[identity] update msal versions and IMDS probing guidance (#29237)

Co-authored-by: Scott Addie <10702007+scottaddie@users.noreply.github.com>
Azure · Apr 10, 2024 · 6eb811e · 6eb811e
1 parent 4a97846
commit 6eb811e
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 13 deletions.
diff --git a/sdk/identity/identity/BREAKING_CHANGES.md b/sdk/identity/identity/BREAKING_CHANGES.md
@@ -1,5 +1,9 @@
 # Breaking Changes
 
+## 4.1.0
+
+As of `@azure/identity` 4.1.0, the number of IMDS probing retries has been increased to 5 (from 3 initially) to match the [IMDS retry guidance](https://learn.microsoft.com/entra/identity/managed-identities-azure-resources/how-to-use-vm-token#retry-guidance) in the `DefaultAzureCredential` and `ManagedIdentityCredential`. The users should be able to override the behavior, if required, by setting the `options.retryOptions.maxRetries` in the respective credential.
+
 ## 3.0.0
 
 As of `@azure/identity` 3.0.0, the default behavior of credentials supporting multi-tenant authentication has changed. Each of these credentials will throw an error if the requested `tenantId` doesn't match the tenant ID originally configured on the credential. Apps must now do one of the following things:
@@ -8,15 +12,15 @@ As of `@azure/identity` 3.0.0, the default behavior of credentials supporting mu
 
 ```typescript Snippet:Identity_BreakingChanges_AddExplicitAdditionallyAllowedTenants
 const credential = new DefaultAzureCredential({
-  additionallyAllowedTenants: ["<tenant_id_1>", "<tenant_id_2>"]
+  additionallyAllowedTenants: ["<tenant_id_1>", "<tenant_id_2>"],
 });
 ```
 
 - Add `*` to enable token acquisition from any tenant, which is the original behavior. For example:
 
 ```typescript Snippet:Identity_BreakingChanges_AddAllAdditionallyAllowedTenants
 const credential = new DefaultAzureCredential({
-  additionallyAllowedTenants: ["*"]
+  additionallyAllowedTenants: ["*"],
 });
 ```
 

diff --git a/sdk/identity/identity/CHANGELOG.md b/sdk/identity/identity/CHANGELOG.md
@@ -1,21 +1,19 @@
 # Release History
 
-## 4.1.0-beta.2 (Unreleased)
+## 4.1.0 (2024-04-09)
 
 ### Features Added
 
-- `InteractiveBrowserCredential`: Added support for using the default broker account. [#28979](https://github.com/Azure/azure-sdk-for-js/pull/28979)
+- `InteractiveBrowserCredential`: Added support for using the default broker account. [#28979](https://github.com/Azure/azure-sdk-for-js/pull/28979).
 
 ### Breaking Changes
 
-- IMDS probing retry configuration updated for `DefaultAzureCredential`, with `maxRetryCount` increased to 5.
+- IMDS probing retry configuration updated for `DefaultAzureCredential` and `ManagedIdentityCredential`, with `maxRetryCount` increased to 5. For more information, see [BREAKING_CHANGES.md](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/BREAKING_CHANGES.md#410).
 
 ### Bugs Fixed
 
 - msal cache files are properly named when the user does not pass in a custom file name [#29039](https://github.com/Azure/azure-sdk-for-js/pull/29039)
-- Allow IMDS probing retry options in `ManagedIdentityCredential` to be overridden by customers
-
-### Other Changes
+- Allow IMDS probing retry options in `ManagedIdentityCredential` and `DefaultAzureCredential` to be overridden by customers.
 
 ## 4.1.0-beta.1 (2024-02-06)
 

diff --git a/sdk/identity/identity/package.json b/sdk/identity/identity/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@azure/identity",
   "sdk-type": "client",
-  "version": "4.1.0-beta.2",
+  "version": "4.1.0",
   "description": "Provides credential implementations for Azure SDK libraries that can authenticate with Microsoft Entra ID",
   "main": "dist/index.js",
   "module": "dist-esm/src/index.js",
@@ -114,8 +114,8 @@
     "@azure/core-tracing": "^1.0.0",
     "@azure/core-util": "^1.3.0",
     "@azure/logger": "^1.0.0",
-    "@azure/msal-browser": "^3.5.0",
-    "@azure/msal-node": "^2.5.1",
+    "@azure/msal-browser": "^3.11.1",
+    "@azure/msal-node": "^2.6.6",
     "events": "^3.0.0",
     "jws": "^4.0.0",
     "open": "^8.0.0",

diff --git a/sdk/identity/identity/src/credentials/managedIdentityCredential/index.ts b/sdk/identity/identity/src/credentials/managedIdentityCredential/index.ts
@@ -71,7 +71,7 @@ export class ManagedIdentityCredential implements TokenCredential {
   private confidentialApp: ConfidentialClientApplication;
   private isAppTokenProviderInitialized: boolean = false;
   private msiRetryConfig: MSIConfiguration["retryConfig"] = {
-    maxRetries: 3,
+    maxRetries: 5,
     startDelayInMs: 800,
     intervalIncrement: 2,
   };

diff --git a/sdk/identity/identity/test/internal/node/managedIdentityCredential.spec.ts b/sdk/identity/identity/test/internal/node/managedIdentityCredential.spec.ts
@@ -323,9 +323,9 @@ describe("ManagedIdentityCredential", function () {
         createResponse(404),
         createResponse(404),
         createResponse(404),
+        createResponse(404),
       ],
     });
-
     assert.ok(
       error!.message!.indexOf(
         `Failed to retrieve IMDS token after ${credential["msiRetryConfig"].maxRetries} retries.`,