[BUG] ManagedIdentityCredential
adds ~10 second penalty to default DefaultAzureCredential
locally
#39295
Labels
Azure.Identity
Client
This issue points to a problem in the data-plane of the library.
customer-reported
Issues that are reported by GitHub users external to the Azure organization.
needs-team-attention
This issue needs attention from Azure service team or SDK team
question
The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Library name and version
Azure.Identity
1.10.2
Describe the bug
When using
DefaultAzureCredential
, the default behavior is to include ManagedIdentityCredential in the chain. However this adds a 10 second delay when getting a token for the first time.Whilst this isn't a massive delay, and only happens on the first token request (subsequent requests appear to cache the chained token source used and so bypass
ManagedIdentityCredential
), this can affect the inner loop of development - a 10 second delay each time you restart your application to debug a change quickly adds up.Whilst
ExcludeManagedIdentityCredential
can be disabled to mitigate this, that cannot be done if the application you're using doesn't expose a way to configure this.Expected behavior
The cost of having
ManagedIdentityCredential
in the chain should be minimal. (Ideally it be non existant, although I appreciate in practice some delay will be required)Actual behavior
Looking at logs, it appears that 4 attempts are made to call the Managed Identity endpoint, with ~1s gaps between each retry. Four retries within seconds of each other seems a bit excessive - I can see why one retry is done to avoid any transient network issues, but realistically what are the odds of a 3rd or 4th retry working?
I do get slightly different behavior's here between my work and personal machine. On my personal machine, I see HTTP Timeouts, and a delay of about 10 secs. On my work machine I see
A socket operation was attempted to an unreachable network. (169.254.169.254:80)
, but the delay is closer to 5 secs.Personal Machine exception
Work Machine
Reproduction Steps
Run the following code twice - once with
ExcludeManagedIdentityCredential
set tofalse
(default behaviour), and the next with it set tofalse
. Compare the durations reported by each run.main.cs:
Environment
The text was updated successfully, but these errors were encountered: