Open Juraj2 opened 10 months ago
Facing the same issue with AzureAppConfigurationBuilder. Able to load the AppConfig values just fine, however when reading App Configuration Key-value references that reference Key Vault it always uses the default credential which throws a Azure.RequestFailedException.
We are using a CheinedTokenCredential to gain access to the Azure Resource, but unable to use the overridden GetCredential() method as it defaults to the DefaultAzureCredential().
Any progress made on this issue?
I implemented the fix for it. I am waiting for the pull request approval so it gets to the next release.
AzureAppConfigurationBuilder uses hardcoded DefaultAzureCredential() to read Key Vault but should use existing GetCredential()
AzureAppConfigurationBuilder.cs always uses DefaultAzureCredential() when reading App Configuration
Key-value references
toKey Vault
. It should use already existing virtual method GetCredential() instead.Functional impact
Classes that inherit from
AzureAppConfigurationBuilder
and override theprotected virtual TokenCredential GetCredential()
still cannot influence whichTokenCredential
is used when reading App Configuration values that are referencingKey Vault
.Expected result
When classes that inherit from
AzureAppConfigurationBuilder
override theprotected virtual TokenCredential GetCredential()
then theGetCredential()
should also be used for App ConfigurationKey-value references
toKey Vault
Actual result
When classes that inherit from
AzureAppConfigurationBuilder
override theprotected virtual TokenCredential GetCredential()
then theGetCredential()
is only used to readKey-values
from App Configuration. But when reading App ConfigurationKey-value references
that referenceKey Vault
then always the hardcodednew DefaultAzureCredential()
is used.Further technical details
There is a bug in the code in AzureAppConfigurationBuilder.cs in private SecretClient GetSecretClient() method. It should use already existing virtual method GetCredential() instead of hardcoded
new DefaultAzureCredential()
- the same way as it is used in AzureKeyVaultConfigBuilder.cs