[BUG] API consistency issue, ManagedIdentityCredential() does not read default values from environment variables, like other Credentials. #44588
Assignees
Labels
Azure.Identity
Client
This issue points to a problem in the data-plane of the library.
customer-reported
Issues that are reported by GitHub users external to the Azure organization.
needs-team-attention
Workflow: This issue needs attention from Azure service team or SDK team
question
The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Comments
github-actions
bot
added
Azure.Identity
Client
|
Thank you for your feedback. Tagging and routing to the team member best able to assist. |
github-project-automation
bot
moved this to Untriaged
in Azure Identity SDK Improvements
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Library name and version
Azure.Identity 1.*
Describe the bug
The majority of the CredentialOptions classes obtain default values from Environment Variables, example client_id which allows applications to run on multiple platforms with runtime configuration injected via env vars (i.e. AZURE_CLIENT_ID, AZURE_TENANT_ID) without application code.
However, ManagedIdentityCredential doesn't follow this pattern.
For context, my org is the process of transitioning thousands of applications running across multiple hosting platforms to AKS. At the same time, we're moving from ManagedIdentity to WorkloadIdentity. All of our apps obtain credentials using DefaultAzureCredential(), as it allows env vars to control the runtime behavior without additional application code. Some hosting platforms assign multiple MSI's to compute nodes, requiring applications declare the client-id to use, others do not. Controlling this behavior via env vars avoids conditional application code.
Christopher recommended we not use DefaultAzureCredential() in production and replace it with `new ChainedTokenCredential(new ManagedIdentityCredential(), new WorkloadIdentityCredential()), however ManagedIdentityCredentialOptions doesn't obtain default values from env vars.
Expected behavior
ManagedIdentityCredential() parameterless ctor/ManagedIdentityCredentialOptions applies default values read from env vars, like other ...CredentialOptions classes. Example for client_id.
Actual behavior
ManagedIdentityCredential() parameter-less ctor applies null defaults, which is inconsistent with other credential options which apply default values from reading env vars.
Reproduction Steps
Define env var AZURE_CLIENT_ID=123
var cred = new ManagedIdentityCredential();
cred.ClientId is "123"
Environment
No response
The text was updated successfully, but these errors were encountered: