无法使用Java Spring Boot中的用户托管标识访问应用程序配置。

huangapple go评论75阅读模式
英文:

Unable to access App Configuration with User Managed Identity in Java spring boot

问题

我在连接到 Azure 应用配置时遇到了问题,问题如下:

com.microsoft.aad.msal4j.MsalAzureSDKException: java.util.concurrent.ExecutionException: com.azure.identity.CredentialUnavailableException: ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, Network is unreachable: no further information.

我在我的 Spring Boot 应用程序中使用以下依赖项:

implementation ('com.azure.spring:azure-spring-cloud-appconfiguration-config-web:2.11.0')

我的 bootstrap.yml 文件如下:

spring:
  application:
    name: app-service
    version: 0.0.1
  cloud:
    azure:
      appconfiguration:
        enabled: ${APP_CONFIGURATION_ENABLED} // true
        managed-identity:
          client-id: ${AZURE_CLIENT_ID}  // 有效的 client_id,已在 Azure 门户上创建
        stores:
          - endpoint: ${AZURE_END_POINT} // 有效的终结点

请注意,我在 Azure 门户上创建了示例配置,并导出了 AZURE_CLIENT_ID、AZURE_CLIENT_SECRET、AZURE_TENANT_ID 属性作为包含有效值的环境变量。

我使用的是 Spring Boot 版本 3.1.0,并且一直在遵循此文档:

https://learn.microsoft.com/en-us/java/api/overview/azure/spring-cloud-starter-appconfiguration-config-readme?view=azure-java-stable

相同的配置在普通 Java 中正常工作,通过像这样明确创建 bean:

public class Main {
    public static void main(String[] args) {

        TokenCredential credential = new DefaultAzureCredentialBuilder().build();

        ConfigurationClient client = new ConfigurationClientBuilder()
                .credential(credential)
                .endpoint("与上面相同的终结点")
                .buildClient();

        ConfigurationSetting retrievedSetting = client.getConfigurationSetting("/application/app-service/appconfig.appUrl", "local");

        System.out.println(retrievedSetting.toString()); // 正常工作
    }
}

但是这些配置在 Spring Boot 3.x 中工作不正常。

有人能指出我可能做错了什么或可能出现了什么问题吗?

提前感谢。

英文:

I am facing issues connecting to azure app configuration with User Managed Identity.

  • The issue that I am getting is:

    com.microsoft.aad.msal4j.MsalAzureSDKException: java.util.concurrent.ExecutionException: com.azure.identity.CredentialUnavailableException: ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, Network is unreachable: no further information.

I am using below dependency in my spring boot application:

implementation ('com.azure.spring:azure-spring-cloud-appconfiguration-config-web:2.11.0') 

My bootstrap.yml looks like this:

spring:
  application:
    name: app-service
    version: 0.0.1
  cloud:
    azure:
      appconfiguration:
        enabled: ${APP_CONFIGURATION_ENABLED} // true
        managed-identity:
          client-id: ${AZURE_CLIENT_ID}  // some valid client_id, created on azure portal
        stores:
          - endpoint: ${AZURE_END_POINT} // some valid endpoint

Please note i have created sample configurations on my azure portal and also exported AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID properties as environment variables containing valid values.

I am using spring boot version 3.1.0 and have been following this doc:

https://learn.microsoft.com/en-us/java/api/overview/azure/spring-cloud-starter-appconfiguration-config-readme?view=azure-java-stable

The same set of configurations works fine in plain Java, by creating beans explicitily like this:

public class Main {
    public static void main(String[] args) {

        TokenCredential credential = new DefaultAzureCredentialBuilder().build();

        ConfigurationClient client = new ConfigurationClientBuilder()
                .credential(credential)
                .endpoint("same endpoint as used above")
                .buildClient();

        ConfigurationSetting retrievedSetting = client.getConfigurationSetting("/application/app-service/appconfig.appUrl", "local");

        System.out.println(retrievedSetting.toString()); // works fine
    }
}

but these configurations doesn't work well with spring boot 3.x.

Can anyone point what probably i am doing wrong or what could be the issue here.

Thanks in advance.

答案1

得分: 1

要使其生效,代码必须在具有托管标识的进程中运行。当您在本地运行Spring Boot应用程序时,您没有这个。

Java代码能够工作的原因是它使用了已登录用户的凭据。

要将Spring Boot应用程序部署到Azure应用服务,请参阅:https://learn.microsoft.com/en-us/training/modules/deploy-java-spring-boot-app-service-mysql/

英文:

For this to work the code must be running in a process that has a managed identity. When you are running your spring boot application locally you do not have this.

The reason why the java code works it that it is using credentials of the logged on user.

To delpoy your spring boot application to Azure App Service see: https://learn.microsoft.com/en-us/training/modules/deploy-java-spring-boot-app-service-mysql/

huangapple
  • 本文由 发表于 2023年5月29日 17:14:15
  • 转载请务必保留本文链接:https://go.coder-hub.com/76356058.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定