search

Azure / azure-sdk-for-net

This repository is for active development of the Azure SDK for .NET. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/dotnet/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-net.
MIT License
5.25k stars 4.58k forks source link

[BUG] ManagedIdentityCredential takes a long time to fail when used in ChainedTokenCredential #45647

Closed giulianob closed 1 week ago

giulianob commented 2 weeks ago

Library name and version

Azure.Identity 1.12

Describe the bug

The ManagedIdentityCredential will probe IMDS and fail quickly but this only works when it's created via DefaultAzureCredential. If a ManagedIdentityCredential is manually created and and used within a ChainedTokenCredential the ManagedIdentityCredential will keep retrying and take ~25 seconds to fail.

Expected behavior

Ability to leverage the probing functionality of ManagedIdentityCredential without needing to rely on DefaultAzureCredential.

Actual behavior

(See repro steps below for the full error output)

Reproduction Steps

Took 00:00:01.0039585 to get token from DefaultAzureCredential. Expires on 8/22/2024 7:56:24 PM +00:00. Took 00:00:24.5510537 to get token from ChainedTokenCredential. Expires on 8/22/2024 7:56:24 PM +00:00.

Sample:

            using AzureEventSourceListener listener = AzureEventSourceListener.CreateConsoleLogger();

    var chainedCredential = new ChainedTokenCredential(
        new ManagedIdentityCredential(options: new TokenCredentialOptions
        {
            Diagnostics = { IsLoggingEnabled = true, L }
        }),
        new AzureCliCredential());

    var defaultAzureCredential = new DefaultAzureCredential(new DefaultAzureCredentialOptions
    {
        Diagnostics = { IsLoggingEnabled = true },
        ExcludeAzureCliCredential = false,
        ExcludeManagedIdentityCredential = false,
        // Disable other mechanisms so we're comparing the same thing
        ExcludeAzurePowerShellCredential = true,
        ExcludeEnvironmentCredential = true,
        ExcludeInteractiveBrowserCredential = true,
        ExcludeAzureDeveloperCliCredential = true,
        ExcludeSharedTokenCacheCredential = true,
        ExcludeVisualStudioCodeCredential = true,
        ExcludeVisualStudioCredential = true,
        ExcludeWorkloadIdentityCredential = true
    });

    var stopwatch = Stopwatch.StartNew();
    var token = await defaultAzureCredential.GetTokenAsync(new TokenRequestContext(new[] { "https://storage.azure.com/.default" }));
    Console.WriteLine($"Took {stopwatch.Elapsed} to get token from DefaultAzureCredential. Expires on {token.ExpiresOn}.");

    stopwatch.Restart();
    token = await chainedCredential.GetTokenAsync(new TokenRequestContext(new[] { "https://storage.azure.com/.default" }));
    Console.WriteLine($"Took {stopwatch.Elapsed} to get token from ChainedTokenCredential. Expires on {token.ExpiresOn}.");

Full output with telemetry:

[Informational] Azure-Identity: DefaultAzureCredential.GetToken invoked. Scopes: [ https://storage.azure.com/.default ] ParentRequestId: 
[Informational] Azure-Identity: ManagedIdentityCredential.GetToken invoked. Scopes: [ https://storage.azure.com/.default ] ParentRequestId: 
[Informational] Azure-Identity: False MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.33 Microsoft Windows 10.0.26100 [2024-08-22 18:43:05Z - 25cadb5b-5d18-4c87-8149-d5083bf4a560] MSAL MSAL.NetCore with assembly version '4.61.3.0'. CorrelationId(25cadb5b-5d18-4c87-8149-d5083bf4a560)
[Informational] Azure-Identity: False MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.33 Microsoft Windows 10.0.26100 [2024-08-22 18:43:05Z - 25cadb5b-5d18-4c87-8149-d5083bf4a560] === AcquireTokenForClientParameters ===
SendX5C: False
ForceRefresh: False

[Informational] Azure-Identity: False MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.33 Microsoft Windows 10.0.26100 [2024-08-22 18:43:05Z - 25cadb5b-5d18-4c87-8149-d5083bf4a560]
=== Request Data ===
Authority Provided? - True
Scopes - https://storage.azure.com/.default
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenForClient
IsConfidentialClient - True
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 25cadb5b-5d18-4c87-8149-d5083bf4a560
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:

[Informational] Azure-Identity: False MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.33 Microsoft Windows 10.0.26100 [2024-08-22 18:43:05Z - 25cadb5b-5d18-4c87-8149-d5083bf4a560] === Token Acquisition (ClientCredentialRequest) started:
     Scopes: https://storage.azure.com/.default
    Authority Host: login.microsoftonline.com
[Informational] Azure-Identity: False MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.33 Microsoft Windows 10.0.26100 [2024-08-22 18:43:05Z - 25cadb5b-5d18-4c87-8149-d5083bf4a560] [Region discovery] Not using a regional authority. 
[Informational] Azure-Identity: False MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.33 Microsoft Windows 10.0.26100 [2024-08-22 18:43:05Z - 25cadb5b-5d18-4c87-8149-d5083bf4a560] [Instance Discovery] Skipping Instance discovery because it is disabled. 
[Informational] Azure-Identity: False MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.33 Microsoft Windows 10.0.26100 [2024-08-22 18:43:05Z - 25cadb5b-5d18-4c87-8149-d5083bf4a560] [ClientCredentialRequest] Acquiring a token from the token provider.
[Informational] Azure-Core: Request [276e9385-9a56-433a-802e-b070999175b3] GET http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=REDACTED
x-ms-client-request-id:276e9385-9a56-433a-802e-b070999175b3
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.12.0 (.NET 6.0.33; Microsoft Windows 10.0.26100)
client assembly: Azure.Identity
[Informational] Azure-Core: Request [276e9385-9a56-433a-802e-b070999175b3] exception Azure.RequestFailedException: A socket operation was attempted to an unreachable network. (169.254.169.254:80)
 ---> System.Net.Http.HttpRequestException: A socket operation was attempted to an unreachable network. (169.254.169.254:80)
 ---> System.Net.Sockets.SocketException (10051): A socket operation was attempted to an unreachable network.
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
   at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|277_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
   at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
   at Azure.Core.Pipeline.HttpClientTransport.ProcessSyncOrAsync(HttpMessage message, Boolean async)
   --- End of inner exception stack trace ---
   at Azure.Core.Pipeline.HttpClientTransport.ProcessSyncOrAsync(HttpMessage message, Boolean async)
   at Azure.Core.Pipeline.HttpPipelineTransportPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.ResponseBodyPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.LoggingPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
[Error] Azure-Identity: False MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.33 Microsoft Windows 10.0.26100 [2024-08-22 18:43:05Z - 25cadb5b-5d18-4c87-8149-d5083bf4a560] Exception type: Azure.Identity.CredentialUnavailableException
---> Inner Exception Details
Exception type: Azure.RequestFailedException
---> Inner Exception Details
Exception type: System.Net.Http.HttpRequestException
---> Inner Exception Details
Exception type: System.Net.Sockets.SocketException
To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
   at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|277_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)

=== End of inner exception stack trace ===
To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging
   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
   at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
   at Azure.Core.Pipeline.HttpClientTransport.ProcessSyncOrAsync(HttpMessage message, Boolean async)

=== End of inner exception stack trace ===
To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging
   at Azure.Core.Pipeline.HttpClientTransport.ProcessSyncOrAsync(HttpMessage message, Boolean async)
   at Azure.Core.Pipeline.HttpPipelineTransportPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.ResponseBodyPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.LoggingPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.RedirectPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Identity.ManagedIdentitySource.AuthenticateAsync(Boolean async, TokenRequestContext context, CancellationToken cancellationToken)
   at Azure.Identity.ImdsManagedIdentitySource.AuthenticateAsync(Boolean async, TokenRequestContext context, CancellationToken cancellationToken)

=== End of inner exception stack trace ===
To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging
   at Azure.Identity.ImdsManagedIdentitySource.AuthenticateAsync(Boolean async, TokenRequestContext context, CancellationToken cancellationToken)
   at Azure.Identity.ManagedIdentityClient.AuthenticateCoreAsync(Boolean async, TokenRequestContext context, CancellationToken cancellationToken)
   at Azure.Identity.ManagedIdentityClient.AppTokenProviderImpl(AppTokenProviderParameters parameters)
   at Microsoft.Identity.Client.Internal.Requests.ClientCredentialRequest.SendTokenRequestToAppTokenProviderAsync(ILoggerAdapter logger, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.ClientCredentialRequest.GetAccessTokenAsync(CancellationToken cancellationToken, ILoggerAdapter logger)
   at Microsoft.Identity.Client.Internal.Requests.ClientCredentialRequest.ExecuteAsync(CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)

[Informational] Azure-Identity: ManagedIdentityCredential.GetToken was unable to retrieve an access token. Scopes: [ https://storage.azure.com/.default ] ParentRequestId:  Exception: Azure.Identity.CredentialUnavailableException (0x80131500): ManagedIdentityCredential authentication unavailable. No response received from the managed identity endpoint.
 ---> Azure.RequestFailedException (0x80131500): A socket operation was attempted to an unreachable network. (169.254.169.254:80)
 ---> System.Net.Http.HttpRequestException (0x80004005): A socket operation was attempted to an unreachable network. (169.254.169.254:80)
 ---> System.Net.Sockets.SocketException (0x80004005): A socket operation was attempted to an unreachable network.
[Informational] Azure-Identity: AzureCliCredential.GetToken invoked. Scopes: [ https://storage.azure.com/.default ] ParentRequestId: 
[Informational] Azure-Identity: AzureCliCredential.GetToken succeeded. Scopes: [ https://storage.azure.com/.default ] ParentRequestId:  ExpiresOn: 2024-08-22T19:56:24.0000000+00:00
[Informational] Azure-Identity: DefaultAzureCredential credential selected: Azure.Identity.AzureCliCredential
[Informational] Azure-Identity: DefaultAzureCredential.GetToken succeeded. Scopes: [ https://storage.azure.com/.default ] ParentRequestId:  ExpiresOn: 2024-08-22T19:56:24.0000000+00:00
Took 00:00:01.0039585 to get token from DefaultAzureCredential. Expires on 8/22/2024 7:56:24 PM +00:00.
[Informational] Azure-Identity: ManagedIdentityCredential.GetToken invoked. Scopes: [ https://storage.azure.com/.default ] ParentRequestId: 
[Informational] Azure-Identity: False MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.33 Microsoft Windows 10.0.26100 [2024-08-22 18:43:06Z - 9c0a0a0f-f8a2-4188-a7b2-7e3a54ce10de] MSAL MSAL.NetCore with assembly version '4.61.3.0'. CorrelationId(9c0a0a0f-f8a2-4188-a7b2-7e3a54ce10de)
[Informational] Azure-Identity: False MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.33 Microsoft Windows 10.0.26100 [2024-08-22 18:43:06Z - 9c0a0a0f-f8a2-4188-a7b2-7e3a54ce10de] === AcquireTokenForClientParameters ===
SendX5C: False
ForceRefresh: False

[Informational] Azure-Identity: False MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.33 Microsoft Windows 10.0.26100 [2024-08-22 18:43:06Z - 9c0a0a0f-f8a2-4188-a7b2-7e3a54ce10de]
=== Request Data ===
Authority Provided? - True
Scopes - https://storage.azure.com/.default
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenForClient
IsConfidentialClient - True
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 9c0a0a0f-f8a2-4188-a7b2-7e3a54ce10de
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:

[Informational] Azure-Identity: False MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.33 Microsoft Windows 10.0.26100 [2024-08-22 18:43:06Z - 9c0a0a0f-f8a2-4188-a7b2-7e3a54ce10de] === Token Acquisition (ClientCredentialRequest) started:
     Scopes: https://storage.azure.com/.default
    Authority Host: login.microsoftonline.com
[Informational] Azure-Identity: False MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.33 Microsoft Windows 10.0.26100 [2024-08-22 18:43:06Z - 9c0a0a0f-f8a2-4188-a7b2-7e3a54ce10de] [Region discovery] Not using a regional authority. 
[Informational] Azure-Identity: False MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.33 Microsoft Windows 10.0.26100 [2024-08-22 18:43:06Z - 9c0a0a0f-f8a2-4188-a7b2-7e3a54ce10de] [Instance Discovery] Skipping Instance discovery because it is disabled. 
[Informational] Azure-Identity: False MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.33 Microsoft Windows 10.0.26100 [2024-08-22 18:43:06Z - 9c0a0a0f-f8a2-4188-a7b2-7e3a54ce10de] [ClientCredentialRequest] Acquiring a token from the token provider.
[Informational] Azure-Core: Request [92e32410-d326-42e5-b976-2a3cfcb29ff8] GET http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=REDACTED
Metadata:REDACTED
x-ms-client-request-id:92e32410-d326-42e5-b976-2a3cfcb29ff8
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.12.0 (.NET 6.0.33; Microsoft Windows 10.0.26100)
client assembly: Azure.Identity
[Informational] Azure-Core: Request [92e32410-d326-42e5-b976-2a3cfcb29ff8] exception Azure.RequestFailedException: A socket operation was attempted to an unreachable network. (169.254.169.254:80)
 ---> System.Net.Http.HttpRequestException: A socket operation was attempted to an unreachable network. (169.254.169.254:80)
 ---> System.Net.Sockets.SocketException (10051): A socket operation was attempted to an unreachable network.
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
   at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|277_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
   at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
   at Azure.Core.Pipeline.HttpClientTransport.ProcessSyncOrAsync(HttpMessage message, Boolean async)
   --- End of inner exception stack trace ---
   at Azure.Core.Pipeline.HttpClientTransport.ProcessSyncOrAsync(HttpMessage message, Boolean async)
   at Azure.Core.Pipeline.HttpPipelineTransportPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.ResponseBodyPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.LoggingPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
[Informational] Azure-Core: Request [92e32410-d326-42e5-b976-2a3cfcb29ff8] attempt number 1 took 00.0s
[Informational] Azure-Core: Request [92e32410-d326-42e5-b976-2a3cfcb29ff8] GET http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=REDACTED
Metadata:REDACTED
x-ms-client-request-id:92e32410-d326-42e5-b976-2a3cfcb29ff8
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.12.0 (.NET 6.0.33; Microsoft Windows 10.0.26100)
client assembly: Azure.Identity
[Informational] Azure-Core: Request [92e32410-d326-42e5-b976-2a3cfcb29ff8] exception Azure.RequestFailedException: A socket operation was attempted to an unreachable network. (169.254.169.254:80)
 ---> System.Net.Http.HttpRequestException: A socket operation was attempted to an unreachable network. (169.254.169.254:80)
 ---> System.Net.Sockets.SocketException (10051): A socket operation was attempted to an unreachable network.
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
   at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|277_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
   at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
   at Azure.Core.Pipeline.HttpClientTransport.ProcessSyncOrAsync(HttpMessage message, Boolean async)
   --- End of inner exception stack trace ---
   at Azure.Core.Pipeline.HttpClientTransport.ProcessSyncOrAsync(HttpMessage message, Boolean async)
   at Azure.Core.Pipeline.HttpPipelineTransportPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.ResponseBodyPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.LoggingPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
[Informational] Azure-Core: Request [92e32410-d326-42e5-b976-2a3cfcb29ff8] attempt number 2 took 00.0s
[Informational] Azure-Core: Request [92e32410-d326-42e5-b976-2a3cfcb29ff8] GET http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=REDACTED
Metadata:REDACTED
x-ms-client-request-id:92e32410-d326-42e5-b976-2a3cfcb29ff8
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.12.0 (.NET 6.0.33; Microsoft Windows 10.0.26100)
client assembly: Azure.Identity
[Informational] Azure-Core: Request [92e32410-d326-42e5-b976-2a3cfcb29ff8] exception Azure.RequestFailedException: A socket operation was attempted to an unreachable network. (169.254.169.254:80)
 ---> System.Net.Http.HttpRequestException: A socket operation was attempted to an unreachable network. (169.254.169.254:80)
 ---> System.Net.Sockets.SocketException (10051): A socket operation was attempted to an unreachable network.
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
   at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|277_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
   at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
   at Azure.Core.Pipeline.HttpClientTransport.ProcessSyncOrAsync(HttpMessage message, Boolean async)
   --- End of inner exception stack trace ---
   at Azure.Core.Pipeline.HttpClientTransport.ProcessSyncOrAsync(HttpMessage message, Boolean async)
   at Azure.Core.Pipeline.HttpPipelineTransportPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.ResponseBodyPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.LoggingPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
[Informational] Azure-Core: Request [92e32410-d326-42e5-b976-2a3cfcb29ff8] attempt number 3 took 00.0s
[Informational] Azure-Core: Request [92e32410-d326-42e5-b976-2a3cfcb29ff8] GET http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=REDACTED
Metadata:REDACTED
x-ms-client-request-id:92e32410-d326-42e5-b976-2a3cfcb29ff8
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.12.0 (.NET 6.0.33; Microsoft Windows 10.0.26100)
client assembly: Azure.Identity
[Informational] Azure-Core: Request [92e32410-d326-42e5-b976-2a3cfcb29ff8] exception Azure.RequestFailedException: A socket operation was attempted to an unreachable network. (169.254.169.254:80)
 ---> System.Net.Http.HttpRequestException: A socket operation was attempted to an unreachable network. (169.254.169.254:80)
 ---> System.Net.Sockets.SocketException (10051): A socket operation was attempted to an unreachable network.
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
   at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|277_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
   at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
   at Azure.Core.Pipeline.HttpClientTransport.ProcessSyncOrAsync(HttpMessage message, Boolean async)
   --- End of inner exception stack trace ---
   at Azure.Core.Pipeline.HttpClientTransport.ProcessSyncOrAsync(HttpMessage message, Boolean async)
   at Azure.Core.Pipeline.HttpPipelineTransportPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.ResponseBodyPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.LoggingPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
[Informational] Azure-Core: Request [92e32410-d326-42e5-b976-2a3cfcb29ff8] attempt number 4 took 00.0s
[Informational] Azure-Core: Request [92e32410-d326-42e5-b976-2a3cfcb29ff8] GET http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=REDACTED
Metadata:REDACTED
x-ms-client-request-id:92e32410-d326-42e5-b976-2a3cfcb29ff8
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.12.0 (.NET 6.0.33; Microsoft Windows 10.0.26100)
client assembly: Azure.Identity
[Informational] Azure-Core: Request [92e32410-d326-42e5-b976-2a3cfcb29ff8] exception Azure.RequestFailedException: A socket operation was attempted to an unreachable network. (169.254.169.254:80)
 ---> System.Net.Http.HttpRequestException: A socket operation was attempted to an unreachable network. (169.254.169.254:80)
 ---> System.Net.Sockets.SocketException (10051): A socket operation was attempted to an unreachable network.
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
   at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|277_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
   at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
   at Azure.Core.Pipeline.HttpClientTransport.ProcessSyncOrAsync(HttpMessage message, Boolean async)
   --- End of inner exception stack trace ---
   at Azure.Core.Pipeline.HttpClientTransport.ProcessSyncOrAsync(HttpMessage message, Boolean async)
   at Azure.Core.Pipeline.HttpPipelineTransportPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.ResponseBodyPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.LoggingPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
[Informational] Azure-Core: Request [92e32410-d326-42e5-b976-2a3cfcb29ff8] attempt number 5 took 00.0s
[Informational] Azure-Core: Request [92e32410-d326-42e5-b976-2a3cfcb29ff8] GET http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=REDACTED
Metadata:REDACTED
x-ms-client-request-id:92e32410-d326-42e5-b976-2a3cfcb29ff8
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.12.0 (.NET 6.0.33; Microsoft Windows 10.0.26100)
client assembly: Azure.Identity
[Informational] Azure-Core: Request [92e32410-d326-42e5-b976-2a3cfcb29ff8] exception Azure.RequestFailedException: A socket operation was attempted to an unreachable network. (169.254.169.254:80)
 ---> System.Net.Http.HttpRequestException: A socket operation was attempted to an unreachable network. (169.254.169.254:80)
 ---> System.Net.Sockets.SocketException (10051): A socket operation was attempted to an unreachable network.
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
   at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|277_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
   at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
   at Azure.Core.Pipeline.HttpClientTransport.ProcessSyncOrAsync(HttpMessage message, Boolean async)
   --- End of inner exception stack trace ---
   at Azure.Core.Pipeline.HttpClientTransport.ProcessSyncOrAsync(HttpMessage message, Boolean async)
   at Azure.Core.Pipeline.HttpPipelineTransportPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.ResponseBodyPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.LoggingPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
[Error] Azure-Identity: False MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.33 Microsoft Windows 10.0.26100 [2024-08-22 18:43:29Z - 9c0a0a0f-f8a2-4188-a7b2-7e3a54ce10de] Exception type: Azure.Identity.CredentialUnavailableException
---> Inner Exception Details
Exception type: System.AggregateException
---> Inner Exception Details
Exception type: Azure.RequestFailedException
---> Inner Exception Details
Exception type: System.Net.Http.HttpRequestException
---> Inner Exception Details
Exception type: System.Net.Sockets.SocketException
To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
   at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|277_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)

=== End of inner exception stack trace ===
To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging
   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
   at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
   at Azure.Core.Pipeline.HttpClientTransport.ProcessSyncOrAsync(HttpMessage message, Boolean async)

=== End of inner exception stack trace ===
To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging
   at Azure.Core.Pipeline.HttpClientTransport.ProcessSyncOrAsync(HttpMessage message, Boolean async)
   at Azure.Core.Pipeline.HttpPipelineTransportPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.ResponseBodyPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.LoggingPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.RedirectPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)

=== End of inner exception stack trace ===
To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging
   at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Identity.ManagedIdentitySource.AuthenticateAsync(Boolean async, TokenRequestContext context, CancellationToken cancellationToken)
   at Azure.Identity.ImdsManagedIdentitySource.AuthenticateAsync(Boolean async, TokenRequestContext context, CancellationToken cancellationToken)

=== End of inner exception stack trace ===
To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging
   at Azure.Identity.ImdsManagedIdentitySource.AuthenticateAsync(Boolean async, TokenRequestContext context, CancellationToken cancellationToken)
   at Azure.Identity.ManagedIdentityClient.AuthenticateCoreAsync(Boolean async, TokenRequestContext context, CancellationToken cancellationToken)
   at Azure.Identity.ManagedIdentityClient.AppTokenProviderImpl(AppTokenProviderParameters parameters)
   at Microsoft.Identity.Client.Internal.Requests.ClientCredentialRequest.SendTokenRequestToAppTokenProviderAsync(ILoggerAdapter logger, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.ClientCredentialRequest.GetAccessTokenAsync(CancellationToken cancellationToken, ILoggerAdapter logger)
   at Microsoft.Identity.Client.Internal.Requests.ClientCredentialRequest.ExecuteAsync(CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)

[Informational] Azure-Identity: ManagedIdentityCredential.GetToken was unable to retrieve an access token. Scopes: [ https://storage.azure.com/.default ] ParentRequestId:  Exception: Azure.Identity.CredentialUnavailableException (0x80131500): ManagedIdentityCredential authentication unavailable. Multiple attempts failed to obtain a token from the managed identity endpoint.
 ---> System.AggregateException (0x80131500): Retry failed after 6 tries. Retry settings can be adjusted in ClientOptions.Retry or by configuring a custom retry policy in ClientOptions.RetryPolicy. (A socket operation was attempted to an unreachable network. (169.254.169.254:80)) (A socket operation was attempted to an unreachable network. (169.254.169.254:80)) (A socket operation was attempted to an unreachable network. (169.254.169.254:80)) (A socket operation was attempted to an unreachable network. (169.254.169.254:80)) (A socket operation was attempted to an unreachable network. (169.254.169.254:80)) (A socket operation was attempted to an unreachable network. (169.254.169.254:80))
 ---> Azure.RequestFailedException (0x80131500): A socket operation was attempted to an unreachable network. (169.254.169.254:80)
 ---> System.Net.Http.HttpRequestException (0x80004005): A socket operation was attempted to an unreachable network. (169.254.169.254:80)
 ---> System.Net.Sockets.SocketException (0x80004005): A socket operation was attempted to an unreachable network.
[Informational] Azure-Identity: AzureCliCredential.GetToken invoked. Scopes: [ https://storage.azure.com/.default ] ParentRequestId: 
[Informational] Azure-Identity: AzureCliCredential.GetToken succeeded. Scopes: [ https://storage.azure.com/.default ] ParentRequestId:  ExpiresOn: 2024-08-22T19:56:24.0000000+00:00
Took 00:00:24.5510537 to get token from ChainedTokenCredential. Expires on 8/22/2024 7:56:24 PM +00:00.

Environment

No response

github-actions[bot] commented 2 weeks ago

Thank you for your feedback. Tagging and routing to the team member best able to assist.

christothes commented 2 weeks ago

Hi @giulianob - This is the expected default behavior.

If you want to customize the retry behavior, this can be done by customizing the RetryOptions on the options passed to the ManagedIdentityCredential

github-actions[bot] commented 2 weeks ago

Hi @giulianob. Thank you for opening this issue and giving us the opportunity to assist. To help our team better understand your issue and the details of your scenario please provide a response to the question asked above or the information requested above. This will help us more accurately address your issue.

giulianob commented 2 weeks ago

@christothes I haven't been able to find a way to accomplish the same thing as what DefaultAzureCredentials does without some hacking around. I believe I would have to essentially re-implement what is available internally but not exposed:

  1. Implement a custom pipeline that keeps track of the first request to ManagedIdentity and removes the Metadata header to do the probing request
  2. Make the network timeout conditional on whether it's the first request
  3. Implement a custom retry policy which then keeps track of whether it's a probing request and does not retry

I understand this is currently the expected behavior but this is a design bug IMO if using managed identity within the ChainedTokenCredential takes ~25s every time.

christothes commented 2 weeks ago

If you want the probe behavior, you could replace ManagedIdentityCredential with DefaultAzureCredential in your chain and construct it with DefaultAzureCredentialOptions setting all the Exclude*Credential properties set to true except for ExcludeManagedIdentityCredential.

I understand this is currently the expected behavior but this is a design bug IMO if using managed identity within the ChainedTokenCredential takes ~25s every time.

ManagedIdentityCredential is designed to be resilient when attempting to connect to the IMDS endpoint and will retry exponentially. As mentioned in my previous reply, the retry behavior can be customized. However, since it is not constructed by the ChainedTokenCredential it is not aware that it is part of a chain and will not be configured with the probing behavior.

github-actions[bot] commented 2 weeks ago

Hi @giulianob. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text "/unresolve" to remove the "issue-addressed" label and continue the conversation.

mattgotteiner commented 2 weeks ago

@christothes: we understand the behavior is as designed. Our comment is that the behavior as designed caused an unexpected issue for us. As @giulianob pointed out, any customer that hits the unexpected issue would need to recreate the retry behavior themselves. If the retry behavior in DefaultAzureCredential were easier to use it would have made this issue easier to solve.

github-actions[bot] commented 1 week ago

Hi @giulianob, since you haven’t asked that we /unresolve the issue, we’ll close this out. If you believe further discussion is needed, please add a comment /unresolve to reopen the issue.