Skip to content

Error: Managed Identity: DefaultAzureCredential authentication failed #248

New issue
New issue
Open
Open
Error: Managed Identity: DefaultAzureCredential authentication failed#248
@dlaatheijmans

Description

@dlaatheijmans
dlaatheijmans
opened on Nov 21, 2024

Hello,

I'm encountering an issue when trying to use a Managed Identity with a Federated Credential in GitHub Actions to run azure/[email protected]. The Managed Identity has been configured with a Federated Credential for GitHub (environment).

I added my Managed Identity to the database as db_owner, with the following query:

DROP USER IF EXISTS [ManagedIdentity-Dev];
CREATE USER [ManagedIdentity-Dev] FROM EXTERNAL PROVIDER WITH DEFAULT_SCHEMA=[dbo];
ALTER ROLE db_owner ADD MEMBER [ManagedIdentity-Dev];

Here is my GitHub Actions workflow (.yml file):

    create-sql-users:
      runs-on:
        group: github-runner-Dev
      environment: ${{ inputs.environment }}
      steps:
        - uses: actions/checkout@main
        - uses: azure/login@v2
          with:
            client-id: ${{ vars.AZURE_CLIENT_ID }} # The Managed Identity with Federated Credential
            tenant-id: ${{ vars.AZURE_TENANT_ID }}
            subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
        - uses: azure/[email protected]
          with:
            connection-string: ${{ secrets.AZURE_SQL_CONNECTION_STRING }}
            path: './.github/sql/users.sql'
            skip-firewall-check: true

Issue:

When the workflow runs, I receive the following error message:

sqlcmd -S mydatabase-dev.database.windows.net,1433 -d mydatabase-dev --authentication-method=ActiveDirectoryDefault -i ./.github/sql/users.sql
DefaultAzureCredential authentication failed
GET http://localhost:42356/msi/token
--------------------------------------------------------------------------------
RESPONSE 400 Bad Request
--------------------------------------------------------------------------------
{
  "statusCode": 400,
  "message": "No User Assigned or Delegated Managed Identity found for specified ClientId/ResourceId/PrincipalId.",
  "correlationId": "86d82795-065e-4a71-a11c-12a10e7879d0"
}

Am I missing something?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions