python azure functions v2 msiauthentication

Question

I am trying to figure out what we could do in v1 by setting the MSI_ENDPOINT and MSI_SECRET via run.ps1 script. Function will access a number of other services using the service assigned identity. Is there a way to set this up so my local dev environment can also run the very same script?

from azure.keyvault import KeyVaultClient, KeyVaultAuthentication
from msrestazure.azure_active_directory import MSIAuthentication

credentials = MSIAuthentication()
key_vault_client = KeyVaultClient(credentials)

When i try to debug locally, function fails with the following error

Executed 'Functions.stat-based-monitor' (Failed, Id=5611b477-976a-47e0-bb87-db06571eb3b7) System.Private.CoreLib: Exception while executing function: Functions.stat-based-monitor. System.Private.CoreLib: Result: Failure Exception: ConnectionError: HTTPConnectionPool(host='...', port=80): Max retries exceeded with url: /metadata/identity/oauth2/token?resource=https%3A%2F%2Fmanagement.core.windows.net%2F&api-version=2018-02-01 (Caused by NewConnectionError(': Failed to establish a new connection: [WinError 10051] A socket operation was attempted to an unreachable network',))

Interestingly enough, if i run these lines on an azure vm instead of my local dev box, it does run as expected. Is Azure VM required for msiauth?

Answer 1

As of March 2019, managed identities are only supported on Azure resources like Azure VM and local dev boxes are not yet supported.

Answer 2

Run the Azure CLI az login and authenticate your workstation

1. Ensure you have Azure CLI 2.0.x installed
2. run az login in the Azure CLI
3. enter the code from your local environment into the web dialog

This should give your local environment the proper development context to access the values from the key vault endpoint.

More Details from Azure Docs