[BUG] Possible breaking change in Azure.Identity 1.13.0 #46653
Closed
Description
Library name and version
Azure.Identity 1.13.0
Describe the bug
We're currently making connections to Azure storage from an AKS cluster that uses AKS workload identities (ie: each pod is assigned an Entra Workload Id that can be used to authenticate the Pod with azure services)
We are currently configuring the storage connection using
TokenCredential = new ManagedIdentityCredential()
(ie: we were not explicitly setting a client id)
Until Azure.Identity 1.13.0 the above has been working fine.
After upgrading to Azure.Identity 1.13.0, connections to Azure Storage are failing with an error
Status: 403 (This request is not authorized to perform this operation.)
Expected behavior
Connections to azure services are authenticated successfully
Actual behavior
Connections to azure services are failing with a 403 Unauthorized error
Reproduction Steps
var tokenCredential = new ManagedIdentityCredential()
var blobClient = new BlobContainerClient(serviceUri, tokenCredential)
blobClient.CreateIfNotExists();
Environment
Azure Kubernetes Service using Workload ID (https://learn.microsoft.com/en-nz/azure/aks/workload-identity-overview)
Metadata
Assignees
Labels
This issue points to a problem in the data-plane of the library.Issues that are reported by GitHub users external to the Azure organization.Workflow: This issue needs attention from Azure service team or SDK teamThe issue doesn't require a change to the product in order to be resolved. Most issues start as that
Type
Projects
Status
Done
Activity