Skip to content

Implement retry logic for IMDS managed identity #3306

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 10, 2025
Merged

Implement retry logic for IMDS managed identity #3306

merged 2 commits into from
Nov 10, 2025
+43 −4

Conversation

@chlowell
Copy link
Member

@chlowell chlowell commented Nov 7, 2025

Closes #2729 by aligning the retry policy configuration for our IMDS client with the published guidance. Our timing is close but doesn't exactly match the recommended curve:

attempt occurs at (s) recommended
1 0 0
2 2 2
3 8 8
4 19 22
5 40 52
6 70 -

@chlowell chlowell self-assigned this Nov 7, 2025
@github-actions github-actions bot added the Azure.Identity The azure_identity crate label Nov 7, 2025
@chlowell chlowell marked this pull request as ready for review November 7, 2025 22:30
@chlowell chlowell requested a review from heaths as a code owner November 7, 2025 22:30
Copilot AI review requested due to automatic review settings November 7, 2025 22:30
Copilot AI reviewed Nov 7, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements retry guidance for ManagedIdentityCredential to align with Microsoft's IMDS (Instance Metadata Service) recommendations. The changes ensure proper retry behavior for Azure VM managed identity authentication.

  • Configures custom retry status codes for IMDS endpoints (404, 410, 429, 500-511)
  • Sets exponential retry options following IMDS guidance (initial delay: 1340ms, max retries: 6, max elapsed: 72s)
  • Passes pipeline options through the credential chain for VM credentials

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
sdk/identity/azure_identity/src/virtual_machine_managed_identity_credential.rs Implements IMDS retry guidance with custom status codes and exponential retry configuration
sdk/identity/azure_identity/src/imds_managed_identity_credential.rs Adds pipeline_options parameter to support custom retry configuration
sdk/identity/azure_identity/src/app_service_managed_identity_credential.rs Passes None for pipeline_options to maintain default retry behavior
sdk/identity/azure_identity/CHANGELOG.md Documents the bug fix for IMDS retry guidance

heaths
heaths requested changes Nov 8, 2025
View reviewed changes
@github-project-automation github-project-automation bot moved this from Untriaged to In Progress in Azure Identity SDK Improvements Nov 8, 2025
@chlowell chlowell requested a review from heaths November 10, 2025 18:50
@chlowell chlowell merged commit e2b8799 into Azure:main Nov 10, 2025
18 checks passed
@github-project-automation github-project-automation bot moved this from In Progress to Done in Azure Identity SDK Improvements Nov 10, 2025
@chlowell chlowell deleted the imds-retry branch November 10, 2025 23:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@heaths heaths heaths approved these changes

@RickWinter RickWinter Awaiting requested review from RickWinter RickWinter is a code owner

@LarryOsterman LarryOsterman Awaiting requested review from LarryOsterman LarryOsterman is a code owner

Assignees

@chlowell chlowell

Labels

Azure.Identity The azure_identity crate

Projects

Azure Identity SDK Improvements
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ManagedIdentityCredential retry policy should handle 410 status response

2 participants

@chlowell @heaths