Error: AttributeError: 'DefaultAzureCredential' object has no attribute 'signed_session'

[murarisumit]

• Package Name:
  azure.mgmt.policyinsights

• Package Version:
  azure-mgmt-policyinsights==0.6.0

• Azure Packages Version:
  azure-common==1.1.25
  azure-core==1.9.0
  azure-identity==1.5.0
  azure-mgmt-core==1.2.2
  azure-mgmt-policyinsights==0.6.0
  azure-mgmt-resource==15.0.0
  azure-mgmt-storage==16.0.0
  msrestazure==0.6.4

• Operating System:
  MacOS

• Python Version:
  Python 3.8.5

Describe the bug
Getting this error while performing operation in this library: AttributeError: 'DefaultAzureCredential' object has no attribute 'signed_session'

To Reproduce
Try calling this method: https://docs.microsoft.com/en-us/python/api/azure-mgmt-policyinsights/azure.mgmt.policyinsights.operations.operations?view=azure-python

import os
from azure.identity import DefaultAzureCredential
from azure.mgmt.resource import SubscriptionClient
from azure.mgmt.policyinsights import PolicyInsightsClient

credential = DefaultAzureCredential()
subscription_client = SubscriptionClient(credential)

# This works
subscription = next(subscription_client.subscriptions.list())
print(subscription.subscription_id)


policy_client = PolicyInsightsClient(credentials=credential)

# This fails
policy_client.operations.list()

Expected behavior

List method mentioned above should've listed operation.

Additional context
Found this error at: https://docs.microsoft.com/en-us/azure/developer/python/azure-sdk-authenticate?view=azure-python&tabs=cmd#defaultazurecredential-object-has-no-attribute-signed-session

Currently using DefaultAzureCredential with version 15.0.0 or higher of azure-mgmt-resource : azure-mgmt-resource==15.0.0.

Still facing this issue

[chlowell]

PolicyInsightsClient expects a credential type from msrestazure but azure-identity credentials have a different API. I think you could use AzureIdentityCredentialAdapter to wrap DefaultAzureCredential for PolicyInsightsClient:

credential = DefaultAzureCredential()
subscription_client = SubscriptionClient(credential)

wrapped_credential = AzureIdentityCredentialAdapter(credential)
policy_client = PolicyInsightsClient(credentials=wrapped_credential)

A future version of azure-mgmt-policyinsights may not require the adapter, but I don't know the roadmap for that library. @changlong-liu is a track 2 version planned?

(Related: #14499)

[ghost]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @kenieva.

Issue Details

Description:	Package Name: azure.mgmt.policyinsights Package Version: azure-mgmt-policyinsights==0.6.0 Azure Packages Version: azure-common==1.1.25 azure-core==1.9.0 azure-identity==1.5.0 azure-mgmt-core==1.2.2 azure-mgmt-policyinsights==0.6.0 azure-mgmt-resource==15.0.0 azure-mgmt-storage==16.0.0 msrestazure==0.6.4 Operating System: MacOS Python Version: Python 3.8.5 Describe the bug Getting this error while performing operation in this library: AttributeError: 'DefaultAzureCredential' object has no attribute 'signed_session' To Reproduce Try calling this method: https://docs.microsoft.com/en-us/python/api/azure-mgmt-policyinsights/azure.mgmt.policyinsights.operations.operations?view=azure-python import os from azure.identity import DefaultAzureCredential from azure.mgmt.resource import SubscriptionClient from azure.mgmt.policyinsights import PolicyInsightsClient credential = DefaultAzureCredential() subscription_client = SubscriptionClient(credential) # This works subscription = next(subscription_client.subscriptions.list()) print(subscription.subscription_id) policy_client = PolicyInsightsClient(credentials=credential) # This fails policy_client.operations.list() Expected behavior List method mentioned above should've listed operation. Additional context Found this error at: https://docs.microsoft.com/en-us/azure/developer/python/azure-sdk-authenticate?view=azure-python&tabs=cmd#defaultazurecredential-object-has-no-attribute-signed-session Currently using DefaultAzureCredential with version 15.0.0 or higher of azure-mgmt-resource : azure-mgmt-resource==15.0.0. Still facing this issue
Author:	murarisumit
Assignees:	-
Labels:	Mgmt, Policy Insights, Service Attention, customer-reported, needs-team-triage, question
Milestone:	-

[changlong-liu]

add @msyyc for comments on azure-mgmt-policyinsights track2 plan :)

[msyyc]

azure-mgmt-policyinsights for python track2 will be published next month(2020/12/30)

[kenieva]

@murarisumit can you confirm if the above solution solved the issue?

[msyyc]

I have a try and the above solution works well.

[chowdary1209]

I have faced the similar (Signed_Session) kind of issue while working with Azure nsgs and have fixed it. There might be 2 causes.

1. Azure library versions mismatch.
   for me combination of below 2 libraries are working.
   azure-identity==1.6.1 and azure-mgmt-network==19.0.0

2. May be you are importing the incorrect library.
   I am working with nsgs for this. I installed the library called "azure-mgmt" and imported the "NetworkManagementClient" class then I have faced "signed session" issue. Later, I uninstalled the "azure-mgmt" library and installed another library, "azure-mgmt-network==19.0.0" and now it is working fine.

To import/work with "azure.mgmt.network import NetworkManagementClient", we need to install "azure-mgmt-network==19.0.0" library but not "azure-mgmt.

Just think on above 2 ways..it may helps you.

[Algoss]

PolicyInsightsClient expects a credential type from msrestazure but azure-identity credentials have a different API. I think you could use AzureIdentityCredentialAdapter to wrap DefaultAzureCredential for PolicyInsightsClient:

credential = DefaultAzureCredential()
subscription_client = SubscriptionClient(credential)

wrapped_credential = AzureIdentityCredentialAdapter(credential)
policy_client = PolicyInsightsClient(credentials=wrapped_credential)

A future version of azure-mgmt-policyinsights may not require the adapter, but I don't know the roadmap for that library. @changlong-liu is a track 2 version planned?

(Related: #14499)

hey @changlong-liu
I am also facing similar issue. I am trying the solution which u mentioned with little customization. I am not sure if i have replaced fake url correct.
https://github.com/jongio/azidext/blob/master/python/azure_identity_credential_adapter.py

`# ------------------------------------

Copyright (c) Microsoft Corporation.

Licensed under the MIT License.

------------------------------------

Adapt credentials from azure-identity to be compatible with SDK that needs msrestazure or azure.common.credentials

Need msrest >= 0.6.0

See also https://pypi.org/project/azure-identity/

import logging
from typing import Any, Dict, Optional

from azure.core.pipeline import PipelineContext, PipelineRequest
from azure.core.pipeline.policies import BearerTokenCredentialPolicy
from azure.core.pipeline.transport import HttpRequest
from azure.identity import ClientSecretCredential, DefaultAzureCredential
from msrest.authentication import BasicTokenAuthentication
from requests import Session

log = logging.getLogger(name)

def _make_request(url: str) -> PipelineRequest[Any]:
return PipelineRequest(HttpRequest("AzureIdentityCredentialAdapter", url), PipelineContext(None)) # type: ignore

class AzureIdentityCredentialAdapter(BasicTokenAuthentication):
def init(
self, credential: ClientSecretCredential, resource_id: str = "https://management.azure.com/.default", tenant_id: Optional[str] = "", **kwargs: Any
) -> None:
"""Adapt any azure-identity credential to work with SDK that needs azure.common.credentials or msrestazure.

    Default resource is ARM (syntax of endpoint v2)

    :param credential: Any azure-identity credential (DefaultAzureCredential by default)
    :param str resource_id: The scope to use to get the token (default ARM)
    """
    param: Dict[str, str]
    param = {}
    super(AzureIdentityCredentialAdapter, self).__init__(param)
    if credential is None:
        credential = DefaultAzureCredential()
    self._policy = BearerTokenCredentialPolicy(credential, resource_id, **kwargs)
    self.tenant_id = tenant_id

def set_token(self) -> None:
    """Ask the azure-core BearerTokenCredentialPolicy policy to get a token.

    Using the policy gives us for free the caching system of azure-core.
    We could make this code simpler by using private method, but by definition
    I can't assure they will be there forever, so mocking a fake call to the policy
    to extract the token, using 100% public API."""

    token_url = f"https://login.microsoftonline.com/{self.tenant_id}/oauth2/v2.0/token"
    request = _make_request(token_url)
    self._policy.on_request(request)
    # Read Authorization, and get the second part after Bearer
    token = request.http_request.headers["Authorization"].split(" ", 1)[1]
    self.token = {"access_token": token}
    log.info(self.token)

def signed_session(self, session: Optional[Session] = None) -> Session:
    self.set_token()
    return super(AzureIdentityCredentialAdapter, self).signed_session(session)

`

I am getting below error:

list_query_results_for_management_group raise models.QueryFailureException(self._deserialize, response) azure.mgmt.policyinsights.models.query_failure_py3.QueryFailureException: (AuthorizationFailed) The client '0c47c7d1-2c14-4c9d-927a-d004e71039c7' with object id '0c47c7d1-2c14-4c9d-927a-d004e71039c7' does not have authorization to perform action 'Microsoft.PolicyInsights/policyStates/queryResults/read' over scope '/providers/Microsoft.Management/managementGroups/lnkdprod-subscription-pool-prod/providers/Microsoft.PolicyInsights/policyStates/default' or the scope is invalid. If access was recently granted, please refresh your credentials.

Please help me in resolving above issue.

Thanks