Open juergstaub opened 1 year ago
Hi @juergstaub, Have you tried using --identity-client-id/ --identity-object-id parameter? Also, we would recommend you to use Auto-login, instead of the login command.
Yes, I did try to use -identity-client-id with no success. I will try auto-login and comment.
I tried auto-login with AZCOPY_MSI_OBJECT_ID and AZCOPY_MSI_CLIENT_ID with no success; the error message for the command
azcopy list https://<mysta>.blob.core.windows.net
is:
INFO: Authenticating to source using Azure AD
failed to obtain credential info: no cached token found, please log in with azcopy's login command, required key not available
Hi @juergstaub, have you set the environment variable AZCOPY_AUTO_LOGIN_TYPE? Also, please use the latest version.
$ printenv | grep AZCOPY
AZCOPY_MSI_CLIENT_ID=<MI_CLIENT_ID>
AZCOPY_AUTO_LOGIN_TYPE=MSI
$ azcopy --version
azcopy version 10.17.0
$ azcopy list https://<mysta>.blob.core.windows.net/
Failed to perform Auto-login: failed to get token from msi, status code: 400.
I have the same issue
I also have the same issue. I've tried following the instructions here: https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-authorize-azure-active-directory#authorize-by-using-a-user-assigned-managed-identity-1
Given these instructions, I've tried: setting AZCOPY_AUTO_LOGIN_TYPE=MSI along with each of AZCOPY_MSI_CLIENT_ID, AZCOPY_MSI_OBJECT_ID or AZCOPY_MSI_RESOURCE_STRING with the correct values.
All result in the same error:
Failed to perform login command: failed to get token from msi, status code: 400
Any updates on this? Has anyone been able to find a solution/workaround?
Try using the latest version 10.23.x and do the following:
$env:AZCOPY_AUTO_LOGIN_TYPE="MSI" $env:AZCOPY_MSI_CLIENT_ID="XXXXXX" (add this If you used a user-assigned managed identity, remove this. If not)
and do you azcopy action.
This works for me.
Hi, all please upgrade to the latest AzCopy version and perform the steps suggested above.
I am experiencing the same issue. I have a user assigned managed Identity. I am attempting to auto login with acopy to access a storage account. The MI is a storage account blob contributor. Installed version of azcopy is 10.24.0 I execute: $env:AZCOPY_AUTO_LOGIN_TYPE="MSI" $env:AZCOPY_MSI_CLIENT_ID="XXXXXX" where XXXXX is the clientID of the MI When I run azcopy list I get:
{ "error": "invalid_request", "error_description": "Identity not found"
I also tried: azcopy login --identity --identity-client-id "ClientID" Same error
Any ideas on how to solve?
Which version of the AzCopy was used?
10.16.2
Which platform are you using? (ex: Windows, Mac, Linux)
Linux
What command did you run?
azcopy login --identity
What problem was encountered?
azcopy login --identity returns the following error:
Failed to perform login command: failed to get token from msi, status code: 400
How can we reproduce the problem in the simplest way?
Have you found a mitigation/solution?
No
The same command works fine on normal Azure VMs with the same user-defined managed identity