Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cloud Shell ManagedIdentitySource should throw if a user-assigned managed identity clientID or resourceID is supplied #5783

Closed
christothes opened this issue Jul 11, 2024 · 2 comments · Fixed by #5837
Closed

Cloud Shell ManagedIdentitySource should throw if a user-assigned managed identity clientID or resourceID is supplied #5783

christothes opened this issue Jul 11, 2024 · 2 comments · Fixed by #5837
Assignees
@ahsonkhan
Labels
Azure.Identity
Milestone
2024-09

Comments

@christothes
Copy link
Member

If the Cloud Shell ManagedIdentitySource is detected via MSAL and a user-assigned managed identity clientID or resourceID is supplied, the ManagedIdentityCredential should throw.

The rationale for taking this minor breaking change is that CloudShell does not support specifying a clientID or ResourceID and the current behavior of silently falling back to attempting to use a system-assigned identity could be unexpected.
@ahsonkhan ahsonkhan self-assigned this Jul 22, 2024
@ahsonkhan ahsonkhan added this to the 2024-08 milestone Jul 22, 2024
@ahsonkhan
Copy link
Member

I suspect this is the wrong behavior (putting the client_id value into the request body):

azure-sdk-for-cpp/sdk/identity/azure-identity/src/managed_identity_source.cpp

Lines 268 to 271 in 4dd4b18

if (!clientId.empty())
{
m_body = std::string("client_id=" + Url::Encode(clientId));
}

@ahsonkhan ahsonkhan mentioned this issue Jul 23, 2024
Merged
@ahsonkhan
Copy link
Member

Issues from other languages (for reference):
Azure/azure-sdk-for-go#23179
Azure/azure-sdk-for-java#41119
Azure/azure-sdk-for-python#36438
Azure/azure-sdk-for-js#30380

@ahsonkhan ahsonkhan modified the milestones: 2024-08, 2024-09 Aug 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ahsonkhan ahsonkhan

Labels
Azure.Identity
Projects
Azure Identity SDK Improvements
Status: Done
Milestone
2024-09
2 participants
@christothes @ahsonkhan