Azure Python SDK automation runbook - error - 'ClientSecretCredential' object has no attribute 'signed_session'

Question

I found few posts related to Azure Python error message - 'ClientSecretCredential' object has no attribute 'signed_session', but I am testing my code from Azure portal, I am using Automation Account runbook. I prepared script for changing TLS property on Storage Account. I have two az subscriptions located in different tenants (subA - service provider, subB - service customer), I am using Azure Lighthouse to provide admin access from subA account to subB. I am using SPN registered in subA Azure AD. I tested Python code on my laptop and all works as expected, I was able to modify Storage Account located in subB using subA SPN - Service Principal. I am testing the same code from Azure Portal - Automation Account runbook and I am facing an error self._creds.signed_session(session)AttributeError: 'ClientSecretCredential' object has no attribute 'signed_session'. In Automation Account I have imported packages, list below.

My Python code, works as expected from my Laptop, throwing mentioned error when executing as an automation runbook from Azure Portal.

import sys
import json
from azure.mgmt.resource import SubscriptionClient
from azure.mgmt.resource import ResourceManagementClient
from azure.identity import ClientSecretCredential
import azure.mgmt.storage

subscription_id = "subB-subscriptionID"
tenant_id = "subA-TenantID"
client_id = "subA-clientID"
client_secret = "subA-clientSecret"

credential = ClientSecretCredential(
    tenant_id=tenant_id,
    client_id=client_id,
    client_secret=client_secret)

storage_client = azure.mgmt.storage.StorageManagementClient(
    credentials=credential,
    subscription_id=subscription_id
)

storage_account = storage_client.storage_accounts.update(
    "ResourceGroupName",
    "StorageAccountName",
    {
        "properties": {
            "minimumTlsVersion": "TLS1_2"   
        }
    }
)

Answer 1

To resolve this 'ClientSecretCredential' object has no attribute 'signed_session' error, try following ways:

As suggested by chlowell:

Note: The latest version of ManagementGroupsAPI doesn't support credentials from azure-identity

• Use msrestazure.azure_active_directory.ServicePrincipalCredentials instead of ClientSecretCredential
• Use AzureIdentityCredentialWrapper to wrap ClientSecretCredential

Answer 2

Instead of Automation runbooks I decided to use Function app. Function contains all Python code and all works fine, I tested the solution and all works as expected.