Closed rayluo closed 1 month ago
Cloud Shell is just one type of managed identity. Perhaps we should follow the same interface for Cloud Shell?
@rayluo - is this the "public preview" branch? Does MSI support include all 5 sources such as CloudShell and Azure ARC?
Do we have any feedback from Azure SDK / other customers? Is it ok to close on this?
@rayluo - is this the "public preview" branch? Does MSI support include all 5 sources such as CloudShell and Azure ARC?
Yes.
Do we have any feedback from Azure SDK / other customers? Is it ok to close on this?
No feedback yet. There seems to be no partner in urgent need of this. We will keep an eye on this, while we are actively working on SLC.
@rayluo Are there any updates on when this will move out of public preview and into the official MSAL package?
@rayluo Are there any updates on when this will move out of public preview and into the official MSAL package?
We are getting close. Some of our partner teams are testing it, as we speak. At least one needed improvement on Arc is identified.
You can also test/use it, and report your findings. @vmarcella
Hello @rayluo , it's been a long time do I understand correctly that this will push the ability to get creds from managed identity with MSAL? if so is there a timeline?
Hello @rayluo , it's been a long time do I understand correctly that this will push the ability to get creds from managed identity with MSAL? if so is there a timeline?
We aim to GA this by end of March @AlmogBentz, but it depends on testing etc. etc.
Note that Azure SDK (including the Python version) fully supports Managed Identity - https://learn.microsoft.com/en-us/python/api/overview/azure/identity-readme?view=azure-python
@rayluo - for the higher level API bear in mind that:
api://tokenExchage
magic string is different on other clouds :(I recommend you split the higher level API from the lower level one.
Is there an ETA for a new release with this feature?
Is there an ETA for a new release with this feature?
@arsdragonfly , priorities may change, so we don't provide an ETA. You may go ahead to use this PR's feature branch as a preview (pip install --force-reinstall "git+https://github.com/AzureAD/microsoft-authentication-library-for-python.git@mi"
); and subscribe/watch this repo to receive its release notifications.
Congratulations on MSAL's support for managed identity. I am sure our customers will benefit from this great new feature! 🎉
[heart] Yong Zhang reacted to your message:
From: Jiashuo Li @.> Sent: Monday, June 24, 2024 12:09:02 PM To: AzureAD/microsoft-authentication-library-for-python @.> Cc: Subscribed @.***> Subject: Re: [AzureAD/microsoft-authentication-library-for-python] Managed Identity for Azure VM, App Service, Service Fabric, etc. (PR #480)
Congratulations on MSAL's support for managed identity. I am sure our customers will benefit from this great new feature! 🎉
— Reply to this email directly, view it on GitHubhttps://github.com/AzureAD/microsoft-authentication-library-for-python/pull/480#issuecomment-2186426299, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AM4LM2CVUJ2OZR5RHJFHZBDZJAD55AVCNFSM5XVXKEA2U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMJYGY2DENRSHE4Q. You are receiving this because you are subscribed to this thread.Message ID: @.***>
Note: This is a proof-of-concept, which means there is no guarantee that this behavior will be eventually included into MSAL Python.
There are two new APIs added.
~The high level API works for your confidential client which federated with a managed identity.~ This will be moved into a separated PR for its own consideration.
The low level API acquires token for managed identity
More details of the new APIs are available here.
In order to test this PR on Azure VM, you would need to:
pip install --force-reinstall "git+https://github.com/AzureAD/microsoft-authentication-library-for-python.git@mi"
To test this on App Service
To test this on Azure Functions
To test this on Azure Automation (we have not tested this)
msal
package. But it seems Azure Automation only supports installing a package with its dependencies from PyPI. This PR is not currently available from PyPI, so, we are unable to test this.To test this on Service Fabric
Note:
https://github.com/AzureAD/microsoft-authentication-library-for-python/pull/420
.Once merged, this PR will resolve #548. Also, it will officially close #487 as the callback is no longer needed.