Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid audience for Key Vault secret operations when using MSI #2432

Closed
Tracked by #3151
thomas11 opened this issue May 4, 2023 · 3 comments · Fixed by #3664
Closed
Tracked by #3151

Invalid audience for Key Vault secret operations when using MSI #2432

thomas11 opened this issue May 4, 2023 · 3 comments · Fixed by #3664
Assignees
@thomas11
Labels
area/auth customer/feedback Feedback from customers kind/bug Some behavior is incorrect or out of spec kv keyvault needs-azidentity resolution/fixed This issue was fixed
Milestone
0.112

Comments

@thomas11
Copy link
Contributor

thomas11 commented May 4, 2023 

error: keyvault.BaseClient#DeleteSecret: Failure responding to request: StatusCode=401 -- Original Error: autorest/azure: Service returned an error. Status=401 Code="Unauthorized" Message="AKV10022: Invalid audience. Expected https://vault.azure.net, found: https://management.azure.com/."

When using Managed Identity (ARM_USE_MSI) with the Pulumi Automation API. See #2374 for the original report. That issue is about the same error but using az CLI authentication, which was fixed.
@thomas11 thomas11 added kind/bug Some behavior is incorrect or out of spec customer/feedback Feedback from customers labels May 4, 2023
@thomas11 thomas11 mentioned this issue May 4, 2023
Closed
@mnlumi mnlumi added the kv keyvault label Jun 22, 2023
@thecodetinker thecodetinker mentioned this issue Jan 10, 2024
Closed
@brucetan-displayr
Copy link

Having the same error, woudl be good if this is fixed

@mjeffryes mjeffryes mentioned this issue Mar 13, 2024
Open
@thomas11
Copy link
Contributor Author

I took a more in-depth look at this and unfortunately, it's due to a shortcoming in a dependency that we use that cannot be upgraded quickly. Related to #1464. We will try to schedule this workstream soon.

@thomas11 thomas11 mentioned this issue Sep 3, 2024
Merged
@mjeffryes mjeffryes added this to the 0.111 milestone Oct 2, 2024
@mjeffryes mjeffryes modified the milestones: 0.111, 0.112 Oct 30, 2024
@thomas11 thomas11 mentioned this issue Nov 5, 2024
Merged
@pulumi-bot pulumi-bot added the resolution/fixed This issue was fixed label Nov 5, 2024
@pulumi-bot
Copy link
Contributor

This issue has been addressed in PR #3664 and shipped in release v2.70.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@thomas11 thomas11

Labels
area/auth customer/feedback Feedback from customers kind/bug Some behavior is incorrect or out of spec kv keyvault needs-azidentity resolution/fixed This issue was fixed
Projects
None yet
Milestone
0.112
Development

Successfully merging a pull request may close this issue.

Migrate custom Key Vault resource to azidentity pulumi/pulumi-azure-native
5 participants
@thomas11 @mjeffryes @pulumi-bot @mnlumi @brucetan-displayr