I have a Docker volume from ${USERPROFILE}/.azure to /root/.azure:rw. In my Dockerfile, I’m installing az-cli and then using DefaultAzureCredentials class in .NET (https://learn.microsoft.com/en-us/dotnet/api/azure.identity.defaultazurecredential?view=azure-dotnet) to load the credentials.
It worked fine until a month ago, I had to az login on my machine and then it worked fine in Docker. However, about a month ago, when az-cli switched from ADAL to MSAL, it throws an exception saying I’m not logged in.
My guess is that az-cli stores the tokens somewhere else now, other than the .azure directory, or something else, I’m not sure. Anyone has any idea?
2
Answers
Earlier, Azure CLI save ADAL tokens and service principal entries to ~/.azure/accessToken.json
Later when Azure CLI use MSAL, it no longer generate accessTokens.json file.
Any existing workflow depending on accessTokens.json no longer works
So instead of DefaultAzureCredentials class, you can use AzureCliCredential class
AzureCliCredential class uses subprocess to call az account get-access-token to get an access token for the current logged-in account
Reference: MSAL-based Azure CLI | Microsoft Docs
For now you can use a pre-2.30 az-cli version both on your host system and inside your container. Instructions are here to install a specific version: https://learn.microsoft.com/en-us/cli/azure/install-azure-cli