Azure / azure-sdk-for-net

This repository is for active development of the Azure SDK for .NET. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/dotnet/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-net.
MIT License
5.46k stars 4.8k forks source link

[BUG] NullReferenceException when calling KeyClient.GetKeyAsync #46484

Open oleksandr-andrusenko opened 3 weeks ago

oleksandr-andrusenko commented 3 weeks ago

Library name and version

Azure.Security.KeyVault.Keys 4.6.0

Describe the bug

When calling the KeyClient.GetKeyAsync method to retrieve a key from a key vault, the NullReferenceException is thrown. This happens rarely and doesn't seem to be deterministic.

Stack trace:

"System.NullReferenceException: Object reference not set to an instance of an object."
"   at Azure.Security.KeyVault.ChallengeBasedAuthenticationPolicy.AuthorizeRequestOnChallengeAsyncInternal(HttpMessage message, Boolean async)"
"   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)"
"   at Azure.Core.Pipeline.RedirectPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)"
"   at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)"
"   at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)"
"   at Azure.Core.Pipeline.HttpPipeline.SendRequestAsync(Request request, CancellationToken cancellationToken)"
"   at Azure.Security.KeyVault.KeyVaultPipeline.SendRequestAsync(Request request, CancellationToken cancellationToken)"
"   at Azure.Security.KeyVault.KeyVaultPipeline.SendRequestAsync[TResult](RequestMethod method, Func`1 resultFactory, CancellationToken cancellationToken, String[] path)"
"   at Azure.Security.KeyVault.Keys.KeyClient.GetKeyAsync(String name, String version, CancellationToken cancellationToken)"

Expected behavior

The KeyClient.GetKeyAsync should return the key if it exists.

Actual behavior

The KeyClient.GetKeyAsync throws a NullRefereceException

Reproduction Steps

We encountered the issue only once or twice in the last month in production, and unfortunately, I cannot/am not sure how to reproduce it. I tried to pass corrupted and null values as credentials or key name, but getting other errors that are expected. I assume the NullReferenceException happens internally in some edge cases that do not depend on the input parameters.

We initialize the client in the following way

// keyVaultName, tenantId, clientId and clientSecret are coming from configuration
var vaultUri = new Uri($"https://{keyVaultName}.vault.azure.net/");
var credentials = new ClientSecretCredential(tenantId, clientId, clientSecret);
var client = new KeyClient(vaultUri, credentials);

And just call GetKeyAsync

KeyVaultKey key = await client.GetKeyAsync(keyName);

Environment

AKS cluster: v1.30.4 Node image version: AKSUbuntu-2204gen2containerd-202409.23.0 Application base image: mcr.microsoft.com/dotnet/runtime-deps:8.0-alpine

github-actions[bot] commented 3 weeks ago

Thank you for your feedback. Tagging and routing to the team member best able to assist.

JonathanCrd commented 2 weeks ago

Thank you for submitting this bug report. We have noted your issue and will investigate it. Should you encounter this problem again, please let us know.