Include ManagedIdentitySource in managed identity error messages and request-failure logs#6101
Open
Robbie-Microsoft wants to merge 3 commits into
Open
Include ManagedIdentitySource in managed identity error messages and request-failure logs#6101Robbie-Microsoft wants to merge 3 commits into
Robbie-Microsoft wants to merge 3 commits into
Conversation
…e logs Managed identity authentication failures surface a host-issued 'Managed Identity Correlation ID', but the message did not indicate which managed identity source (AppService, Imds, ServiceFabric, etc.) produced it, making it ambiguous which host's telemetry to search during investigations. This change appends the detected ManagedIdentitySource to both the request-failure log line and the customer-facing correlation ID message, so the correlation ID can be traced to the correct host's telemetry. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…ions
- Assert the full composed phrase ("issued by the '<source>' managed
identity source") instead of the bare source name, so the check is
position-independent and cannot pass if the source name merely appears
in the echoed error body.
- Add ManagedIdentityErrorMessageAttributesCorrelationIdToSourceAsync
covering a non-AppService source (Imds) to guard the source-agnostic
correlation-ID branch against regression.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
d127d61 to
a25998d
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR improves managed identity diagnostics by including the detected ManagedIdentitySource in both managed identity request-failure logs and correlation-ID-bearing error messages, making live-site triage unambiguous when correlating with host telemetry.
Changes:
- Include
_sourceTypein the managed identity request-failure log line. - Attribute host-issued
Managed Identity Correlation IDmessages to the specific managed identity source. - Extend unit tests to assert the new source-attribution text and add a cross-source regression test (AppService + IMDS).
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| src/client/Microsoft.Identity.Client/ManagedIdentity/AbstractManagedIdentity.cs | Adds managed identity source attribution to request-failure logs and correlation-ID error message text. |
| tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ManagedIdentityTests.cs | Updates existing parsing assertions and adds a parameterized test to guard the correlation-ID attribution behavior across sources. |
| CHANGELOG.md | Adds a release note describing the new source attribution in MI diagnostics. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Managed identity auth failures surface a host-issued correlation ID, but neither the error message nor the request-failure log identified which managed identity source (AppService, Imds, ServiceFabric, etc.) produced it — making live-site triage ambiguous across host telemetry systems.
Changes proposed in this request
AbstractManagedIdentity.cs_sourceType:_sourceTypefield — no hardcoding, reflects the host detected at runtime.CHANGELOG.md— added a### Changesentry under the in-progress version.Testing
[DataRow]entries inManagedIdentityTestErrorResponseParsingto assert the new source-attribution phrase appears in the error message for correlation-ID-bearing responses.ManagedIdentityErrorMessageAttributesCorrelationIdToSourceAsync— parametrized overAppServiceandImds— to guard the correlation-ID attribution branch against regression across non-AppService sources. Asserts the full composed phrase (not just the source name) to prevent false passes from echoed error bodies.No behavioral or auth changes — message/log content only. No public API surface changes.
Attribution / provenance
This PR carries @juliovi-1's original commits, cherry-picked unchanged onto
mainso he remains the git author of every commit (committer is the maintainer who moved them across). It replaces:Since the repo squash-merges and squash preserves the branch commit author, the commit that lands on
mainwill be authored by Julio.Co-authored-by: Julio Villarreal Cantu juliovi@microsoft.com