Update azure credentials to be more flexible (#787)

These changes are mainly to add flexibility to the auth service in supporting azure authenticating via: - A personal identity via az CLI for the local dev environment. This will still run into expiring issues, but is probably fine for local dev. - A personal or managed identity in an azure hosted environment. The flexibility to use the managed identity allows us to avoid the expiring issue without needing a separate SP, key-vault and cert setup, aligning with new security recommendations. --------- Co-authored-by: Eu Jing Chua <eujingchua@microsoft.com> Co-authored-by: Sergiy Matusevych <sergiym@microsoft.com>
microsoft · Jul 19, 2024 · b889225 · b889225
1 parent 758fbdf
commit b889225
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/mlos_bench/mlos_bench/services/remote/azure/azure_auth.py b/mlos_bench/mlos_bench/services/remote/azure/azure_auth.py
@@ -66,9 +66,9 @@ def __init__(
         self._access_token = "RENEW *NOW*"
         self._token_expiration_ts = datetime.now(UTC)  # Typically, some future timestamp.
 
-        # Login as ourselves
-        self._cred: Union[azure_id.AzureCliCredential, azure_id.CertificateCredential]
-        self._cred = azure_id.AzureCliCredential()
+        # Login as the first identity available, usually ourselves or a managed identity
+        self._cred: Union[azure_id.DefaultAzureCredential, azure_id.CertificateCredential]
+        self._cred = azure_id.DefaultAzureCredential()
 
         # Verify info required for SP auth early
         if "spClientId" in self.config: