azure-sdk-for-python: Uncaught Exception in DefaultAzureCredential
- Package Name: azure-identity
- Package Version: 1.13.0
- Operating System: AzureML Instance: Ubuntu 20.04
- Python Version: 3.8
Describe the bug When using DefaultAzureCredential, there is an exception coming from ManagedIdentityClient that causes DefaultAzureCredential to stop trying different methods and ends up failing to get credentials.
I can work around this by using AzureCliCredential (or one of the other credential methods) but I cannot use this workaround when using other packages like mltable
or azure-fsspec
since they seem to run their own credential routine.
To Reproduce Steps to reproduce the behavior:
- I don’t know what it is about my Managed Identity setup that causes this, but you need to trigger the raise here.
- The
ClientAuthenticationError
makes it back to this try/except where it is caught as anException
and the for loop is broken.
Expected behavior DefaultAzureCredential loops though all selected credential routines until it receives a token.
Screenshots Only 2 credentials attempted.
Additional context I don’t seem to have this problem from my local computer but I have to work on AzureML instances and that is where this pops up. There is likely a deeper problem here but I found that specifically catching the ClientAuthenticationError allows the routine to proceed and get a proper credential.
About this issue
- Original URL
- State: open
- Created a year ago
- Comments: 23 (9 by maintainers)
Hey @pvaneck I finally had a chance to try this out. I had a bit of an odd experience since the “Authenticate” button seemed to fail. I shutdown and re-started my instance and the message to Authenticate disappeared and the credentials started working.
I had a colleague reproduce our steps and they had the same experience as you. No Token before Authenticate but works fine after so I think it is a good work around.
I typically connect to my instance through VSCode so I had never seen the Authenticate button before. It would be nice to know what steps that runs so that it can be duplicated in terminal or code so that users aren’t forced to log into the portal if they otherwise don’t need to.
Since I’ve Authenticated using your method, I can’t seem to reproduce the Environment Variable error I was getting. I’m not sure how often the authentication has to be re-done so if I see it needing to be done again, I’ll try it out and post the error here.
Thanks for all of your help with this!