Azure Blob Backend Azure Arc Managed Identity Support HIMDS

Currently the azureblob backend only supports
msiEndpointDefault = "http://169.254.169.254/metadata/identity/oauth2/token" and
imdsAPIVersion = "2018-02-01"

Azure Arc provides the functionality to use IMDS on machines not in the azure cloud but connected to it. The endpoint used on these servers is 127.0.0.1:40342/metadata/identity/oauth2/token and version "2019-11-01"

Is it possible to expose these variables for configuration.

Here is an additional reference for himds
https://docs.microsoft.com/en-us/azure/azure-arc/servers/managed-identity-authentication

This currently isn't configurable.

Does it not work with the old API version? Did you try it? What does it do?

As a first step I'd change this in the source code and see if it works

Then we can have a think about how to make it configurable.

@ncw, thank you for looking at this request so quickly. I have tested changing the endpoint/API version in the source code and then realized that although the mechanisms appear similar the himds endpoint returns a path to a local file instead of the actual token. I will attempt to test using the oauthTokenManager code from azcopy as a reference azure-storage-azcopy/oauthTokenManager.go at main · Azure/azure-storage-azcopy · GitHub

I see you made an issue about this. Will move the discussion there :slight_smile:

1 Like