sugibuchi commented on issue #4096: URL: https://github.com/apache/arrow-rs/issues/4096#issuecomment-1513623719
@tustvold It might work with `.default` in some environments (we are using [AAD Pod Identity](https://learn.microsoft.com/en-us/azure/aks/use-azure-ad-pod-identity) in AKS, which is an emulation of IMDS in Kuberentes cluster. This is probably a reason why we are seeing different results). But the documentation clearly says that a value of `resource` should be "App ID URI of the target **resource**", not scope. https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token#get-a-token-using-http Managed Identity credential class in Azure Java SDK accepts resource ID as configuration parameter. https://github.com/Azure/azure-sdk-for-java/blob/main/sdk/identity/azure-identity/src/main/java/com/azure/identity/ManagedIdentityCredentialBuilder.java#L83 And an equivalent class in Azure Python SDK explicitly drops `.default` from query parameter values. https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/identity/azure-identity/azure/identity/_internal/managed_identity_client.py#L112 https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/identity/azure-identity/azure/identity/_internal/__init__.py#L19-L29 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
