From 679c0dc6ee03d88c128da83bd6d9222cbe688e51 Mon Sep 17 00:00:00 2001 From: Gautam Sheth Date: Mon, 30 Jan 2023 12:35:28 +0200 Subject: [PATCH 1/2] Feature: additional fallback for Managed identity in Azure VM scenario --- CHANGELOG.md | 1 + src/Commands/Base/TokenHandling.cs | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 857251e14..79e87c7ca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -33,6 +33,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/). - Added `-Bcc` option to `Send-PnPMail` [#2726](https://github.com/pnp/powershell/pull/2726) - Added `-PrimarySiteCollectionAdmin` to `Add-PnPSiteCollectionAdmin` to allow for the primary site collection admin to be set on the current site [#2750](https://github.com/pnp/powershell/pull/2750) - Added `-PrimarySiteCollectionAdmin` to `Set-PnPTenantSite` to allow for the primary site collection admin to be set on a provided site [#2750](https://github.com/pnp/powershell/pull/2750) +- Added additional fallback logic for retrieving tokens in Azure VM scenario using well-know endpoint when using Managed Identity authentication. ### Changed diff --git a/src/Commands/Base/TokenHandling.cs b/src/Commands/Base/TokenHandling.cs index 4eacc40d7..6e306828d 100644 --- a/src/Commands/Base/TokenHandling.cs +++ b/src/Commands/Base/TokenHandling.cs @@ -130,6 +130,13 @@ internal static async Task GetManagedIdentityTokenAsync(Cmdlet cmdlet, H endPoint = Environment.GetEnvironmentVariable("MSI_ENDPOINT"); identityHeader = Environment.GetEnvironmentVariable("MSI_SECRET"); } + if (string.IsNullOrEmpty(endPoint)) + { + // additional fallback + // using well-known endpoint for Instance Metadata Service, useful in Azure VM scenario. + // https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token#get-a-token-using-http + endPoint = "http://169.254.169.254/metadata/identity/oauth2/token"; + } if (!string.IsNullOrEmpty(endPoint)) { var tokenRequestUrl = $"{endPoint}?resource={requiredScope}&api-version=2019-08-01"; From ad0039aa290edccce080a123fe583c210d37f408 Mon Sep 17 00:00:00 2001 From: Koen Zomers Date: Mon, 30 Jan 2023 14:30:23 +0100 Subject: [PATCH 2/2] Adding PR reference --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 79e87c7ca..aa24d4064 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -33,7 +33,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/). - Added `-Bcc` option to `Send-PnPMail` [#2726](https://github.com/pnp/powershell/pull/2726) - Added `-PrimarySiteCollectionAdmin` to `Add-PnPSiteCollectionAdmin` to allow for the primary site collection admin to be set on the current site [#2750](https://github.com/pnp/powershell/pull/2750) - Added `-PrimarySiteCollectionAdmin` to `Set-PnPTenantSite` to allow for the primary site collection admin to be set on a provided site [#2750](https://github.com/pnp/powershell/pull/2750) -- Added additional fallback logic for retrieving tokens in Azure VM scenario using well-know endpoint when using Managed Identity authentication. +- Added additional fallback logic for retrieving tokens in Azure VM scenario using well-know endpoint when using Managed Identity authentication. [#2761](https://github.com/pnp/powershell/pull/2761) ### Changed