search

Azure / azure-sdk-for-net

This repository is for active development of the Azure SDK for .NET. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/dotnet/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-net.
MIT License
5.48k stars 4.81k forks source link

[BUG] ManagedIdentity does not handle RetryPolicy correct #47178

Closed jonnybee closed 3 days ago

jonnybee commented 3 days ago

Library name and version

Azure.Identity v1.13.x

Describe the bug

Since v1.13.0 release the GetTokenAsync method does not honor RetryPolicy correct.

This bug is related to suggested fix in 47156

Expected behavior

The GetTokenAsync method should throw an Exception within 5 seconds when configured with MaxRetries = 0 and DelayStrategy = 5 seconds and no Token is available as it did in v1.12.1 and older versions.

Actual behavior

In v1.13.1 the same code will now throw AuthenticationFailedException after 21 seconds when token is not available.

Reproduction Steps

var options = new TokenCredentialOptions()
{
    // RetryPolicy with MaxRetries=0 and DelayStrategy of 5 seconds
    RetryPolicy = new RetryPolicy(0, DelayStrategy.CreateFixedDelayStrategy(TimeSpan.FromSeconds(5)))
};
var credential = new ManagedIdentityCredential(options: options);
var scopes = "api://52940e13-4781-4ef7-a380-01494c61b4b7";

var tokenRequestContext = new TokenRequestContext(scopes.Split(new []{','}, StringSplitOptions.RemoveEmptyEntries));
var token = await credential.GetTokenAsync(tokenRequestContext);

Environment

.NET SDK: Version: 9.0.100 Commit: 59db016f11 Workload version: 9.0.100-manifests.c6f19616 MSBuild version: 17.12.7+5b8665660

Runtime Environment: OS Name: Windows OS Version: 10.0.22631 OS Platform: Windows RID: win-x64 Base Path: C:\Program Files\dotnet\sdk\9.0.100\

github-actions[bot] commented 3 days ago

Thank you for your feedback. Tagging and routing to the team member best able to assist.

christothes commented 3 days ago

Hi @jonnybee - I'm unable to reproduce this behavior. It fails immediately for me and takes the expected multiple of 5 seconds when a non-zero retry count is specified. What you are encountering is the network timeout for the first attempt to the local endpoint which is being responded to by some service or proxy in your local environment.

You can change the network timeout via the options like this:

options.Retry.NetworkTimeout = TimeSpan.FromSeconds(5);