search

dapr / dotnet-sdk

Dapr SDK for .NET
Apache License 2.0
1.11k stars 335 forks source link

Azure Keyvault not loaded by Dapr Client during Asp net core web api app start #1307

Closed ZenwalkerD closed 4 months ago

ZenwalkerD commented 4 months ago

Ask your question here

In Azure Container apps; i have configured the Dapr Components and have assigned all System Identity permissions as shown: image

In the ASP Net Core WebApi Startup or program.cs i have added below code:

 public static void Main(string[] args)
 {
     var builder = WebApplication.CreateBuilder(args);

     // Add services to the container.

     builder.Services.AddControllers();
     // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
     builder.Services.AddEndpointsApiExplorer();
     builder.Services.AddSwaggerGen();
     builder.Configuration.AddDaprSecretStore("keyvault", new DaprClientBuilder().Build(), TimeSpan.FromMinutes(1));

     var app = builder.Build();

And i have a controller as shown:

[Route("api/[controller]")]
 [ApiController]
 public class HelloController : ControllerBase
 {
     IConfiguration m_Configuration;

     public HelloController(IConfiguration configuration)
     {
         m_Configuration = configuration;
     }

     // GET: api/<HelloController>
     [HttpGet]
     public IActionResult Get()
     {
         //using var client = new DaprClientBuilder().Build();
         //var result = client.GetBulkSecretAsync("keyvault").Result;

         return Ok(JsonSerializer.Serialize<IConfiguration>(m_Configuration));
     }
 }

if i deploy above app in a container to container apps; it successfully deploys and when i visit/shoot API GET /api/hello then response is Empty i.e IConfiguration is empty

However; when i remove below line from Program.cs builder.Configuration.AddDaprSecretStore("keyvault", new DaprClientBuilder().Build(), TimeSpan.FromMinutes(1));

and uncomment below line in Controller Method:

 //using var client = new DaprClientBuilder().Build();
         //var result = client.GetBulkSecretAsync("keyvault").Result;

and then deploy. Upon shooting the same endpoint; the keyvault data is loaded and response is correct.

What am i doing wrong? Basically i want the IConfiguraiton to be filled in with all KeyVault data during application start.

.NET 8.0 Dapr.AspNetCore 1.13.1 Dapr.Extensions.Configuration 1.13.1

Thanks

philliphoff commented 4 months ago

@ZenwalkerD I would expect to see some configuration values in the response, even if not those from Key Vault. ASP.NET infrastructure typically populates a number of them. I suspect that they're just not being output properly; if I use the same code, I also see no configuration values in the response (despite the IConfiguration instance verified in the debugger to have many values). I suspect that the JSON serializer just doesn't know how to deal with IConfiguration as it has no properties. If, instead, I use:

        return Ok(JsonSerializer.Serialize(_configuration.AsEnumerable()));

I get a response that better matches what I expect. I would look at doing the same and see if your secrets are, in fact, being loaded.

ZenwalkerD commented 4 months ago

@ZenwalkerD I would expect to see some configuration values in the response, even if not those from Key Vault. ASP.NET infrastructure typically populates a number of them. I suspect that they're just not being output properly; if I use the same code, I also see no configuration values in the response (despite the IConfiguration instance verified in the debugger to have many values). I suspect that the JSON serializer just doesn't know how to deal with IConfiguration as it has no properties. If, instead, I use:

        return Ok(JsonSerializer.Serialize(_configuration.AsEnumerable()));

I get a response that better matches what I expect. I would look at doing the same and see if your secrets are, in fact, being loaded.

Thank you. It works. My bad :(