CODEWITHSUNDEEP
pythonpysparkazure-synapseazure-managed-identityazure-identity
arpan desai
arpan desai

Reputation: 909

ManagedIdentityCredential authentication unavailable, no managed identity found - Azure Synapse PySpark

We are trying to generate token for custom rest api endpoint. We are using Azure Synapse Notebook in PySpark.

from azure.identity import DefaultAzureCredential,ManagedIdentityCredential
import requests

credential = ManagedIdentityCredential(client_id='xxxxxx-xxxx-xxxx-xxxx-xxxxx')

This code execute successfully without error. I know alternatively we can use ClientSecret authentication but because of complaince reason we have to use ManagedIdentityCredential only.

But using credential object if we try to get_token it throws error

token = credential.get_token("api://xxxxxx-xxxx-xxxx-xxxx-xxxxx/.default")

ManagedIdentityCredential.get_token failed: ManagedIdentityCredential authentication unavailable, no managed identity endpoint found. --------------------------------------------------------------------------- CredentialUnavailableError Traceback (most recent call last) Cell In [9], line 1 ----> 1 token = credential.get_token("api://xxxxxx-xxxx-xxxx-xxxx-xxxxx/.default")

File ~/cluster-env/clonedenv/lib/python3.10/site-packages/azure/identity/_internal/decorators.py:27, in log_get_token..decorator..wrapper(*args, **kwargs) 24 @functools.wraps(fn) 25 def wrapper(*args, **kwargs): 26 try: ---> 27 token = fn(*args, **kwargs) 28 _LOGGER.info("%s succeeded", qualified_name) 29 return token

File ~/cluster-env/clonedenv/lib/python3.10/site-packages/azure/identity/_credentials/managed_identity.py:93, in ManagedIdentityCredential.get_token(self, *scopes, **kwargs) 91 if not self._credential: 92 raise CredentialUnavailableError(message="No managed identity endpoint found.") ---> 93 return self._credential.get_token(*scopes, **kwargs)

File ~/cluster-env/clonedenv/lib/python3.10/site-packages/azure/identity/_credentials/managed_identity.py:190, in ImdsCredential.get_token(self, *scopes, **kwargs) 188 if not self._endpoint_available: 189 message = "ManagedIdentityCredential authentication unavailable, no managed identity endpoint found." --> 190 raise CredentialUnavailableError(message=message) 192 if len(scopes) != 1: 193 raise ValueError("This credential requires exactly one scope per token request.")

CredentialUnavailableError: ManagedIdentityCredential authentication unavailable, no managed identity endpoint found.

Upvotes: 1

Views: 1250

Answers (1)

JayashankarGS
JayashankarGS

Reputation: 8055

You need to run the start session on pool enabling managed identity. Follow below steps to enable.

Click on configure session

enter image description here

then enable Run as managed identity and apply it.

enter image description here

EDIT

According to this documentation

Synapse notebooks and Spark job definitions only support the use of system-assigned managed identity through linked services and the mssparkutils APIs.

also

User-assigned Managed Identity is not currently supported in Synapse notebooks and Spark job definitions.

So, whatever the token you need can be retrieved using mssparkutils.credentials.getToken("Storage")

Upvotes: 0

Related Questions