Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE REQ] Add support for AZURE_CLIENT_ID environment variable to ManagedIdentityCredential #8436

Closed
jongio opened this issue Apr 20, 2020 · 7 comments
Closed

[FEATURE REQ] Add support for AZURE_CLIENT_ID environment variable to ManagedIdentityCredential #8436

jongio opened this issue Apr 20, 2020 · 7 comments
Assignees
@sadasant
Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library.
Milestone
[2021] October

Comments

@jongio
Copy link
Member

jongio commented Apr 20, 2020
edited
Loading

Library or service name.
Azure Identity

Is your feature request related to a problem? Please describe.
Developers need to be able to specify which AZURE_CLIENT_ID Managed Identity Credential with an environment variable.

#5696
#6769
@ghost ghost added the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Apr 20, 2020
@triage-new-issues triage-new-issues bot added triage and removed triage labels Apr 20, 2020
@ghost ghost removed the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Apr 20, 2020
@ramya-rao-a ramya-rao-a added Azure.Identity Client This issue points to a problem in the data-plane of the library. labels Apr 21, 2020
@ramya-rao-a ramya-rao-a modified the milestone: Backlog Apr 21, 2020
@sophiajt
Copy link
Contributor

Just to confirm the design here:

https://github.com/Azure/azure-sdk-for-js/blob/master/sdk/identity/identity/src/credentials/managedIdentityCredential.ts#L44-L50

This will allow the user to call the second constructor shape, and then inside the constructor we'll check for the environment variable. If it exists, we'll act as if they called the first constructor with it?

@jongio
Copy link
Member Author

jongio commented May 2, 2020

Please follow up with @schaabs before implementing.

@schaabs
Copy link
Member

schaabs commented May 11, 2020

@jonathandturner I don't think this is the design we want. The user already has the ability to specify no clientId to the constructor, in which case we consider the credential to not be a user assigned identity, but rather a system assigned identity, and I think we need to maintain this behavior.

In .NET what we have done is to read the environment variable only when constructing this credential from the DefaultAzureCredential. It isolates the behavioral change of this environment variable to only the DefaultAzureCredential authentication flow.

@AdamMachera
Copy link

Can't you guys consider checking AZURE_CLIENT_MANAGED_ID if clientId was not passed to constructor. Some of customers want to use USER assigned identities and If internally ManagedIdentityClient cannot read clientId,
it is required to do something like this
let tokenCredential: identity.TokenCredential;
const clientId = process.env['AZURE_CLIENT_ID'];
if (WEBSITE_INSTANCE_ID) {
tokenCredential = new identity.ChainedTokenCredential(new identity.ManagedIdentityCredential(clientId), new identity.EnvironmentCredential());
} else {
tokenCredential = new identity.DefaultAzureCredential();
}

instead of:
const tokenCredential = new identity.DefaultAzureCredential();

@ramya-rao-a
Copy link
Contributor

@jongio, @sadasant, @schaabs,

We had started reading the AZURE_CLIENT_ID env variable to pick up the clientId for ManagedIdentityCredential when one uses the DefaultAzureCredential almost a year ago. It was added in #7994

Is this issue about the need for ManagedIdentityCredential to do the same itself when used directly?

@ramya-rao-a ramya-rao-a assigned sadasant and unassigned sophiajt May 20, 2021
@sadasant sadasant added this to the [2021] September milestone Aug 26, 2021
@sadasant
Copy link
Contributor

The latest design approach is to have the Managed Identity Credential read in client-id from environment variable “AZURE_MANAGED_IDENTITY_CLIENT_ID”

Thanks to @g2vinay for the help 🤝

@sadasant sadasant mentioned this issue Aug 27, 2021
Closed
@g2vinay g2vinay mentioned this issue Aug 30, 2021
Closed
7 tasks
@sadasant
Copy link
Contributor

Based on our emails, we’ve decided not to include this change. I’m closing this issue.

@github-actions github-actions bot locked and limited conversation to collaborators Apr 12, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@sadasant sadasant

Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library.
Projects
None yet
Milestone
[2021] October
Development

Successfully merging a pull request may close this issue.

[Identity] Added suport for AZURE_MANAGED_IDENTITY_CLIENT_ID sadasant/azure-sdk-for-js
6 participants
@sadasant @sophiajt @jongio @AdamMachera @schaabs @ramya-rao-a