Implemented Service Exception for Imds Probe

src/client/Microsoft.Identity.Client/ManagedIdentity/ImdsManagedIdentitySource.cs

@@ -305,8 +305,9 @@ public static async Task<bool> ProbeImdsEndpointAsync(
             }
             catch (Exception ex)
             {
-                requestContext.Logger.Info($"[Managed Identity] {imdsStringHelper} probe endpoint failure. Exception occurred while sending request to probe endpoint: {ex}");
-                return false;
+                throw new MsalServiceException(
+                    MsalError.ImdsServiceError,
+                    $"[Managed Identity] {imdsStringHelper} probe endpoint failure. Exception occurred while sending request to probe endpoint: {ex}");
             }
 
             // probe omits the "Metadata: true" header and then treats 400 Bad Request as success

src/client/Microsoft.Identity.Client/MsalError.cs

@@ -1232,5 +1232,10 @@ public static class MsalError
         /// All managed identity sources are unavailable.
         /// </summary>
         public const string ManagedIdentityAllSourcesUnavailable = "managed_identity_all_sources_unavailable";
+
+        /// <summary>
+        /// Represents the error code returned when an IMDS operation fails.
+        /// </summary>
+        public const string ImdsServiceError = "imds_service_error";
     }
 }

src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt

@@ -1,2 +1,3 @@
-const Microsoft.Identity.Client.MsalError.ManagedIdentityAllSourcesUnavailable = "managed_identity_all_sources_unavailable" -> string
+const Microsoft.Identity.Client.MsalError.ImdsServiceError = "imds_service_error" -> string
+const Microsoft.Identity.Client.MsalError.ManagedIdentityAllSourcesUnavailable = "managed_identity_all_sources_unavailable" -> string
 Microsoft.Identity.Client.ManagedIdentityApplication.GetManagedIdentitySourceAsync(System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource>

src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt

@@ -1,2 +1,3 @@
-const Microsoft.Identity.Client.MsalError.ManagedIdentityAllSourcesUnavailable = "managed_identity_all_sources_unavailable" -> string
+const Microsoft.Identity.Client.MsalError.ImdsServiceError = "imds_service_error" -> string
+const Microsoft.Identity.Client.MsalError.ManagedIdentityAllSourcesUnavailable = "managed_identity_all_sources_unavailable" -> string
 Microsoft.Identity.Client.ManagedIdentityApplication.GetManagedIdentitySourceAsync(System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource>

src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt

@@ -1,2 +1,3 @@
-const Microsoft.Identity.Client.MsalError.ManagedIdentityAllSourcesUnavailable = "managed_identity_all_sources_unavailable" -> string
+const Microsoft.Identity.Client.MsalError.ImdsServiceError = "imds_service_error" -> string
+const Microsoft.Identity.Client.MsalError.ManagedIdentityAllSourcesUnavailable = "managed_identity_all_sources_unavailable" -> string
 Microsoft.Identity.Client.ManagedIdentityApplication.GetManagedIdentitySourceAsync(System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource>

src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt

@@ -1,2 +1,3 @@
-const Microsoft.Identity.Client.MsalError.ManagedIdentityAllSourcesUnavailable = "managed_identity_all_sources_unavailable" -> string
+const Microsoft.Identity.Client.MsalError.ImdsServiceError = "imds_service_error" -> string
+const Microsoft.Identity.Client.MsalError.ManagedIdentityAllSourcesUnavailable = "managed_identity_all_sources_unavailable" -> string
 Microsoft.Identity.Client.ManagedIdentityApplication.GetManagedIdentitySourceAsync(System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource>

src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt

@@ -1,2 +1,3 @@
-const Microsoft.Identity.Client.MsalError.ManagedIdentityAllSourcesUnavailable = "managed_identity_all_sources_unavailable" -> string
+const Microsoft.Identity.Client.MsalError.ImdsServiceError = "imds_service_error" -> string
+const Microsoft.Identity.Client.MsalError.ManagedIdentityAllSourcesUnavailable = "managed_identity_all_sources_unavailable" -> string
 Microsoft.Identity.Client.ManagedIdentityApplication.GetManagedIdentitySourceAsync(System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource>

src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt

@@ -1,2 +1,3 @@
-const Microsoft.Identity.Client.MsalError.ManagedIdentityAllSourcesUnavailable = "managed_identity_all_sources_unavailable" -> string
+const Microsoft.Identity.Client.MsalError.ImdsServiceError = "imds_service_error" -> string
+const Microsoft.Identity.Client.MsalError.ManagedIdentityAllSourcesUnavailable = "managed_identity_all_sources_unavailable" -> string
 Microsoft.Identity.Client.ManagedIdentityApplication.GetManagedIdentitySourceAsync(System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource>

tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ImdsTests.cs

@@ -3,7 +3,6 @@
 
 using System;
 using System.Net;
-using System.Net.Http;
 using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.Identity.Client;
@@ -436,7 +435,7 @@ await mi.AcquireTokenForManagedIdentity(ManagedIdentityTests.Resource)
         }
 
         [TestMethod]
-        public async Task ProbeImdsEndpointAsync_TimesOutAfterOneSecond()
+        public async Task ProbeImdsV1EndpointAsync_TimesOutAfterOneSecond()
         {
             using (new EnvVariableContext())
             using (var httpManager = new MockHttpManager())
@@ -450,19 +449,19 @@ public async Task ProbeImdsEndpointAsync_TimesOutAfterOneSecond()
                 var managedIdentityApp = miBuilder.Build();
 
                 httpManager.AddMockHandler(MockHelpers.MockImdsProbeFailure(ImdsVersion.V2));
-                httpManager.AddMockHandler(MockHelpers.MockImdsProbe(ImdsVersion.V1));
+                // ImdsV1 mock is not needed, as the request will not be sent due to cancellation token being cancelled
 
-                var imdsProbesCancellationToken = new CancellationTokenSource(TimeSpan.FromSeconds(0)).Token; // timeout immediately
-
-                var miSource = await (managedIdentityApp as ManagedIdentityApplication).GetManagedIdentitySourceAsync(imdsProbesCancellationToken).ConfigureAwait(false);
-                Assert.AreEqual(ManagedIdentitySource.None, miSource); // Probe timed out, no source available
+                var cts = new CancellationTokenSource();
+                cts.Cancel();
+                var imdsProbesCancellationToken = cts.Token;
 
-                var ex = await Assert.ThrowsExceptionAsync<MsalClientException>(async () =>
-                    await managedIdentityApp.AcquireTokenForManagedIdentity(ManagedIdentityTests.Resource)
-                    .ExecuteAsync().ConfigureAwait(false)
-                ).ConfigureAwait(false);
+                var ex =
+                    await Assert.ThrowsExceptionAsync<MsalServiceException>(async () =>
+                        await (managedIdentityApp as ManagedIdentityApplication).GetManagedIdentitySourceAsync(imdsProbesCancellationToken)
+                        .ConfigureAwait(false))
+                    .ConfigureAwait(false);
 
-                Assert.AreEqual(MsalError.ManagedIdentityAllSourcesUnavailable, ex.ErrorCode);
+                Assert.AreEqual(MsalError.ImdsServiceError, ex.ErrorCode);
             }
         }
     }

tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ImdsV2Tests.cs

@@ -456,6 +456,36 @@ public async Task ProbeImdsEndpointAsyncFails404WhichIsNonRetriableAndRetryPolic
                 Assert.AreEqual(ManagedIdentitySource.Imds, miSource);
             }
         }
+
+        [TestMethod]
+        public async Task ProbeImdsV2EndpointAsync_TimesOutAfterOneSecond()
+        {
+            using (new EnvVariableContext())
+            using (var httpManager = new MockHttpManager())
+            {
+                var miBuilder = ManagedIdentityApplicationBuilder.Create(ManagedIdentityId.SystemAssigned);
+
+                miBuilder
+                    .WithHttpManager(httpManager)
+                    .WithRetryPolicyFactory(_testRetryPolicyFactory);
+
+                var managedIdentityApp = miBuilder.Build();
+
+                // ImdsV2 mock is not needed, as the request will not be sent due to cancellation token being cancelled
+
+                var cts = new CancellationTokenSource();
+                cts.Cancel();
+                var imdsProbesCancellationToken = cts.Token;
+
+                var ex =
+                    await Assert.ThrowsExceptionAsync<MsalServiceException>(async () =>
+                        await (managedIdentityApp as ManagedIdentityApplication).GetManagedIdentitySourceAsync(imdsProbesCancellationToken)
+                        .ConfigureAwait(false))
+                    .ConfigureAwait(false);
+
+                Assert.AreEqual(MsalError.ImdsServiceError, ex.ErrorCode);
+            }
+        }
         #endregion Probe Tests
 
         #region Fallback Behavior Tests