@azure/identity : DefaultAzureCredentail Error: Unable to Execute Powershell

Question

@azure/identity : DefaultAzureCredentail Error: Unable to Execute Powershell

khowling opened this issue 6 months ago · comments

Package Name: @azure/identity@4.7.0
Package Version: 4.7.0
Operating system: Linux (Docker)
nodejs
- version:
browser
- name/version:
typescript
- version:
bun.sh
- version: 1.2.5
Is the bug related to documentation in
- README.md
- source code documentation
- SDK API docs on https://learn.microsoft.com

Describe the bug
Using const credential = new DefaultAzureCredential(); on my development machine works fine, but running the code from a ARC image, built using az acr build, deployed to ACA with Managed Identity enabled, I get a error in the ACA logs:

2025-03-17T21:06:08.32941  Connecting to the container 'bun-api'...
2025-03-17T21:06:08.40337  Successfully Connected to container: 'bun-api' [Revision: 'bun-api--8qc69hj-f875ddd69-8dtg4', Replica: 'bun-api--8qc69hj']
2025-03-17T21:06:04.4928806Z stderr F CredentialUnavailableError: Error: Unable to execute PowerShell. Ensure that it is installed in your system. To troubleshoot, visit https://aka.ms/azsdk/js/identity/powershellcredential/troubleshoot.
2025-03-17T21:06:04.4928827Z stderr F       at new CredentialUnavailableError (/usr/src/app/node_modules/@azure/identity/dist/esm/errors.js:20:9)
2025-03-17T21:06:04.4928944Z stderr F       at <anonymous> (/usr/src/app/node_modules/@azure/identity/dist/esm/credentials/azurePowerShellCredential.js:190:31)
2025-03-17T21:06:04.4928967Z stderr F , 15 |  * an error that should halt the chain, it's caught and the chain continues
2025-03-17T21:06:04.4928986Z stderr F 16 |  */
2025-03-17T21:06:04.4929005Z stderr F 17 | export class CredentialUnavailableError extends Error {
2025-03-17T21:06:04.4929024Z stderr F 18 |     constructor(message, options) {
2025-03-17T21:06:04.4929120Z stderr F 19 |         // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property
2025-03-17T21:06:04.4929155Z stderr F 20 |         super(message, options);
2025-03-17T21:06:04.4929176Z stderr F              ^
2025-03-17T21:06:04.4929196Z stderr F CredentialUnavailableError: Executable not found in $PATH: "azd"
2025-03-17T21:06:04.4929216Z stderr F       at new CredentialUnavailableError (/usr/src/app/node_modules/@azure/identity/dist/esm/errors.js:20:9)
2025-03-17T21:06:04.4929235Z stderr F       at <anonymous> (/usr/src/app/node_modules/@azure/identity/dist/esm/credentials/azureDeveloperCliCredential.js:164:23)
2025-03-17T21:06:04.4929254Z stderr F 
2025-03-17T21:06:04.4929274Z stderr F ],
2025-03-17T21:06:04.4929293Z stderr F 
2025-03-17T21:06:04.4929313Z stderr F       at new AggregateAuthenticationError (/usr/src/app/node_modules/@azure/identity/dist/esm/errors.js:90:9)
2025-03-17T21:06:04.4929333Z stderr F       at <anonymous> (/usr/src/app/node_modules/@azure/identity/dist/esm/credentials/chainedTokenCredential.js:80:29)
2025-03-17T21:06:04.4929352Z stderr F 
2025-03-17T21:06:04.4929372Z stderr F Bun v1.2.5 (Linux x64 baseline)

To Reproduce
Steps to reproduce the behavior:

Create a bun.sh app, with the lines

const credential = new DefaultAzureCredential();
var accessToken = await credential.getToken("https://ossrdbms-aad.database.windows.net/.default")

Create Docker image using FROM oven/bun:1 AS base (As documented here https://bun.sh/guides/ecosystem/docker) , deploy to ACA wth User Assigned Managed Identity.

Expected behavior
I expected the code to behave the same as on my local developer machine, only to pickup the managed identity.

github-actions · Answer 1 · Tue Mar 18 2025 05:20:13 GMT+0800 (China Standard Time)

@KarishmaGhiya @maorleger

github-actions · Answer 2 · Tue Mar 18 2025 05:20:14 GMT+0800 (China Standard Time)

Thank you for your feedback. Tagging and routing to the team member best able to assist.