Azure MSI Management Client Library

Warnings

• breaking Authentication in versions 6.0.0b1 and later transitioned from legacy modules (e.g., `azure.common.credentials`, `msrestazure.azure_active_directory`) to the `azure-identity` library. The `credentials` parameter was also renamed to `credential`.
  Fix: Migrate your authentication code to use classes from the `azure-identity` package, such as `DefaultAzureCredential`. Update client instantiation to use the `credential` parameter.
• breaking Major architectural changes were introduced in versions 6.0.0b1 and later, including the adoption of 'hybrid models' (which behave as both dictionaries and objects) and significant changes to method signatures. Long-running operations (LROs) are now prefixed with `begin_` (e.g., `create_or_update` becomes `begin_create_or_update`), and most exceptions are now `azure.core.exceptions.HttpResponseError` instead of `CloudError`.
  Fix: Consult the official Azure SDK for Python migration guides, specifically for hybrid models (https://aka.ms/azsdk/python/migrate/hybrid-models) and operation changes (https://aka.ms/azsdk/python/migrate/operations).
• breaking Python 2.7 support was officially dropped, and Python < 3.7.0 support was removed in version 7.1.0b1. The current stable version 7.1.0 requires Python 3.9+.
  Fix: Ensure your development and deployment environments use Python 3.9 or a newer compatible version.
• gotcha The `ManagedServiceIdentityClient` is a multi-API version client. While it defaults to the latest API version, it's a best practice for production applications to explicitly pin to a specific API version in the client constructor for consistent behavior and to avoid unexpected changes from new API versions.
  Fix: Pass the `api_version` parameter with a specific date string (e.g., `api_version='2023-01-31'`) to the `ManagedServiceIdentityClient` constructor.

Install

• pip install azure-mgmt-msi Install core library
• pip install azure-identity Install authentication library

Imports

• ManagedServiceIdentityClient

  from azure.mgmt.msi import ManagedServiceIdentityClient

• DefaultAzureCredential

  from azure.identity import DefaultAzureCredential

  Older Azure SDK versions used `azure.common.credentials` or `msrestazure.azure_active_directory` for authentication. The current standard is `azure-identity`.

Quickstart

Initializes the `ManagedServiceIdentityClient` using `DefaultAzureCredential` for authentication, requiring environment variables for Azure AD credentials and subscription ID. It then demonstrates listing user-assigned identities in the specified subscription.

import os
from azure.identity import DefaultAzureCredential
from azure.mgmt.msi import ManagedServiceIdentityClient

# Set environment variables for authentication:
# AZURE_CLIENT_ID, AZURE_TENANT_ID, AZURE_CLIENT_SECRET
# And AZURE_SUBSCRIPTION_ID

subscription_id = os.environ.get('AZURE_SUBSCRIPTION_ID', '')

if not subscription_id:
    raise ValueError("AZURE_SUBSCRIPTION_ID environment variable not set.")

# Authenticate using DefaultAzureCredential
credential = DefaultAzureCredential()

# Create the MSI management client
# For production, consider specifying api_version for stability, e.g., api_version='2023-01-31'
client = ManagedServiceIdentityClient(credential=credential, subscription_id=subscription_id)

# Example: List user-assigned identities in a subscription
print(f"Listing user-assigned identities in subscription: {subscription_id}")
for identity in client.user_assigned_identities.list_by_subscription():
    print(f"  Identity Name: {identity.name}, Location: {identity.location}")

print("Quickstart finished successfully.")