search

microsoft / spring-cloud-azure

Spring Cloud Azure is an open-source project that provides seamless Spring integration with Azure services.
https://microsoft.github.io/spring-cloud-azure
MIT License
217 stars 105 forks source link

Not able to use user assigned managed identity while using spring-azure-cloud-appconfiguration-web dependency #1060

Closed Tri16 closed 1 year ago

Tri16 commented 1 year ago

Hi, I am trying to connect my local springboot application(inside azure VM) with azure app configuration with user-assigned managed identity using following dependency

<dependency>
<groupId>com.azure.spring</groupId>
<artifactId>spring-cloud-azure-feature-management-web</artifactId>
<version>4.10.0</version>
<dependency>
<groupId>com.azure.spring spring-cloud-azure-appconfiguration-config-web 4.10.0

and have provided following bootstrap.properties

spring.cloud.azure.appconfiguration.stores[0].endpoint=
spring.cloud.azure.appconfiguration.stores[0].managed-identity.client-id=< user-assigned-managed-identity client-id>

and on application start up getting following error:

2023-09-14 05:49:36.833 DEBUG 12032 --- [ main] c.azure.identity.EnvironmentCredential : Azure Identity => Found the following environment variables:
2023-09-14 05:49:36.874 DEBUG 12032 --- [ main] c.azure.identity.EnvironmentCredential : Azure Identity => ERROR in EnvironmentCredential: Missing required environment variable AZURE_CLIENT_ID
2023-09-14 05:49:37.075 DEBUG 12032 --- [ main] c.a.identity.ManagedIdentityCredential : Azure Identity => Found the following environment variables:
2023-09-14 05:49:37.077 DEBUG 12032 --- [ main] c.a.identity.SharedTokenCacheCredential : Azure Identity => Found the following environment variables:

. ____ _ __ _ _
/\ / ' __ _ () __ __ _ \ \ \
( ( )__ | '_ | '| | ' / ` | \ \ \
\/ )| |)| | | | | || (| | ) ) ) )
' || .__|| ||| |_, | / / / /
=========||==============|/=////
:: Spring Boot :: (v2.6.9)

2023-09-14 05:49:37.313 DEBUG 12032 --- [ main] .f.AbstractAzureHttpClientBuilderFactory : No HTTP retry properties available.
2023-09-14 05:49:37.314 DEBUG 12032 --- [ main] s.c.c.i.c.AzureHttpProxyOptionsConverter : Proxy hostname or port is not set.
2023-09-14 05:49:37.314 DEBUG 12032 --- [ main] .f.AbstractAzureHttpClientBuilderFactory : No HTTP proxy properties available.
2023-09-14 05:49:37.316 DEBUG 12032 --- [ main] AbstractAzureServiceClientBuilderFactory : No authentication credential configured for class ConfigurationClientBuilder.
2023-09-14 05:49:37.316 INFO 12032 --- [ main] AbstractAzureServiceClientBuilderFactory : Will configure the default credential of type DefaultAzureCredential for class com.azure.data.appconfiguration.ConfigurationClientBuilder.
2023-09-14 05:49:37.326 DEBUG 12032 --- [ main] c.a.core.implementation.util.Providers : Using com.azure.core.http.netty.NettyAsyncHttpClientProvider as the default com.azure.core.http.HttpClientProvider.
2023-09-14 05:49:37.579 DEBUG 12032 --- [ main] .i.AppConfigurationReplicaClientsBuilder : Connecting to https://armtestac.azconfig.io/ using Azure System Assigned Identity or Azure User Assigned Identity.
2023-09-14 05:49:37.582 DEBUG 12032 --- [ main] c.a.identity.ManagedIdentityCredential : Azure Identity => Found the following environment variables:
2023-09-14 05:49:39.649 DEBUG 12032 --- [ Thread-2] c.a.c.i.ReflectionSerializable : XmlSerializable serialization and deserialization isn't supported. If it is required add a dependency of 'com.azure:azure-xml', or another dependencies which include 'com.azure:azure-xml' as a transitive dependency. If your application runs as expected this informational message can be ignored.
2023-09-14 05:49:39.683 INFO 12032 --- [ Thread-2] c.a.identity.ManagedIdentityCredential : Azure Identity => Managed Identity environment: AZURE VM IMDS ENDPOINT
2023-09-14 05:49:39.683 INFO 12032 --- [ Thread-2] c.a.identity.ManagedIdentityCredential : Azure Identity => getToken() result for scopes [https://armtestac.azconfig.io/.default]: SUCCESS
2023-09-14 05:49:39.684 INFO 12032 --- [ main] c.a.c.implementation.AccessTokenCache : {"az.sdk.message":"Acquired a new access token."}
2023-09-14 05:49:39.764 ERROR 12032 --- [ main] c.a.c.i.http.rest.RestProxyBase : Status code 403, (empty body)

com.azure.core.exception.HttpResponseException: Status code 403, (empty body)
at com.azure.core.implementation.http.rest.RestProxyBase.instantiateUnexpectedException(RestProxyBase.java:337) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.implementation.http.rest.SyncRestProxy.ensureExpectedStatus(SyncRestProxy.java:125) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.implementation.http.rest.SyncRestProxy.handleRestReturnType(SyncRestProxy.java:213) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.implementation.http.rest.SyncRestProxy.invoke(SyncRestProxy.java:81) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.implementation.http.rest.RestProxyBase.invoke(RestProxyBase.java:109) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.http.rest.RestProxy.invoke(RestProxy.java:91) ~[azure-core-1.41.0.jar:1.41.0]
at jdk.proxy2/jdk.proxy2.$Proxy38.listKeyValues(Unknown Source) ~[na:na]
at com.azure.data.appconfiguration.implementation.ConfigurationClientImpl.listConfigurationSettingsSinglePage(ConfigurationClientImpl.java:747) ~[azure-data-appconfiguration-1.4.7.jar:1.4.7]
at com.azure.data.appconfiguration.implementation.ConfigurationClientImpl.lambda$listConfigurationSettings$24(ConfigurationClientImpl.java:616) ~[azure-data-appconfiguration-1.4.7.jar:1.4.7]
at com.azure.core.http.rest.PagedIterable.lambda$new$1(PagedIterable.java:158) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.util.paging.ContinuablePagedByIteratorBase.requestPage(ContinuablePagedByIteratorBase.java:104) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.util.paging.ContinuablePagedByItemIterable$ContinuablePagedByItemIterator.(ContinuablePagedByItemIterable.java:83) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.util.paging.ContinuablePagedByItemIterable.iterator(ContinuablePagedByItemIterable.java:58) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.util.paging.ContinuablePagedIterable.iterator(ContinuablePagedIterable.java:141) ~[azure-core-1.41.0.jar:1.41.0]
at java.base/java.lang.Iterable.forEach(Iterable.java:74) ~[na:na]
at com.azure.spring.cloud.appconfiguration.config.implementation.AppConfigurationReplicaClient.listSettings(AppConfigurationReplicaClient.java:125) ~[spring-cloud-azure-appconfiguration-config-4.10.0.jar:4.10.0]
at com.azure.spring.cloud.appconfiguration.config.implementation.AppConfigurationFeatureManagementPropertySource.initProperties(AppConfigurationFeatureManagementPropertySource.java:99) ~[spring-cloud-azure-appconfiguration-config-4.10.0.jar:4.10.0]
at com.azure.spring.cloud.appconfiguration.config.implementation.AppConfigurationPropertySourceLocator.create(AppConfigurationPropertySourceLocator.java:266) ~[spring-cloud-azure-appconfiguration-config-4.10.0.jar:4.10.0]
at com.azure.spring.cloud.appconfiguration.config.implementation.AppConfigurationPropertySourceLocator.locate(AppConfigurationPropertySourceLocator.java:126) ~[spring-cloud-azure-appconfiguration-config-4.10.0.jar:4.10.0]
at org.springframework.cloud.bootstrap.config.PropertySourceLocator.locateCollection(PropertySourceLocator.java:51) ~[spring-cloud-context-3.1.6.jar:3.1.6]
at org.springframework.cloud.bootstrap.config.PropertySourceLocator.locateCollection(PropertySourceLocator.java:47) ~[spring-cloud-context-3.1.6.jar:3.1.6]
at org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration.initialize(PropertySourceBootstrapConfiguration.java:95) ~[spring-cloud-context-3.1.6.jar:3.1.6]
at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:618) ~[spring-boot-2.6.9.jar:2.6.9]
at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:385) ~[spring-boot-2.6.9.jar:2.6.9]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:306) ~[spring-boot-2.6.9.jar:2.6.9]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1317) ~[spring-boot-2.6.9.jar:2.6.9]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1306) ~[spring-boot-2.6.9.jar:2.6.9]
at com.tcs.isn.Application.main(Application.java:25) ~[classes/:na]

2023-09-14 05:49:39.771 ERROR 12032 --- [ main] c.a.c.i.http.rest.RestProxyBase : Status code 403, (empty body)

com.azure.core.exception.HttpResponseException: Status code 403, (empty body)
at com.azure.core.implementation.http.rest.RestProxyBase.instantiateUnexpectedException(RestProxyBase.java:337) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.implementation.http.rest.SyncRestProxy.ensureExpectedStatus(SyncRestProxy.java:125) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.implementation.http.rest.SyncRestProxy.handleRestReturnType(SyncRestProxy.java:213) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.implementation.http.rest.SyncRestProxy.invoke(SyncRestProxy.java:81) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.implementation.http.rest.RestProxyBase.invoke(RestProxyBase.java:109) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.http.rest.RestProxy.invoke(RestProxy.java:91) ~[azure-core-1.41.0.jar:1.41.0]
at jdk.proxy2/jdk.proxy2.$Proxy38.listKeyValues(Unknown Source) ~[na:na]
at com.azure.data.appconfiguration.implementation.ConfigurationClientImpl.listConfigurationSettingsSinglePage(ConfigurationClientImpl.java:747) ~[azure-data-appconfiguration-1.4.7.jar:1.4.7]
at com.azure.data.appconfiguration.implementation.ConfigurationClientImpl.lambda$listConfigurationSettings$24(ConfigurationClientImpl.java:616) ~[azure-data-appconfiguration-1.4.7.jar:1.4.7]
at com.azure.core.http.rest.PagedIterable.lambda$new$1(PagedIterable.java:158) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.util.paging.ContinuablePagedByIteratorBase.requestPage(ContinuablePagedByIteratorBase.java:104) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.util.paging.ContinuablePagedByItemIterable$ContinuablePagedByItemIterator.(ContinuablePagedByItemIterable.java:83) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.util.paging.ContinuablePagedByItemIterable.iterator(ContinuablePagedByItemIterable.java:58) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.util.paging.ContinuablePagedIterable.iterator(ContinuablePagedIterable.java:141) ~[azure-core-1.41.0.jar:1.41.0]
at java.base/java.lang.Iterable.forEach(Iterable.java:74) ~[na:na]
at com.azure.spring.cloud.appconfiguration.config.implementation.AppConfigurationReplicaClient.listSettings(AppConfigurationReplicaClient.java:125) ~[spring-cloud-azure-appconfiguration-config-4.10.0.jar:4.10.0]
at com.azure.spring.cloud.appconfiguration.config.implementation.AppConfigurationFeatureManagementPropertySource.initProperties(AppConfigurationFeatureManagementPropertySource.java:99) ~[spring-cloud-azure-appconfiguration-config-4.10.0.jar:4.10.0]
at com.azure.spring.cloud.appconfiguration.config.implementation.AppConfigurationPropertySourceLocator.create(AppConfigurationPropertySourceLocator.java:266) ~[spring-cloud-azure-appconfiguration-config-4.10.0.jar:4.10.0]
at com.azure.spring.cloud.appconfiguration.config.implementation.AppConfigurationPropertySourceLocator.locate(AppConfigurationPropertySourceLocator.java:126) ~[spring-cloud-azure-appconfiguration-config-4.10.0.jar:4.10.0]
at org.springframework.cloud.bootstrap.config.PropertySourceLocator.locateCollection(PropertySourceLocator.java:51) ~[spring-cloud-context-3.1.6.jar:3.1.6]
at org.springframework.cloud.bootstrap.config.PropertySourceLocator.locateCollection(PropertySourceLocator.java:47) ~[spring-cloud-context-3.1.6.jar:3.1.6]
at org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration.initialize(PropertySourceBootstrapConfiguration.java:95) ~[spring-cloud-context-3.1.6.jar:3.1.6]
at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:618) ~[spring-boot-2.6.9.jar:2.6.9]
at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:385) ~[spring-boot-2.6.9.jar:2.6.9]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:306) ~[spring-boot-2.6.9.jar:2.6.9]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1317) ~[spring-boot-2.6.9.jar:2.6.9]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1306) ~[spring-boot-2.6.9.jar:2.6.9]
at com.tcs.isn.Application.main(Application.java:25) ~[classes/:na]

2023-09-14 05:49:39.772 ERROR 12032 --- [ main] .i.AppConfigurationPropertySourceLocator : Fail fast is set and there was an error reading configuration from Azure App Configuration store https://armktestacs.azconfig.io/
2023-09-14 05:49:41.689 ERROR 12032 --- [ main] o.s.boot.SpringApplication : Application run failed

java.lang.RuntimeException: Failed to generate property sources for https://armktestacs.azconfig.io/
at com.azure.spring.cloud.appconfiguration.config.implementation.AppConfigurationPropertySourceLocator.failedToGeneratePropertySource(AppConfigurationPropertySourceLocator.java:236) ~[spring-cloud-azure-appconfiguration-config-4.10.0.jar:4.10.0]
at com.azure.spring.cloud.appconfiguration.config.implementation.AppConfigurationPropertySourceLocator.locate(AppConfigurationPropertySourceLocator.java:137) ~[spring-cloud-azure-appconfiguration-config-4.10.0.jar:4.10.0]
at org.springframework.cloud.bootstrap.config.PropertySourceLocator.locateCollection(PropertySourceLocator.java:51) ~[spring-cloud-context-3.1.6.jar:3.1.6]
at org.springframework.cloud.bootstrap.config.PropertySourceLocator.locateCollection(PropertySourceLocator.java:47) ~[spring-cloud-context-3.1.6.jar:3.1.6]
at org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration.initialize(PropertySourceBootstrapConfiguration.java:95) ~[spring-cloud-context-3.1.6.jar:3.1.6]
at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:618) ~[spring-boot-2.6.9.jar:2.6.9]
at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:385) ~[spring-boot-2.6.9.jar:2.6.9]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:306) ~[spring-boot-2.6.9.jar:2.6.9]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1317) ~[spring-boot-2.6.9.jar:2.6.9]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1306) ~[spring-boot-2.6.9.jar:2.6.9]
at com.tcs.isn.Application.main(Application.java:25) ~[classes/:na]
Caused by: com.azure.core.exception.HttpResponseException: Status code 403, (empty body)
at com.azure.core.implementation.http.rest.RestProxyBase.instantiateUnexpectedException(RestProxyBase.java:337) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.implementation.http.rest.SyncRestProxy.ensureExpectedStatus(SyncRestProxy.java:125) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.implementation.http.rest.SyncRestProxy.handleRestReturnType(SyncRestProxy.java:213) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.implementation.http.rest.SyncRestProxy.invoke(SyncRestProxy.java:81) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.implementation.http.rest.RestProxyBase.invoke(RestProxyBase.java:109) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.http.rest.RestProxy.invoke(RestProxy.java:91) ~[azure-core-1.41.0.jar:1.41.0]
at jdk.proxy2/jdk.proxy2.$Proxy38.listKeyValues(Unknown Source) ~[na:na]
at com.azure.data.appconfiguration.implementation.ConfigurationClientImpl.listConfigurationSettingsSinglePage(ConfigurationClientImpl.java:747) ~[azure-data-appconfiguration-1.4.7.jar:1.4.7]
at com.azure.data.appconfiguration.implementation.ConfigurationClientImpl.lambda$listConfigurationSettings$24(ConfigurationClientImpl.java:616) ~[azure-data-appconfiguration-1.4.7.jar:1.4.7]
at com.azure.core.http.rest.PagedIterable.lambda$new$1(PagedIterable.java:158) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.util.paging.ContinuablePagedByIteratorBase.requestPage(ContinuablePagedByIteratorBase.java:104) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.util.paging.ContinuablePagedByItemIterable$ContinuablePagedByItemIterator.(ContinuablePagedByItemIterable.java:83) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.util.paging.ContinuablePagedByItemIterable.iterator(ContinuablePagedByItemIterable.java:58) ~[azure-core-1.41.0.jar:1.41.0]
at com.azure.core.util.paging.ContinuablePagedIterable.iterator(ContinuablePagedIterable.java:141) ~[azure-core-1.41.0.jar:1.41.0]
at java.base/java.lang.Iterable.forEach(Iterable.java:74) ~[na:na]
at com.azure.spring.cloud.appconfiguration.config.implementation.AppConfigurationReplicaClient.listSettings(AppConfigurationReplicaClient.java:125) ~[spring-cloud-azure-appconfiguration-config-4.10.0.jar:4.10.0]
at com.azure.spring.cloud.appconfiguration.config.implementation.AppConfigurationFeatureManagementPropertySource.initProperties(AppConfigurationFeatureManagementPropertySource.java:99) ~[spring-cloud-azure-appconfiguration-config-4.10.0.jar:4.10.0]
at com.azure.spring.cloud.appconfiguration.config.implementation.AppConfigurationPropertySourceLocator.create(AppConfigurationPropertySourceLocator.java:266) ~[spring-cloud-azure-appconfiguration-config-4.10.0.jar:4.10.0]
at com.azure.spring.cloud.appconfiguration.config.implementation.AppConfigurationPropertySourceLocator.locate(AppConfigurationPropertySourceLocator.java:126) ~[spring-cloud-azure-appconfiguration-config-4.10.0.jar:4.10.0]
... 9 common frames omitted

Please let me know what I am missing, I have verified that the configuration are correctly done on azure portal, regarding permissions to app config

saragluna commented 1 year ago

@mrm9084 please help take a look.

mrm9084 commented 1 year ago

@Tri16 where did you get that version path for the manage identity, it seems to be the old value. See https://github.com/Azure/azure-sdk-for-java/tree/main/sdk/spring/spring-cloud-azure-starter-appconfiguration-config#use-managed-identity-to-access-app-configuration

saragluna commented 1 year ago

Closing in favor of https://github.com/Azure/azure-sdk-for-java/issues/36760.