I want to do various VM operations like starting a VM, deallocating it without manual login step using Azure python SDK. To do that, I have to use an user-assigned managed identity. So I created an Ubuntu VM, a user assigned managed identity.
The user assigned managed identity is assigned a role as 'Virtual-Machine Contributor' and is linked to the VM as per the portal. I am assuming that it should still authenticate and access the VM even if I am not logged in on running the the below mentioned code. To check that I logged out of the cli using az logout command and that's when the following error appeared. Even on logging in the error remains.
Tried using DefaultAzureCredentials but found no luck when I am logged out.
The error
ImdsCredential.get_token failed: ManagedIdentityCredential authentication unavailable. The requested identity has not been assigned to this resource.ManagedIdentityCredential.get_token failed: ManagedIdentityCredential authentication unavailable. The requested identity has not been assigned to this resource. Traceback (most recent call last): File "/home/sehajvm/.local/lib/python3.10/site-packages/azure/identity/_credentials/imds.py", line 91, in _request_token token = self._client.request_token(*scopes, headers={"Metadata": "true"}) File "/home/sehajvm/.local/lib/python3.10/site-packages/azure/identity/_internal/managed_identity_client.py", line 120, in request_token token = self._process_response(response, request_time) File "/home/sehajvm/.local/lib/python3.10/site-packages/azure/identity/_internal/managed_identity_client.py", line 61, in _process_response raise ClientAuthenticationError( azure.core.exceptions.ClientAuthenticationError: Unexpected response "{'error': 'invalid_request', 'error_description': 'Identity not found'}" Content: {"error":"invalid_request","error_description":"Identity not found"}
The main error that concerns me is
ManagedIdentityCredential.get_token failed: ManagedIdentityCredential authentication unavailable. The requested identity has not been assigned to this resource.
The code for doing the operations:
import os
from azure.mgmt.compute import ComputeManagementClient
from azure.identity import ManagedIdentityCredential
# Set subscription and resource group variables
subscription_id = ''
resource_group = ''
client_id = ''
# Set virtual machine name and new power state
vm_name = 'additionalvm'
new_power_state = 'begin_deallocate'
# Authenticate with Azure using a managed identity
credentials = ManagedIdentityCredential(client_id=client_id)
# Create a ComputeManagementClient object
compute_client = ComputeManagementClient(credentials, subscription_id)
# Get the virtual machine
vm = compute_client.virtual_machines.get(resource_group, vm_name)
# Stop or start the virtual machine
if new_power_state == 'begin_deallocate':
async_vm_stop = compute_client.virtual_machines.begin_deallocate(resource_group, vm_name)
async_vm_stop.wait()
print(f"Virtual machine {vm_name} has been stopped.")
elif new_power_state == 'begin_start':
async_vm_start = compute_client.virtual_machines.begin_start(resource_group, vm_name)
async_vm_start.wait()
print(f"Virtual machine {vm_name} has been started.")
else:
print(f"Invalid power state: {new_power_state}")
