From 7e1ac391d54d56336e223cc95a0c627fec09701e Mon Sep 17 00:00:00 2001
From: Jordi Smit <j0rd1smit@users.noreply.github.com>
Date: Thu, 16 Feb 2023 13:35:41 +0100
Subject: [PATCH] disabled managed identity on azureml compute instance

---
 kedro_azureml/client.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/kedro_azureml/client.py b/kedro_azureml/client.py
index 766a051..7b07fae 100644
--- a/kedro_azureml/client.py
+++ b/kedro_azureml/client.py
@@ -1,5 +1,6 @@
 import json
 import logging
+import os
 from contextlib import contextmanager
 from pathlib import Path
 from tempfile import TemporaryDirectory
@@ -23,7 +24,13 @@ def _get_azureml_client(subscription_id: Optional[str], config: AzureMLConfig):
     }
 
     try:
-        credential = DefaultAzureCredential()
+        # On a AzureML compute instance, the managed identity will take precedence,
+        # while it does not have enough permissions.
+        # So, if we are on an AzureML compute instance, we disable the managed identity.
+        is_azureml_managed_identity = "MSI_ENDPOINT" in os.environ
+        credential = DefaultAzureCredential(
+            exclude_managed_identity_credential=is_azureml_managed_identity
+        )
         # Check if given credential can get token successfully.
         credential.get_token("https://management.azure.com/.default")
     except Exception: