From b889225e3d9206129aff624053b06e10d4486bd9 Mon Sep 17 00:00:00 2001 From: Eu Jing Chua Date: Fri, 19 Jul 2024 15:52:17 -0700 Subject: [PATCH] Update azure credentials to be more flexible (#787) These changes are mainly to add flexibility to the auth service in supporting azure authenticating via: - A personal identity via az CLI for the local dev environment. This will still run into expiring issues, but is probably fine for local dev. - A personal or managed identity in an azure hosted environment. The flexibility to use the managed identity allows us to avoid the expiring issue without needing a separate SP, key-vault and cert setup, aligning with new security recommendations. --------- Co-authored-by: Eu Jing Chua Co-authored-by: Sergiy Matusevych --- mlos_bench/mlos_bench/services/remote/azure/azure_auth.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mlos_bench/mlos_bench/services/remote/azure/azure_auth.py b/mlos_bench/mlos_bench/services/remote/azure/azure_auth.py index 619e8eed90..e674a94325 100644 --- a/mlos_bench/mlos_bench/services/remote/azure/azure_auth.py +++ b/mlos_bench/mlos_bench/services/remote/azure/azure_auth.py @@ -66,9 +66,9 @@ def __init__( self._access_token = "RENEW *NOW*" self._token_expiration_ts = datetime.now(UTC) # Typically, some future timestamp. - # Login as ourselves - self._cred: Union[azure_id.AzureCliCredential, azure_id.CertificateCredential] - self._cred = azure_id.AzureCliCredential() + # Login as the first identity available, usually ourselves or a managed identity + self._cred: Union[azure_id.DefaultAzureCredential, azure_id.CertificateCredential] + self._cred = azure_id.DefaultAzureCredential() # Verify info required for SP auth early if "spClientId" in self.config: