Azure-sdk-for-python: Unable to authenticate to Azure ML Workspace using Service Principal

Having a similar issue connection to Azureml using service principle

Same issue I have been facing as well. It worked fine until yesterday. Unable to connect to Azureml using service principal

Same here. It was working fine till yesterday. From today, I am facing the same issue.

Was working fine for me until around 6.30am GMT+1 this morning

Same here, started to fail today.

Hello guys. I'm facing the same problem. Everything was fine a couple of hours ago.

Workaround/Possible Solution
In azurecorepipelinepolicies_authentication.py in class BearerTokenCredentialPolicy instead of calling get_token use _token_retriever() and take the element with index one.

 def on_request(self, request):
        # type: (PipelineRequest) -> None
        """Adds a bearer token Authorization header to request and sends request to next policy.

        :param request: The pipeline request object
        :type request: ~azure.core.pipeline.PipelineRequest
        """
        self._enforce_https(request)
        if self._token is None or self._need_new_token:
            scheme, self._token, _ = self._credential._token_retriever()
        self._update_headers(request.http_request.headers, self._token)

Hi, I have been using Azure Devops Pipelines with Microsoft Hosted Agents to connect to Azure ML. I am seeing this error "AttributeError: 'AdalAuthentication' object has no attribute 'get_token'"

Can confirm @gison93 proposal seems to solve this issue. I don't fully understand what may have changed if there has been no version update, though.

Can confirm @gison93 proposal seems to solve this issue. I don't fully understand what may have changed if there has been no version update, though.

I suspect is due to the recent update of azure-mgmt-keyvault to version 7.0.0 some hours ago

@gison93 can we use your proposal on microsoft hosted agents?

Same here. It was working fine till yesterday. From today, I am facing the same issue. The codes work perfectly from my local computer but did not work from Azure hosted agents.

On local, workaround from @gison93 work's perfectly, but I'm using Azure DataBricks as a compute target and cannot change the source code of libraries. I find a solution with downgrade lib azure-mgmt-resource from 15.0.0 to 8.0.1.

Yes, I agree with @chengyu-liu-cs

@gison93 can we use your proposal on microsoft hosted agents?

I think it is easier to roll back to the previous stable version of azure-mgmt-keyvault, i.e. force to use azure-mgmt-keyvault==2.2.0 in the meantime. This seems to solve the issue on my end.

This solution did not work for me.

@gison93 can we use your proposal on microsoft hosted agents?

I think it is easier to roll back to the previous stable version of azure-mgmt-keyvault, i.e. force to use azure-mgmt-keyvault==2.2.0 in the meantime. This seems to solve the issue on my end.

This solution did not work for me.

They are probably changing more stuff at the moment. This did work but it is not working anymore. We will have to wait for a proper fix I guess.

I did further investigation comparing package differences. Actually, both local and hosted agents have azureml-core==1.12.0.post1. So My guess azureml-core version might not be the direct reason.

There were many packages that have different versions from my local versions. But I rolled back a couple of most possible ones and solved the issue (at least for now)
azure-mgmt-keyvault==2.2.0
azure-mgmt-resource==10.2.0
azure-identity==1.2.0
azure-core==1.8.0
azure-mgmt-storage==11.1.0

A new version of Azure Mgmt Resource client library released 5 hours ago. Is that caused the issue?

https://pypi.org/project/azure-mgmt-resource/

It's not because of AzureML. (downgrading to 1.12.0 causes the same issue.)
As @sajalda23409 mentioned it's related to https://pypi.org/project/azure-mgmt-resource/15.0.0/

Fixed with pinning the previous version:
pip install azure-mgmt-resource==10.2.0

Or if you are using Databricks:

if dbutils.library.installPyPI('azure-mgmt-resource', version="10.2.0"):
  dbutils.library.restartPython()

We are taking a look at this issue, and will provide update later
For the time being, a workaround is using azure-mgmt-resources 10.2.0
cc @yonzhan @changlong-liu @00Kai0 @jsntcy

You can temporarily fixed with pinning the previous version:
pip install azure-mgmt-resource==10.2.0

it fixes the issue with the service principle by pinning mgmt-resource (azure-mgmt-resource==10.2.0) , but its breaking automl now:
957 except ValidationException as ex:

/databricks/python/lib/python3.7/site-packages/azureml/automl/core/package_utilities.py in _get_package_incompatibilities(packages, ignored_dependencies)
420 target=','.join(incompatible_packages.keys()),
421 missing_packages_message=';'.join(messages),
--> 422 reference_code=ReferenceCodes._UNVERIFIED_PACKAGES
423 ))
424

ValidationException: ValidationException:
Message: Please install specific versions of packages: We validated this package with azure-core<=1.8.0 but your environment has azure-core 1.8.1.;We validated this package with azure-mgmt-keyvault<=2.2.0 but your environment has azure-mgmt-keyvault 7.0.0.;We validated this package with azure-mgmt-storage<=11.2.0 but your environment has azure-mgmt-storage 16.0.0.;We validated this package with dotnetcore2<=2.1.14 but your environment has dotnetcore2 2.1.15.;We validated this package with interpret-community<=0.14.3 but your environment has interpret-community 0.14.4.;We validated this package with liac-arff<=2.4.0 but your environment has liac-arff 2.5.0.;We validated this package with msal<=1.4.3 but your environment has msal 1.5.0.;We validated this package with msrest<=0.6.18 but your environment has msrest 0.6.19.;We validated this package with ruamel.yaml.clib<=0.2.0 but your environment has ruamel.yaml.clib 0.2.2.;We validated this package with ruamel.yaml<=0.16.10 but your environment has ruamel.yaml 0.16.12.;We validated this package with tqdm<=4.48.2 but your environment has tqdm 4.49.0.
InnerException: None
ErrorResponse
{
"error": {
"code": "UserError",
"message": "Please install specific versions of packages: We validated this package with azure-core<=1.8.0 but your environment has azure-core 1.8.1.;We validated this package with azure-mgmt-keyvault<=2.2.0 but your environment has azure-mgmt-keyvault 7.0.0.;We validated this package with azure-mgmt-storage<=11.2.0 but your environment has azure-mgmt-storage 16.0.0.;We validated this package with dotnetcore2<=2.1.14 but your environment has dotnetcore2 2.1.15.;We validated this package with interpret-community<=0.14.3 but your environment has interpret-community 0.14.4.;We validated this package with liac-arff<=2.4.0 but your environment has liac-arff 2.5.0.;We validated this package with msal<=1.4.3 but your environment has msal 1.5.0.;We validated this package with msrest<=0.6.18 but your environment has msrest 0.6.19.;We validated this package with ruamel.yaml.clib<=0.2.0 but your environment has ruamel.yaml.clib 0.2.2.;We validated this package with ruamel.yaml<=0.16.10 but your environment has ruamel.yaml 0.16.12.;We validated this package with tqdm<=4.48.2 but your environment has tqdm 4.49.0.",
"inner_error": {
"code": "NotSupported",
"inner_error": {
"code": "IncompatibleOrMissingDependency"
}
},
"reference_code": "65e7ad52-ad1f-4915-85ad-440d0a5e221f"
}
}

+1. There were also issues with creating virtual networks with the azure-mgmt-network package, and this was solved with reverting to the previous version:
pip install azure-mgmt-network==10.2.0

Please uninstall the azure-mgmt-resource==15.0.0 and azureml-core==1.13.0.

Then install azureml-core==1.13.0.post1. It should fix the issue.

Hi guys, I wanted to provide an update here. The real cause of this behavior is the version upgrade for several Azure service SDKs (such as azure-mgmt-resources and azure-mgmt-network)

Basically, we did a major upgrade for Python SDK management libraries for some services. In the new version of SDK, the authentication mechanism has been changed, we have mentioned those changes in the release notes, please refer to this changelog:
changelog

The new version of SDK offers a number of important features but also introduces some breaking changes.

You can either choose to upgrade to the new version or stay on the old version.

To upgrade:

There is migration guide here for updating to the new SDK. This describes the new authentication flow.

Detailed info of benefits of the new SDK as well as documentation/code samples can be found here

To stay on the old version

Please keep using 10.2.0

Thank you @nickzhums! I will take a look at the new version

Hi @nickzhums, I tried to use ClientSecretCredential instead of ServicePrincipalCredential with no luck.

from azureml.core import Workspace
from azure.identity import ClientSecretCredential

tenant = "tenant"
client = "client"
key = "key"

credentials = ClientSecretCredential(
            tenant_id=tenant,
            service_principal_id=client,
            service_principal_password=key)

workspace = Workspace.from_config("config.json", auth=credentials)

I get the following error:
AttributeError: 'ClientSecretCredential' object has no attribute '_get_workspace'

Should I open a new issue?

It seems like you are directly passing credentials to Workspace.from_config method, which I'm not sure if it will support. The standard practice is to use a service client.

e.g. network_client = azure.mgmt.network.NetworkManagementClient(credential=credential, subscription_id=subscription_id)

Yes, please open an issue and we can track it from there