Migrate region discovery to IMDS /compute JSON endpoint (#6039)#6057
Merged
Conversation
Switch RegionManager from the legacy text endpoint /metadata/instance/compute/location (api-version 2020-06-01, format=text) to the JSON endpoint /metadata/instance/compute (api-version 2021-02-01), parsing the location field. No public API, telemetry, or config change. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR migrates MSAL.NET’s VM region auto-discovery from the legacy IMDS text endpoint (/metadata/instance/compute/location) to the newer IMDS JSON endpoint (/metadata/instance/compute), reading the location field while preserving the existing discovery/caching/retry behavior.
Changes:
- Update
RegionManagerto call/metadata/instance/compute?api-version=2021-02-01and deserialize JSON to obtainlocation. - Add a new
LocalImdsComputeResponseDTO and register it forSystem.Text.Jsonsource generation. - Update unit/lab test helpers and constants to reflect the new endpoint and JSON response shape; add tests for missing
locationand malformed JSON.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| tests/Microsoft.Identity.Test.Unit/CoreTests/RegionDiscoveryProviderTests.cs | Updates IMDS mocks to JSON /compute responses and adds new negative-path tests. |
| src/client/Microsoft.Identity.Lab.Api/PublicAPI.Shipped.txt | Updates shipped constant value for the IMDS region discovery URL to /compute. |
| src/client/Microsoft.Identity.Lab.Api/Internal/TestConstants.cs | Updates IMDS discovery URL constant to /compute. |
| src/client/Microsoft.Identity.Lab.Api/Http/MockHttpManagerExtensions.cs | Updates lab mock handler to return JSON with location. |
| src/client/Microsoft.Identity.Client/Platforms/net/MsalJsonSerializerContext.cs | Registers LocalImdsComputeResponse for source-generated JSON serialization. |
| src/client/Microsoft.Identity.Client/Instance/Region/RegionManager.cs | Switches to /compute and parses JSON location for region. |
| src/client/Microsoft.Identity.Client/Instance/Region/LocalImdsComputeResponse.cs | Introduces DTO representing IMDS /compute JSON payload (location). |
Comments suppressed due to low confidence (1)
src/client/Microsoft.Identity.Client/Instance/Region/RegionManager.cs:246
JsonHelper.DeserializeFromJsonwill throw on malformed JSON. While the outercatch (Exception e)will convert this intoFailedAutoDiscovery, it will also changes_regionDiscoveryDetails/telemetry to an exception-specific string (and for a valid JSON body missinglocation,s_regionDiscoveryDetailsstays null). To keep failure behavior/telemetry consistent with the existing “empty response” path, treat malformed JSON or missinglocationas an empty response and sets_regionDiscoveryDetailsaccordingly before falling back.
if (response.StatusCode == HttpStatusCode.OK && !response.Body.IsNullOrEmpty())
{
LocalImdsComputeResponse computeResponse = JsonHelper.DeserializeFromJson<LocalImdsComputeResponse>(response.Body);
region = computeResponse?.Location;
if (ValidateRegion(region, $"IMDS call to {imdsUri.AbsoluteUri}", logger))
{
logger.Info(() => $"[Region discovery] Call to local IMDS succeeded. Region: {region}. {DateTime.UtcNow}");
result = new RegionInfo(region, RegionAutodetectionSource.Imds, null);
gladjohn
approved these changes
Jun 10, 2026
- Funnel missing/null location and malformed JSON into the consistent 'status code OK or an empty response' failure reason for telemetry - Parameterize the unusable-body tests and add a location:null case plus a failure-reason assertion - Clarify why two api-versions appear in the version-negotiation test Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
gladjohn
approved these changes
Jun 16, 2026
neha-bhargava
approved these changes
Jun 16, 2026
This was referenced Jun 17, 2026
This was referenced Jun 19, 2026
Closed
This was referenced Jun 23, 2026
Closed
Open
Open
Closed
This was referenced Jul 1, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements #6039 per the merged spec
docs/region_discovery_imds_compute.md(spec PR #6044).Migrates MSAL.NET region auto-discovery from the legacy IMDS text endpoint
/metadata/instance/compute/location(api-version=2020-06-01,format=text) to the newer JSON endpoint/metadata/instance/compute(api-version=2021-02-01), parsing thelocationfield.There is no public API change, no telemetry schema/string change, and no feature flag.
REGION_NAMEprecedence, process-wide caching, retry, timeouts, and the api-version 400 fallback are all preserved.What changed
RegionManager.cs:ImdsEndpoint->/metadata/instance/compute;DefaultApiVersion->2021-02-01;BuildImdsUridropsformat=text; the 200-OK path deserializes the JSON body and readslocation(then the existingValidateRegion). Missing/empty/malformed body funnels to the existingFailedAutoDiscoverypath.GetImdsUriApiVersionAsyncandLocalImdsErrorResponseare reused unchanged.LocalImdsComputeResponse.cswith a singlelocationproperty, registered inPlatforms/net/MsalJsonSerializerContext.csfor source-gen.RegionDiscoveryProviderTests.cs): mock helper dropsformat=text/ uses2021-02-01; success bodies are now JSON; added missing-locationand malformed-JSON scenarios. Lab mock helper +TestConstants.ImdsUrlupdated to/compute.Testing
Microsoft.Identity.Clientbuilds clean on netstandard2.0 and net8.0 (TreatWarningsAsErrors).RegionDiscoveryProviderTests(26),ClientCredentialWithRegionTests(6),RegionalTelemetryTests(6, unmodified),MtlsPopTests(73).PublicAPI.Unshipped.txt.Out of scope
Unified
/computesnapshot cache for VM-only consumers (#6046); MI source detection.