Fail to auth to azure on windows container in azure vm

[LiliDeng]

In azure devops pipeline, we need to launch the azure python sdk in windows container.
The lisa_connection is a service connection which has the managed identity associated with.

    - task: AzureCLI@2
      displayName: "Run Test Case "
      inputs:
        azureSubscription: 'lisa_connection'
        scriptType: ps
        powerShellErrorActionPreference: 'silentlyContinue'
        scriptLocation: inlineScript
        inlineScript: |
          docker run --rm -e AZURE_CLIENT_ID="$(sc_client_id)"  -i "$(acr)/$(repository):$(test1.image)" lisa -r /app/lsg-lisa/runbook/one_case.yml -v subscription_id:$(sub_subscription_id) -v test_case_name:perf_nvme -v test_pass:Adhoc -v test_project:Adhoc
      env:
        LISA_service_principal_tenant_id: $(sub_tenant_id)
        LISA_subscription_id: $(sub_subscription_id)
        AZURE_TENANT_ID: $(sub_tenant_id)
        AZURE_CLIENT_ID: $(sc_client_id)

When launch the docker windows container, we saw below issues in python code. Any idea how to resolve it?

  File "C:\Python\Lib\site-packages\azure\core\pipeline\policies\_authentication.py", line 157, in send
    self.on_request(request)
  File "C:\Python\Lib\site-packages\azure\core\pipeline\policies\_authentication.py", line 132, in on_request
    self._request_token(*self._scopes)
  File "C:\Python\Lib\site-packages\azure\core\pipeline\policies\_authentication.py", line 108, in _request_token
    self._token = self._get_token(*scopes, **kwargs)
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Python\Lib\site-packages\azure\core\pipeline\policies\_authentication.py", line 99, in _get_token
    return cast(TokenCredential, self._credential).get_token(*scopes, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Python\Lib\site-packages\azure\identity\_credentials\default.py", line 225, in get_token
    token = super().get_token(*scopes, claims=claims, tenant_id=tenant_id, **kwargs)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Python\Lib\site-packages\azure\identity\_credentials\chained.py", line 124, in get_token
    raise ClientAuthenticationError(message=message)
azure.core.exceptions.ClientAuthenticationError: DefaultAzureCredential failed to retrieve a token from the included credentials.
Attempted credentials:
	EnvironmentCredential: EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
Visit https://aka.ms/azsdk/python/identity/environmentcredential/troubleshoot to troubleshoot this issue.
	ManagedIdentityCredential: (<urllib3.connection.HTTPConnection object at 0x00000286585D0B90>, 'Connection to 169.254.169.254 timed out. (connect timeout=300)')
To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/python/identity/defaultazurecredential/troubleshoot.

[github-actions]

Thank you for your feedback. Tagging and routing to the team member best able to assist.

[LiliDeng]

From here it is expected to see the error.

Az Login module and other client libraries which depend on metadata server (169.254.169.254) will not work in a Windows Container. 

Now I can pass an access token from the host (azure windows vm) to the container, then I need to do this change https://github.com/microsoft/lisa/compare/lildeng/fix_12_25_003?expand=1 to initialize credential, is there a way to use DefaultAzureCredential without this change? Thanks!