Open amazingdragi opened 1 month ago
Hi @amazingdragi,
2.55.0 is not the latest Azure CLI(2.61.0).
If you haven't already attempted to do so, please upgrade to the latest Azure CLI version by following https://learn.microsoft.com/en-us/cli/azure/update-azure-cli.
Thank you for opening this issue, we will look into it.
Which type of resource (VM, App Service, Azure Functions, ...) is this user assigned managed identity assigned to? It is possible this is a unsupported resource. See https://github.com/Azure/azure-cli/issues/25860
Describe the bug
I am trying to authenticate with an user managed identity and then subsequently upload some files to an Azure Storage account. However, the login fails due to hardcoded APIPA IP-addresses in the request, it can be seen in the error message
Related command
az login --identity --username $userID --debug
Errors
cli.azure.cli.core.azclierror: MSI endpoint is not responding. Please make sure MSI is configured correctly. Error detail: MSI: Failed to acquire tokens after 12 times az_command_data_logger: MSI endpoint is not responding. Please make sure MSI is configured correctly. Error detail: MSI: Failed to acquire tokens after 12 times cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x000002344B066160>]
Issue script & Debug output
msrestazure.azure_active_directory: MSI: wait: 0.1s and retry: 1 urllib3.connectionpool: Starting new HTTP connection (1): localhost:8888 urllib3.connectionpool: http://localhost:8888 "GET http://**_169.254.169.254_**/metadata/identity/oauth2/token?resource=https%3A%2F%2Fmanagement.core.windows.net%2F&api-version=2018-02-01&msi_res_id=%2Fsubscriptions%2FSubscriptionID%2Fresourcegroups%2FRG-123%2Fproviders%2FMicrosoft.ManagedIdentity%2FuserAssignedIdentities%2FManagedID HTTP/1.1" 504 None msrestazure.azure_activedirectory: MSI: Retrieving a token from http:/**/169.254.169.254_**/metadata/identity/oauth2/token, with payload {'resource': 'https://management.core.windows.net/', 'api-version': '2018-02-01', 'msi_res_id': '/subscriptions/SubscriptionID/resourcegroups/RG-123/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ManagedID'}
Expected behavior
Login succesful with an auth token as output
Environment Summary
azure-cli 2.55.0
core 2.55.0 telemetry 1.1.0
Dependencies: msal 1.24.0b2 azure-mgmt-resource 23.1.0b2
Python location 'C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe' Extensions directory 'C:\Users\Bxxxxxx.azure\cliextensions'
Python (Windows) 3.11.5 (tags/v3.11.5:cce6ba9, Aug 24 2023, 14:38:34) [MSC v.1936 64 bit (AMD64)]
Legal docs and information: aka.ms/AzureCliLegal
Unable to check if your CLI is up-to-date. Check your internet connection.
Additional context
The same issue applies to azcopy login --identity