper credential.

About this issue

  • Original URL
  • State: open
  • Created a year ago
  • Comments: 23 (9 by maintainers)

Most upvoted comments

Not sure what this “Authenticate” step specifically, but seems like it did some extra setup to allow the /MSI endpoint to work.

Hey @pvaneck I finally had a chance to try this out. I had a bit of an odd experience since the “Authenticate” button seemed to fail. I shutdown and re-started my instance and the message to Authenticate disappeared and the credentials started working.

I had a colleague reproduce our steps and they had the same experience as you. No Token before Authenticate but works fine after so I think it is a good work around.

I typically connect to my instance through VSCode so I had never seen the Authenticate button before. It would be nice to know what steps that runs so that it can be duplicated in terminal or code so that users aren’t forced to log into the portal if they otherwise don’t need to.

When you had set the AZURE_CLIENT_ID envvar yourself, what error were you receiving from DefaultAzureCredential? From what I understand it should skip EnvironmentCredential if no complete set of environment variables is found

Since I’ve Authenticated using your method, I can’t seem to reproduce the Environment Variable error I was getting. I’m not sure how often the authentication has to be re-done so if I see it needing to be done again, I’ll try it out and post the error here.

Thanks for all of your help with this!

+1
PhysWiz314 on Sep 1, 2023
Read more comments on GitHub
← azure-sdk-for-python: Unable to consume events using interactive browser credential
azure-sdk-for-python: Unexpected program hang after exception is raised while iterating a generator →