Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG][Azure.Identity] ManagedIdentityClient cache issue #23028

Closed
zhiweiv opened this issue Jul 31, 2021 · 1 comment · Fixed by #23728
Closed

[BUG][Azure.Identity] ManagedIdentityClient cache issue #23028

zhiweiv opened this issue Jul 31, 2021 · 1 comment · Fixed by #23728
Assignees
@christothes @schaabs
Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that

Comments

@zhiweiv
Copy link

zhiweiv commented Jul 31, 2021
edited
Loading

Describe the bug
Each ManagedIdentityClient object caches a ManagedIdentitySource instance, when initialized ImdsManagedIdentitySource try to probe the imds endpoint.

We uses pod identity to work with Managed Identity. We found sometimes ImdsManagedIdentitySource failed to probe imds endpoint due to temporary network issue.

When this happen, ManagedIdentityClient caches a default null ManagedIdentitySource, and all following token requests will get CredentialUnavailableException.

Is it ok to only cache good ManagedIdentitySource instance in ManagedIdentityClient? Then the retry code can work without the need to rebuild a new ManagedIdentityCredential.

Environment:

  • Name and version of the Library package used: Azure.Identity 1.4.0
  • Hosting platform or OS and .NET runtime version: .NET 5.0 in AKS Linux container
@ghost ghost added needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Jul 31, 2021
@jsquire jsquire added Azure.Identity Client This issue points to a problem in the data-plane of the library. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team labels Jul 31, 2021
@ghost ghost removed the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Jul 31, 2021
@jsquire
Copy link
Member

jsquire commented Jul 31, 2021

Thank you for your feedback. Tagging and routing to the team members best able to assist.

@schaabs schaabs mentioned this issue Sep 1, 2021
Merged
@github-actions github-actions bot locked and limited conversation to collaborators Mar 27, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@christothes christothes

@schaabs schaabs

Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Refactor IMDS discovery to remove socket probing and caching of failures schaabs/azure-sdk-for-net
4 participants
@jsquire @christothes @schaabs @zhiweiv