azure-workload-identity icon indicating copy to clipboard operation
azure-workload-identity copied to clipboard
verified publisher icon Azure

Add language-specific examples with AzureIdentity SDK to access Azure resources

Open aramase opened this issue 4 years ago • 2 comments

  • Add language-specific examples with SDK to access Azure resources
    • Different languages
      • [ ] go
      • [x] .NET
      • [x] Python
      • [x] JavaScript
      • [x] Java
    • Examples with how to access different Azure resources
      • [x] Key Vault

The Azure Identity beta sdks are available for node, python, java and .NET

aramase avatar Oct 01 '21 17:10 aramase

I tried to use ManagedIdentityCredential with Azure Workload Identity to access a blob in a storageaccount, like this:

var credential = new ManagedIdentityCredentialBuilder().build();

Authentication works, but repeated accesses are slow (30s) and I receive the following log messages:

2022-08-25 13:51:52.535 [parallel-4] [INFO] com.azure.identity.ManagedIdentityCredential - Azure Identity => Managed Identity environment: AZURE AKS TOKEN EXCHANGE
2022-08-25 13:51:52.535 [parallel-4] [INFO] com.azure.identity.ManagedIdentityCredential - Azure Identity => getToken() result for scopes [https://storage.azure.com/.default]: SUCCESS
2022-08-25 13:51:52.535 [parallel-4] [INFO] com.azure.core.implementation.AccessTokenCache - Acquired a new access token at 1661424686 seconds after expiry. Retry may be attempted after 30 seconds.

The strange timestamp is now - 3600 - 26

There has been a bug against azure-identity with a similar error message: https://github.com/Azure/azure-sdk-for-java/issues/25598

I assume that I am missing something. Can you comment?

The setup works, as using ClientAssertionCredential works just fine. I can connect and read the properties of the blob, authentication is quick and new Azure AD tokens are fetched every 55 minutes.

ghost avatar Aug 25 '22 16:08 ghost

I tried to use ManagedIdentityCredential with Azure Workload Identity to access a blob in a storageaccount, like this:

var credential = new ManagedIdentityCredentialBuilder().build();

Authentication works, but repeated accesses are slow (30s) and I receive the following log messages:

2022-08-25 13:51:52.535 [parallel-4] [INFO] com.azure.identity.ManagedIdentityCredential - Azure Identity => Managed Identity environment: AZURE AKS TOKEN EXCHANGE
2022-08-25 13:51:52.535 [parallel-4] [INFO] com.azure.identity.ManagedIdentityCredential - Azure Identity => getToken() result for scopes [https://storage.azure.com/.default]: SUCCESS
2022-08-25 13:51:52.535 [parallel-4] [INFO] com.azure.core.implementation.AccessTokenCache - Acquired a new access token at 1661424686 seconds after expiry. Retry may be attempted after 30 seconds.

The strange timestamp is now - 3600 - 26

There has been a bug against azure-identity with a similar error message: Azure/azure-sdk-for-java#25598

I assume that I am missing something. Can you comment?

The setup works, as using ClientAssertionCredential works just fine. I can connect and read the properties of the blob, authentication is quick and new Azure AD tokens are fetched every 55 minutes.

@FlorianZieglerFeuerbach Thanks for commenting here. Azure Workload Identity only sets up the env vars used by sdks. For sdk specific issues, I would recommend opening an issue in the corresponding sdk repo so maintainers of the sdk would be able to respond to the issue.

aramase avatar Aug 25 '22 16:08 aramase