I am trying to figure out what we could do in v1 by setting the MSI_ENDPOINT and MSI_SECRET via run.ps1 script. Function will access a number of other services using the service assigned identity. Is there a way to set this up so my local dev environment can also run the very same script?
from azure.keyvault import KeyVaultClient, KeyVaultAuthentication
from msrestazure.azure_active_directory import MSIAuthentication
credentials = MSIAuthentication()
key_vault_client = KeyVaultClient(credentials)
When i try to debug locally, function fails with the following error
Executed 'Functions.stat-based-monitor' (Failed, Id=5611b477-976a-47e0-bb87-db06571eb3b7) System.Private.CoreLib: Exception while executing function: Functions.stat-based-monitor. System.Private.CoreLib: Result: Failure Exception: ConnectionError: HTTPConnectionPool(host='...', port=80): Max retries exceeded with url: /metadata/identity/oauth2/token?resource=https%3A%2F%2Fmanagement.core.windows.net%2F&api-version=2018-02-01 (Caused by NewConnectionError(': Failed to establish a new connection: [WinError 10051] A socket operation was attempted to an unreachable network',))
Interestingly enough, if i run these lines on an azure vm instead of my local dev box, it does run as expected. Is Azure VM required for msiauth?
As of March 2019, managed identities are only supported on Azure resources like Azure VM and local dev boxes are not yet supported.