Skip to content

Error: Managed Identity: DefaultAzureCredential authentication failed #248

Open
Open
Error: Managed Identity: DefaultAzureCredential authentication failed#248
@dlaatheijmans

Description

@dlaatheijmans
dlaatheijmans
opened on Nov 21, 2024

Hello,

I'm encountering an issue when trying to use a Managed Identity with a Federated Credential in GitHub Actions to run azure/sql-action@v2.3. The Managed Identity has been configured with a Federated Credential for GitHub (environment).

I added my Managed Identity to the database as db_owner, with the following query:

DROP USER IF EXISTS [ManagedIdentity-Dev];
CREATE USER [ManagedIdentity-Dev] FROM EXTERNAL PROVIDER WITH DEFAULT_SCHEMA=[dbo];
ALTER ROLE db_owner ADD MEMBER [ManagedIdentity-Dev];

Here is my GitHub Actions workflow (.yml file):

    create-sql-users:
      runs-on:
        group: github-runner-Dev
      environment: ${{ inputs.environment }}
      steps:
        - uses: actions/checkout@main
        - uses: azure/login@v2
          with:
            client-id: ${{ vars.AZURE_CLIENT_ID }} # The Managed Identity with Federated Credential
            tenant-id: ${{ vars.AZURE_TENANT_ID }}
            subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
        - uses: azure/sql-action@v2.3
          with:
            connection-string: ${{ secrets.AZURE_SQL_CONNECTION_STRING }}
            path: './.github/sql/users.sql'
            skip-firewall-check: true

Issue:

When the workflow runs, I receive the following error message:

sqlcmd -S mydatabase-dev.database.windows.net,1433 -d mydatabase-dev --authentication-method=ActiveDirectoryDefault -i ./.github/sql/users.sql
DefaultAzureCredential authentication failed
GET http://localhost:42356/msi/token
--------------------------------------------------------------------------------
RESPONSE 400 Bad Request
--------------------------------------------------------------------------------
{
  "statusCode": 400,
  "message": "No User Assigned or Delegated Managed Identity found for specified ClientId/ResourceId/PrincipalId.",
  "correlationId": "86d82795-065e-4a71-a11c-12a10e7879d0"
}

Am I missing something?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions