DefaultAzureCredential supports public cloud only #8148
Labels
Azure.Identity
blocking-release
Blocks release
Client
This issue points to a problem in the data-plane of the library.
The default credential is currently a chain of
EnvironmentCredential
,ManagedIdentityCredential
, and (on Windows)SharedTokenCacheCredential
.These credentials unevenly support multiple clouds:
EnvironmentCredential
accepts anauthority
kwarg but this is undocumented because the credential is intended to be configured entirely by environment variables. Selecting cloud via environment variable requires a cross-language design and implementation in azure-core (Azure.Core & Azure.Identity needs to be updated to support env vars #8094).ManagedIdentityCredential
(and any fix must consider that)SharedTokenCredential
accepts anauthority
kwarg (for identity, this is what changes between clouds)I think the best solution has two parts:
DefaultAzureCredential
accepts anauthority
kwarg, and passes it only to credentials expecting it. We can pass it toEnvironmentCredential
as a workaround pending azure-core changes.The text was updated successfully, but these errors were encountered: