Authentication with user managed identity fails / hardcoded APIPA ip-address #29047
Assignees
Labels
Account
az login/account
Auto-Assign
Auto assign by bot
Auto-Resolve
Auto resolve by bot
Azure CLI Team
The command of the issue is owned by Azure CLI team
customer-reported
Issues that are reported by GitHub users external to the Azure organization.
question
The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Milestone
Comments
amazingdragi
added
the
bug
|
Hi @amazingdragi, 2.55.0 is not the latest Azure CLI(2.61.0). If you haven't already attempted to do so, please upgrade to the latest Azure CLI version by following https://learn.microsoft.com/en-us/cli/azure/update-azure-cli. |
microsoft-github-policy-service
bot
added
the
customer-reported
|
Thank you for opening this issue, we will look into it. |
microsoft-github-policy-service
bot
added
Auto-Assign
microsoft-github-policy-service
bot
added
Azure CLI Team
yonzhan
removed
the
bug
|
Which type of resource (VM, App Service, Azure Functions, ...) is this user assigned managed identity assigned to? It is possible this is a unsupported resource. See #25860 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
I am trying to authenticate with an user managed identity and then subsequently upload some files to an Azure Storage account. However, the login fails due to hardcoded APIPA IP-addresses in the request, it can be seen in the error message
Related command
az login --identity --username $userID --debug
Errors
cli.azure.cli.core.azclierror: MSI endpoint is not responding. Please make sure MSI is configured correctly.
Error detail: MSI: Failed to acquire tokens after 12 times
az_command_data_logger: MSI endpoint is not responding. Please make sure MSI is configured correctly.
Error detail: MSI: Failed to acquire tokens after 12 times
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x000002344B066160>]
Issue script & Debug output
msrestazure.azure_active_directory: MSI: wait: 0.1s and retry: 1
urllib3.connectionpool: Starting new HTTP connection (1): localhost:8888
urllib3.connectionpool: http://localhost:8888 "GET http://169.254.169.254/metadata/identity/oauth2/token?resource=https%3A%2F%2Fmanagement.core.windows.net%2F&api-version=2018-02-01&msi_res_id=%2Fsubscriptions%2FSubscriptionID%2Fresourcegroups%2FRG-123%2Fproviders%2FMicrosoft.ManagedIdentity%2FuserAssignedIdentities%2FManagedID HTTP/1.1" 504 None
msrestazure.azure_active_directory: MSI: Retrieving a token from http://169.254.169.254/metadata/identity/oauth2/token, with payload {'resource': 'https://management.core.windows.net/', 'api-version': '2018-02-01', 'msi_res_id': '/subscriptions/SubscriptionID/resourcegroups/RG-123/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ManagedID'}
Expected behavior
Login succesful with an auth token as output
Environment Summary
azure-cli 2.55.0
core 2.55.0
telemetry 1.1.0
Dependencies:
msal 1.24.0b2
azure-mgmt-resource 23.1.0b2
Python location 'C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe'
Extensions directory 'C:\Users\Bxxxxxx.azure\cliextensions'
Python (Windows) 3.11.5 (tags/v3.11.5:cce6ba9, Aug 24 2023, 14:38:34) [MSC v.1936 64 bit (AMD64)]
Legal docs and information: aka.ms/AzureCliLegal
Unable to check if your CLI is up-to-date. Check your internet connection.
Additional context
The same issue applies to azcopy login --identity
The text was updated successfully, but these errors were encountered: