azure-sdk-for-go icon indicating copy to clipboard operation
azure-sdk-for-go copied to clipboard

Published 20 hours ago verified publisher icon Azure

DefaultAzureCredential broken in azidentity v1.6.0/v1.7.0

Open hamid-elaosta opened this issue 7 months ago • 5 comments

Bug Report

  • "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
  • v1.6.0 and v1.7.0
  • go version go1.22.4 linux/amd64

Using code almost identical to the sample found here: https://github.com/Azure-Samples/azure-sdk-for-go-samples/blob/main/sdk/azstart/azstart.go?plain=1#L47

We have been able to manage secrets in AKV for some time using v1.5.2. Updating to v1.6.0 or v1.7.0 of the package breaks, while v1.5.2 works as expected.

The output when using v1.6.0 or above is as follows:

DefaultAzureCredential authentication failed. failed to acquire a token.
Attempted credentials:
        EnvironmentCredential: incomplete environment variable configuration. Only AZURE_TENANT_ID and AZURE_CLIENT_ID are set
        WorkloadIdentityCredential: no token file specified. Check pod configuration or set TokenFilePath in the options
        ManagedIdentityCredential authentication failed. ManagedIdentityCredential authentication failed. authentication failed
GET http://169.254.169.254/metadata/identity/oauth2/token
--------------------------------------------------------------------------------
RESPONSE 404 Not Found
--------------------------------------------------------------------------------
not found
--------------------------------------------------------------------------------
To troubleshoot, visit https://aka.ms/azsdk/go/identity/troubleshoot#managed-id
GET http://169.254.169.254/metadata/identity/oauth2/token
--------------------------------------------------------------------------------
RESPONSE 404 Not Found
--------------------------------------------------------------------------------
not found
--------------------------------------------------------------------------------
To troubleshoot, visit https://aka.ms/azsdk/go/identity/troubleshoot#managed-id
GET http://169.254.169.254/metadata/identity/oauth2/token
--------------------------------------------------------------------------------
RESPONSE 404 Not Found
--------------------------------------------------------------------------------
not found
--------------------------------------------------------------------------------

Downgrading back to v1.5.2 works as expected.

See also for how I came across this issue: https://github.com/helmfile/vals/issues/441

hamid-elaosta avatar Jun 26 '24 16:06 hamid-elaosta