Authenticate with Managed Service Identity(MSI) does not run as written
GeekTrainer opened this issue · comments
Attempted copy and paste of MSI sample, and receive the following error message:
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPConnectionPool(host='ip address', port=80): Max retries exceeded with url: /metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fmanagement.core.windows.net%2F (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f18a6d81f90>: Failed to establish a new connection: [Errno 101] Network is unreachable',))
@sptramer -- can you investigate?
In order to sign in with an MSI, your Azure resource needs to be configured to use it. See How to configure MSI and How to sign in with MSI.
Investigating some other potential issues with this sample but configuring the resource for MSI resolved the HTTP connection problem.
@GeekTrainer It looks like this issue is because your VM resource might not be configured for MSI, and that MSI may not have an assigned role or scope. The best way to handle this is to use the CLI to create the MSI and assign scope at once:
az vm identity assign \
-g DefaultRG \
-n TestVM \
--role Contributor \
--scope /subscriptions/your-sub-here/resourceGroups/your-rg-here