Unable to authenticate to Azure ML Workspace using Service Principal #13871
Comments
ghost
added
needs-triage
|
Having a similar issue connection to Azureml using service principle |
|
Same issue I have been facing as well. It worked fine until yesterday. Unable to connect to Azureml using service principal |
|
Same here. It was working fine till yesterday. From today, I am facing the same issue. |
|
Was working fine for me until around 6.30am GMT+1 this morning |
|
Same here, started to fail today. |
|
Hello guys. I'm facing the same problem. Everything was fine a couple of hours ago. |
|
Workaround/Possible Solution def on_request(self, request):
# type: (PipelineRequest) -> None
"""Adds a bearer token Authorization header to request and sends request to next policy.
:param request: The pipeline request object
:type request: ~azure.core.pipeline.PipelineRequest
"""
self._enforce_https(request)
if self._token is None or self._need_new_token:
scheme, self._token, _ = self._credential._token_retriever()
self._update_headers(request.http_request.headers, self._token) |
|
Hi, I have been using Azure Devops Pipelines with Microsoft Hosted Agents to connect to Azure ML. I am seeing this error "AttributeError: 'AdalAuthentication' object has no attribute 'get_token'" |
|
Can confirm @gison93 proposal seems to solve this issue. I don't fully understand what may have changed if there has been no version update, though. |
I suspect is due to the recent update of azure-mgmt-keyvault to version 7.0.0 some hours ago |
|
@gison93 can we use your proposal on microsoft hosted agents? |
|
Same here. It was working fine till yesterday. From today, I am facing the same issue. The codes work perfectly from my local computer but did not work from Azure hosted agents. |
|
On local, workaround from @gison93 work's perfectly, but I'm using Azure DataBricks as a compute target and cannot change the source code of libraries. I find a solution with downgrade lib |
|
Yes, I agree with @chengyu-liu-cs |
This solution did not work for me. |
They are probably changing more stuff at the moment. This did work but it is not working anymore. We will have to wait for a proper fix I guess. |
|
I did further investigation comparing package differences. Actually, both local and hosted agents have azureml-core==1.12.0.post1. So My guess azureml-core version might not be the direct reason. There were many packages that have different versions from my local versions. But I rolled back a couple of most possible ones and solved the issue (at least for now) |
|
A new version of Azure Mgmt Resource client library released 5 hours ago. Is that caused the issue? |
|
It's not because of AzureML. (downgrading to 1.12.0 causes the same issue.) Fixed with pinning the previous version: Or if you are using Databricks: |
ghost
removed
the
needs-triage
|
We are taking a look at this issue, and will provide update later |
|
You can temporarily fixed with pinning the previous version: |
|
it fixes the issue with the service principle by pinning mgmt-resource (azure-mgmt-resource==10.2.0) , but its breaking automl now: /databricks/python/lib/python3.7/site-packages/azureml/automl/core/package_utilities.py in _get_package_incompatibilities(packages, ignored_dependencies) ValidationException: ValidationException: |
|
+1. There were also issues with creating virtual networks with the azure-mgmt-network package, and this was solved with reverting to the previous version: |
|
Please uninstall the azure-mgmt-resource==15.0.0 and azureml-core==1.13.0. Then install azureml-core==1.13.0.post1. It should fix the issue. |
|
Hi guys, I wanted to provide an update here. The real cause of this behavior is the version upgrade for several Azure service SDKs (such as azure-mgmt-resources and azure-mgmt-network) Basically, we did a major upgrade for Python SDK management libraries for some services. In the new version of SDK, the authentication mechanism has been changed, we have mentioned those changes in the release notes, please refer to this changelog: The new version of SDK offers a number of important features but also introduces some breaking changes. You can either choose to upgrade to the new version or stay on the old version. To upgrade: There is migration guide here for updating to the new SDK. This describes the new authentication flow. Detailed info of benefits of the new SDK as well as documentation/code samples can be found here To stay on the old version Please keep using 10.2.0 |
|
Thank you @nickzhums! I will take a look at the new version |
|
Hi @nickzhums, I tried to use ClientSecretCredential instead of ServicePrincipalCredential with no luck. from azureml.core import Workspace
from azure.identity import ClientSecretCredential
tenant = "tenant"
client = "client"
key = "key"
credentials = ClientSecretCredential(
tenant_id=tenant,
service_principal_id=client,
service_principal_password=key)
workspace = Workspace.from_config("config.json", auth=credentials)I get the following error: Should I open a new issue? |
|
It seems like you are directly passing credentials to Workspace.from_config method, which I'm not sure if it will support. The standard practice is to use a service client. e.g. network_client = azure.mgmt.network.NetworkManagementClient(credential=credential, subscription_id=subscription_id) Yes, please open an issue and we can track it from there |
|
@nickzhums The link to the migration guide is broken. Is there another link? Also, does the updated authentication method still support |
|
@bendavis78 please check this one : https://docs.microsoft.com/en-us/azure/developer/python/azure-sdk-overview#migrating-from-older-management-libraries cc @00Kai0 and @jsntcy to help with |
|
Same issue here. We've upgraded to azure-mgmt-resource==15.0.0 because we need some of the new features - now all of our Azure ML code is broken. We've tried both CLI auth (but doesnt work due to Azure/azure-cli#15496), and service principle - where we hit this issue. |
|
@jamescross91 were you able to resolve this issue using the instructions above? |
|
@nickzhums it's unclear to me how the migration instructions relate to the Azure ML SDK |
|
Like mentioned above, once you upgrade to azure-mgmt-resource 15.0.0, the code breaks because we introduced a new authentication mechanism that integrates with Azure Identity. If your code breaks because of this, then you can relate to the guide above to see how if you can authenticate using the new library. |
|
Yup got that part - but the Azure ML SDK expects authentication to work like this: https://github.com/Azure/MachineLearningNotebooks/blob/master/how-to-use-azureml/manage-azureml-service/authentication-in-azureml/authentication-in-azureml.ipynb |
|
Close this as all track 2 migration issue is tracked in #16984. |
Release microsoft.sql 2021 02 01 preview (Azure#14339) * Adds base for updating Microsoft.Sql from version preview/2020-11-01-preview to version 2021-02-01-preview * Updates readme * Updates API version in new specs and examples * Fix Integer format: S360 swagger lint issues in 2021-02-01 (Azure#13855) * Update integer format * update typo * Swagger Documentation for Outbound Firewall Rules (Azure#13820) * Swagger Documentation for Outbound Firewall Rules * Add the new file to v5 Co-authored-by: Vineet Mahadik <Vineet.Mahadik@microsoft.com> * Swagger Documentation For Database Resource With Ledger (Azure#13916) * adding database swagger files * modifying example * Fixing to be boolean * adding database extensions and database operations * adding other database examples * removing database_legacy, adding usages * removing usages * removing databases_legacy from readme * Swagger Documentation For Ledger Digest Upload (Azure#13871) * adding ledger api * Fixes from validation * removing required endpoint parameter, adding ledgerName (current) to id * removing 201 response from resource, renaming ledgerName * adding location to 202 results * fixing 202 response location * renaming files * updating files with new controller name + correct entity name * fixing readme * Dev brandong getrestorabledropped (Azure#14129) * Update RestorableDroppedDatabases API to add BackupStorageAccountType property * Update readme.md * Re-add elasticPoolId as a deprecated property * Update elasticPoolId description and remove trailing comma causing failures * Remove the unsupported deprecated property * Add 2021-02-01-preview minor changes (Azure#13942) * add 2021-02-01-preview for test * update with 2021-04-19 latest * update readme.md * update with latest master in DSMainDev * Carry IsInfraEncryptionEnabled to Database.json (Azure#14322) * carry latest minor changes. * re-format readme.md * remove 2020 11 01 RestorableDroppedManagedDatabases in V5 * Update readme file in 2021 02 01 dev branch to match the master branch (Azure#14336) * Carry IsInfraEncryptionEnabled to Database.json (Azure#14322) * carry latest minor changes. * re-format readme.md * remove 2020 11 01 RestorableDroppedManagedDatabases in V5 * update to match master branch readme.md Co-authored-by: Vineet Mahadik <44247873+VMMicrosoft@users.noreply.github.com> Co-authored-by: Vineet Mahadik <Vineet.Mahadik@microsoft.com> Co-authored-by: rewongmicrosoft <57964114+rewongmicrosoft@users.noreply.github.com> Co-authored-by: brandong-ms <44618010+brandong-ms@users.noreply.github.com> Co-authored-by: Arthur Ning <57385816+akning-ms@users.noreply.github.com>
Describe the bug
Unable to authenticate to Azure ML Workspace using Service Principal.
I get the following error:
AttributeError: 'AdalAuthentication' object has no attribute 'get_token'.
To Reproduce
Steps to reproduce the behavior:
with config.json file containing information about the Workspace.
Expected behavior
To be able of attaching to the Workspace using Service Principal.
The text was updated successfully, but these errors were encountered: