-
Notifications
You must be signed in to change notification settings - Fork 226
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot use a User Assigned Managed Identity with azure_identity 0.20.0 #1659
Comments
You are on the right track @johnbatty. Please see this discussion for context. |
I made it public again in #1660, but it should probably be private long term. Are you looking for |
Perhaps we could just update the VirtualMachineManagedIdentityCredential constructor to take an additional Current: pub fn new(options: impl Into<TokenCredentialOptions>) -> Self {
let endpoint = Url::parse(ENDPOINT).unwrap(); // valid url constant
Self {
credential: ImdsManagedIdentityCredential::new(
options,
endpoint,
API_VERSION,
SECRET_HEADER,
SECRET_ENV,
ImdsId::SystemAssigned,
),
}
} New: pub fn new(id: ImdsId, options: impl Into<TokenCredentialOptions>) -> Self {
let endpoint = Url::parse(ENDPOINT).unwrap(); // valid url constant
Self {
credential: ImdsManagedIdentityCredential::new(
options,
endpoint,
API_VERSION,
SECRET_HEADER,
SECRET_ENV,
id,
),
}
} |
I have a similar issue and also had to revert back to 0.19 because 0.20 did not allow me to create a managed identity credentials with a customized client ID. My application runs normally in a Azure Batch VM with a identity specified from an ENV variable, but I also need to be able to run it locally with my Azure CLI credentials. Right now I use code that looks like this:
Maybe it would be possible to specify custom IDs for managed identities by extending the TokenCredentialOptions struct introduced in 0.20? If this struct would include options for the customized client IDs for the managed identity credentials, the code could be simplified to something like that:
|
Using
azure_identity
prior to 0.20.0 I was able to use specific User Assigned Managed Identity credentials like this:For 0.20.0 there was an overhaul of how credentials are created, and it no longer appears possible to create an ImdsManagedIdentity with an object_id.
This is a major issue for my project (and I imagine others) - we rely on User Assigned Managed Identities so can't upgrade
azure_identity
without a fix to restore this capability.I do note there is an outstanding issue for creating a
ManagedIdentityCredential
: #1536I'm happy to make a fix, but need to agree what the API should look like.
ImdsManagedIdentityCredential
had methods to allow you to set one ofobject_id
,client_id
oridentity
(resource id).ImdsManagedIdentityCredential
implementation does have an enum defined that includes all the different types ofImdsManagedIdentityCredential
, so we just need to provide a way to create instances with an id of each of these types.The previous method of creating an
ImdsManagedIdentityCredential
and then calling one of the other methods to set a value felt a bit hacky. Might be simpler to expose the aboveImdsId
enum in the public API, and then allow it to be passed in a new constructor.Although possibly a bit odd passing in
ImdsId
to aManagedIdentityCredential
(without theImds
prefix). Could renameImdsId
in the API, perhaps:For comparison, the .NET SDK
ManagedIdentityCredential
has multiple overloaded constructors for creating the different variants:Any thoughts/suggestions appreciated.
The text was updated successfully, but these errors were encountered: