Skip to content

[Identity] Skip IMDS probe when MI selected in DAC via env #43080

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Oct 4, 2025
Merged

[Identity] Skip IMDS probe when MI selected in DAC via env #43080

merged 6 commits into from
Oct 4, 2025

Conversation

@pvaneck
Copy link
Member

@pvaneck pvaneck commented Sep 20, 2025
edited
Loading

When the environment variable AZURE_TOKEN_CREDENTIALS is explicitly set to ManagedIdentityCredential, DefaultAzureCredential should not do IMDS probing.

Closes: #43046

@pvaneck pvaneck force-pushed the identity-mi-dac-retry branch from 4234377 to 5135a08 Compare September 20, 2025 01:40
@pvaneck
[Identity] Skip IMDS probe when MI selected in DAC via env
107d41d 
When the environment variable AZURE_TOKEN_CREDENTIALS is explicitly set to
ManagedIdentityCredential, DefaultAzureCredential should not do IMDA
probing.

Signed-off-by: Paul Van Eck <paulvaneck@microsoft.com>
@pvaneck pvaneck force-pushed the identity-mi-dac-retry branch from 5135a08 to 107d41d Compare September 22, 2025 20:59
@pvaneck pvaneck marked this pull request as ready for review September 23, 2025 00:06
@pvaneck pvaneck requested review from a team and xiangyan99 as code owners September 23, 2025 00:06
Copilot AI reviewed Sep 23, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements a performance optimization for DefaultAzureCredential when the AZURE_TOKEN_CREDENTIALS environment variable is explicitly set to "managedidentitycredential". The change eliminates the IMDS endpoint probe that occurs when using ManagedIdentityCredential within the credential chain, allowing it to skip directly to token acquisition with full retry logic.

  • Adds _skip_probe_in_chain parameter to ManagedIdentityCredential and ImdsCredential classes
  • Modifies DefaultAzureCredential to detect when only ManagedIdentityCredential is enabled and skip the probe
  • Updates the IMDS endpoint probing logic to respect the skip flag

Reviewed Changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated no comments.

Show a summary per file
File Description
azure/identity/_credentials/default.py Sets _skip_probe_in_chain=True when only managed identity is enabled in DefaultAzureCredential
azure/identity/aio/_credentials/default.py Async version of the same DefaultAzureCredential changes
azure/identity/_credentials/managed_identity.py Adds _skip_probe_in_chain parameter and passes it to ImdsCredential
azure/identity/aio/_credentials/managed_identity.py Async version of the same ManagedIdentityCredential changes
azure/identity/_credentials/imds.py Modifies probe logic to skip when _skip_probe_in_chain is True
azure/identity/aio/_credentials/imds.py Async version of the same ImdsCredential probe changes
tests/test_default.py Updates test expectations to include new _skip_probe_in_chain parameter
tests/test_default_async.py Async version of the same test updates
tests/test_token_credentials_env.py Adds test verifying probe is skipped when environment variable is set
tests/test_token_credentials_env_async.py Async version of the new test
CHANGELOG.md Documents the behavior change

@pvaneck
Update kwarg name used
a000d72 
Signed-off-by: Paul Van Eck <paulvaneck@microsoft.com>
@pvaneck
fix logic
48a2169 
Signed-off-by: Paul Van Eck <paulvaneck@microsoft.com>
@pvaneck pvaneck requested a review from xiangyan99 October 1, 2025 23:31
@pvaneck
Change to check envvar specifically
61cfb09 
Signed-off-by: Paul Van Eck <paulvaneck@microsoft.com>
@pvaneck pvaneck requested a review from xiangyan99 October 2, 2025 23:05
pvaneck added 2 commits October 3, 2025 18:56
@pvaneck
Add comments
2baa643 
Signed-off-by: Paul Van Eck <paulvaneck@microsoft.com>
@pvaneck
Merge branch 'main' into identity-mi-dac-retry
b70d2f1
@pvaneck pvaneck requested a review from xiangyan99 October 3, 2025 23:27
@pvaneck pvaneck merged commit 07395dd into Azure:main Oct 4, 2025
21 checks passed
@github-project-automation github-project-automation bot moved this from Untriaged to Done in Azure Identity SDK Improvements Oct 4, 2025
@pvaneck pvaneck deleted the identity-mi-dac-retry branch October 4, 2025 00:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@xiangyan99 xiangyan99 xiangyan99 approved these changes

@maorleger maorleger Awaiting requested review from maorleger maorleger is a code owner automatically assigned from Azure/azure-sdk-write-identity

@christothes christothes Awaiting requested review from christothes christothes is a code owner automatically assigned from Azure/azure-sdk-write-identity

@joshfree joshfree Awaiting requested review from joshfree joshfree is a code owner automatically assigned from Azure/azure-sdk-write-identity

@g2vinay g2vinay Awaiting requested review from g2vinay g2vinay is a code owner automatically assigned from Azure/azure-sdk-write-identity

@KarishmaGhiya KarishmaGhiya Awaiting requested review from KarishmaGhiya KarishmaGhiya is a code owner automatically assigned from Azure/azure-sdk-write-identity

@anannya03 anannya03 Awaiting requested review from anannya03 anannya03 is a code owner automatically assigned from Azure/azure-sdk-write-identity

Assignees

No one assigned

Labels

Azure.Identity

Projects

Azure Identity SDK Improvements
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

DAC: Disable probe and enable retries when ManagedIdentityCredential is selected via env var

2 participants

@pvaneck @xiangyan99