Moving Azure credentials to Docker
Question
I have a Docker volume from ${USERPROFILE}/.azure to /root/.azure:rw . In my Dockerfile , I'm installing az-cli and then using DefaultAzureCredentials class in .NET ( https://docs.microsoft.com/en-us/dotnet/api/azure.identity.defaultazurecredential?view=azure-dotnet ) to load the credentials.
It worked fine until a month ago, I had to az login on my machine and then it worked fine in Docker. However, about a month ago, when az-cli switched from ADAL to MSAL, it throws an exception saying I'm not logged in.
My guess is that az-cli stores the tokens somewhere else now, other than the .azure directory, or something else, I'm not sure. Anyone has any idea?
2 answers
solution1
0 2022-01-21 06:54:39
Earlier, Azure CLI save ADAL tokens and service principal entries to ~/.azure/accessToken.json
Later when Azure CLI use MSAL, it no longer generate accessTokens.json file.
Any existing workflow depending on accessTokens.json no longer works
So instead of DefaultAzureCredentials class, you can use AzureCliCredential class
AzureCliCredential class uses subprocess to call az account get-access-toke n to get an access token for the current logged-in account
Reference :MSAL-based Azure CLI | Microsoft Docs
solution2
0 2022-01-26 03:44:42
For now you can use a pre-2.30 az-cli version both on your host system and inside your container. Instructions are here to install a specific version: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.