Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User Assigned Identity fails with spring-cloud-azure-appconfiguration-config-web 4.8.0 #963

Open
ajpogue opened this issue Jul 3, 2023 · 2 comments
Open

User Assigned Identity fails with spring-cloud-azure-appconfiguration-config-web 4.8.0 #963

ajpogue opened this issue Jul 3, 2023 · 2 comments

Comments

@ajpogue
Copy link

ajpogue commented Jul 3, 2023
edited by saragluna

I’ve been trying to get my Spring Boot service running in Azure App Service to use Azure App Configuration service to get configuration parameters. The app service uses a User Assigned Identity. Through a lot of trial and error, I have gotten it to work, but it only works with an old version of the app config package. Also noticed that in the docker logs the MSI container is not starting as expected:

If I use the following dependency in my project, it works:

dependency
groupId com.azure.spring/groupId
artifactId azure-spring-cloud-appconfiguration-config-web
/artifactId
version 2.11.0 /version
/dependency

But it seems that the above version is deprecated in favor of this dependency for Spring Boot (2.x):

dependency
groupId com.azure.spring
/groupId
artifactId  spring-cloud-azure-appconfiguration-config-web /artifactId
version 4.8.0 /version 
/dependency

I have also tried updating the app to Spring Boot (3.x) with no luck.

If I update the package, the deployment fails on startup with
2023-06-19T15:37:12.539956477Z: [INFO]  2023-06-19 15:37:12.536 DEBUG 296 --- [           main] c.a.identity.ManagedIdentityCredential   : Azure Identity => Found the following environment variables: MSI_ENDPOINT, MSI_SECRET, AZURE_TENANT_ID
2023-06-19T15:37:20.230369505Z: [INFO]  2023-06-19 15:37:20.229 ERROR 296 --- [onPool-worker-1] c.a.identity.ManagedIdentityCredential   : Azure Identity => ERROR in getToken() call for scopes [https://XXX.azconfig.io/.default]: Managed Identity authentication is not available.
2023-06-19T15:37:20.239206040Z: [INFO]  2023-06-19 15:37:20.238 ERROR 296 --- [onPool-worker-1] c.a.c.implementation.AccessTokenCache    : {"az.sdk.message":"Failed to acquire a new access token.","exception":"Managed Identity authentication is not available."}

(Note that we are using Spring Boot 2.x because Azure Spring Data Cosmos does not support Spring Boot 3.x at this time (per https://github.com/Azure/azure-sdk-for-java/tree/main/sdk/spring/azure-spring-data-cosmos#spring-boot-version-support). According to this other Spring Version mapping, I should be able to use Spring Cloud Azure version 4.x.x with Spring Boot 2.7.x: https://github.com/Azure/azure-sdk-for-java/wiki/Spring-Versions-Mapping#which-version-of-spring-cloud-azure-should-i-use

According to this site, https://learn.microsoft.com/en-us/azure/azure-app-configuration/howto-convert-to-the-new-spring-boot?tabs=spring-boot-2 I should be able to run with the 4.8.0 version of Spring Cloud Azure. Can you advise?

I also opened a support case 2306190040007997, but have heard the sdk is primarily supported through github.

pom.xml.txt
@saragluna
Copy link
Contributor

What does the application.proeprties look like?

@mrm9084
Copy link

mrm9084 commented Jul 18, 2023

@ajpogue how are you providing the User Assigned Identity?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mrm9084 @saragluna @ajpogue