Azure Managed Identity authentication fails in AKS/ACI #6
Description
Bug Report
Description
Azure provider fails to authenticate when using Managed Identity in Azure Container Instances (ACI) or Azure Kubernetes Service (AKS).
Error Message
Error: failed to initialize Azure provider: failed to get managed identity token:
MSI not available: Endpoint http://169.254.169.254/metadata/identity/oauth2/token not reachable
Environment
- DriftMgr version: 1.0.0
- Environment: Azure Kubernetes Service
- Authentication: Pod Managed Identity
- Azure SDK version: (from go.mod)
Steps to Reproduce
- Deploy DriftMgr in AKS with pod identity enabled
- Configure Azure provider without credentials (expecting MSI)
- Run
driftmgr discover --provider azure - Observe authentication failure
Expected Behavior
Should automatically detect and use Managed Identity when available.
Current Workaround
Manually specify service principal credentials, which defeats the purpose of managed identity.
Root Cause Analysis
The Azure SDK client is not configured to use the correct identity endpoint for AKS. The code attempts to use the IMDS endpoint directly instead of using the Azure Identity SDK.
Suggested Fix
import "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
// Use DefaultAzureCredential which handles all auth methods
cred, err := azidentity.NewDefaultAzureCredential(nil)This affects anyone trying to run DriftMgr in Azure container services with proper security practices.