Skip to content

Migrate region discovery to IMDS /compute JSON endpoint (#6039)#6057

Merged
Robbie-Microsoft merged 3 commits into
mainfrom
rginsburg/region-discovery-compute
Jun 16, 2026
Merged

Migrate region discovery to IMDS /compute JSON endpoint (#6039)#6057
Robbie-Microsoft merged 3 commits into
mainfrom
rginsburg/region-discovery-compute

Conversation

@Robbie-Microsoft

@Robbie-Microsoft Robbie-Microsoft commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

Summary

Implements #6039 per the merged spec docs/region_discovery_imds_compute.md (spec PR #6044).

Migrates MSAL.NET region auto-discovery from the legacy IMDS text endpoint /metadata/instance/compute/location (api-version=2020-06-01, format=text) to the newer JSON endpoint /metadata/instance/compute (api-version=2021-02-01), parsing the location field.

There is no public API change, no telemetry schema/string change, and no feature flag. REGION_NAME precedence, process-wide caching, retry, timeouts, and the api-version 400 fallback are all preserved.

What changed

  • RegionManager.cs: ImdsEndpoint -> /metadata/instance/compute; DefaultApiVersion -> 2021-02-01; BuildImdsUri drops format=text; the 200-OK path deserializes the JSON body and reads location (then the existing ValidateRegion). Missing/empty/malformed body funnels to the existing FailedAutoDiscovery path. GetImdsUriApiVersionAsync and LocalImdsErrorResponse are reused unchanged.
  • New DTO LocalImdsComputeResponse.cs with a single location property, registered in Platforms/net/MsalJsonSerializerContext.cs for source-gen.
  • Tests (RegionDiscoveryProviderTests.cs): mock helper drops format=text / uses 2021-02-01; success bodies are now JSON; added missing-location and malformed-JSON scenarios. Lab mock helper + TestConstants.ImdsUrl updated to /compute.

Testing

  • Microsoft.Identity.Client builds clean on netstandard2.0 and net8.0 (TreatWarningsAsErrors).
  • Pass: RegionDiscoveryProviderTests (26), ClientCredentialWithRegionTests (6), RegionalTelemetryTests (6, unmodified), MtlsPopTests (73).
  • No change to PublicAPI.Unshipped.txt.

Out of scope

Unified /compute snapshot cache for VM-only consumers (#6046); MI source detection.

Switch RegionManager from the legacy text endpoint /metadata/instance/compute/location (api-version 2020-06-01, format=text) to the JSON endpoint /metadata/instance/compute (api-version 2021-02-01), parsing the location field. No public API, telemetry, or config change.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings June 10, 2026 19:56
@Robbie-Microsoft Robbie-Microsoft requested a review from a team as a code owner June 10, 2026 19:56

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR migrates MSAL.NET’s VM region auto-discovery from the legacy IMDS text endpoint (/metadata/instance/compute/location) to the newer IMDS JSON endpoint (/metadata/instance/compute), reading the location field while preserving the existing discovery/caching/retry behavior.

Changes:

  • Update RegionManager to call /metadata/instance/compute?api-version=2021-02-01 and deserialize JSON to obtain location.
  • Add a new LocalImdsComputeResponse DTO and register it for System.Text.Json source generation.
  • Update unit/lab test helpers and constants to reflect the new endpoint and JSON response shape; add tests for missing location and malformed JSON.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated no comments.

Show a summary per file
File Description
tests/Microsoft.Identity.Test.Unit/CoreTests/RegionDiscoveryProviderTests.cs Updates IMDS mocks to JSON /compute responses and adds new negative-path tests.
src/client/Microsoft.Identity.Lab.Api/PublicAPI.Shipped.txt Updates shipped constant value for the IMDS region discovery URL to /compute.
src/client/Microsoft.Identity.Lab.Api/Internal/TestConstants.cs Updates IMDS discovery URL constant to /compute.
src/client/Microsoft.Identity.Lab.Api/Http/MockHttpManagerExtensions.cs Updates lab mock handler to return JSON with location.
src/client/Microsoft.Identity.Client/Platforms/net/MsalJsonSerializerContext.cs Registers LocalImdsComputeResponse for source-generated JSON serialization.
src/client/Microsoft.Identity.Client/Instance/Region/RegionManager.cs Switches to /compute and parses JSON location for region.
src/client/Microsoft.Identity.Client/Instance/Region/LocalImdsComputeResponse.cs Introduces DTO representing IMDS /compute JSON payload (location).
Comments suppressed due to low confidence (1)

src/client/Microsoft.Identity.Client/Instance/Region/RegionManager.cs:246

  • JsonHelper.DeserializeFromJson will throw on malformed JSON. While the outer catch (Exception e) will convert this into FailedAutoDiscovery, it will also change s_regionDiscoveryDetails/telemetry to an exception-specific string (and for a valid JSON body missing location, s_regionDiscoveryDetails stays null). To keep failure behavior/telemetry consistent with the existing “empty response” path, treat malformed JSON or missing location as an empty response and set s_regionDiscoveryDetails accordingly before falling back.
                            if (response.StatusCode == HttpStatusCode.OK && !response.Body.IsNullOrEmpty())
                            {
                                LocalImdsComputeResponse computeResponse = JsonHelper.DeserializeFromJson<LocalImdsComputeResponse>(response.Body);
                                region = computeResponse?.Location;

                                if (ValidateRegion(region, $"IMDS call to {imdsUri.AbsoluteUri}", logger))
                                {
                                    logger.Info(() => $"[Region discovery] Call to local IMDS succeeded. Region: {region}. {DateTime.UtcNow}");
                                    result = new RegionInfo(region, RegionAutodetectionSource.Imds, null);

@gladjohn gladjohn left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved with comments

Comment thread tests/Microsoft.Identity.Test.Unit/CoreTests/RegionDiscoveryProviderTests.cs Outdated
Robbie-Microsoft and others added 2 commits June 11, 2026 16:20
- Funnel missing/null location and malformed JSON into the consistent
  'status code OK or an empty response' failure reason for telemetry
- Parameterize the unusable-body tests and add a location:null case plus
  a failure-reason assertion
- Clarify why two api-versions appear in the version-negotiation test

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.

@Robbie-Microsoft Robbie-Microsoft merged commit 457d4f0 into main Jun 16, 2026
16 checks passed
@Robbie-Microsoft Robbie-Microsoft deleted the rginsburg/region-discovery-compute branch June 16, 2026 19:10
@neha-bhargava neha-bhargava added this to the 4.85.0 milestone Jun 19, 2026
This was referenced Jun 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants