Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Go through all Kafka passwordless quickstart/migration-guide to make sure following them can work #30800

Closed
saragluna opened this issue Sep 6, 2022 · 34 comments
Closed

Go through all Kafka passwordless quickstart/migration-guide to make sure following them can work #30800

saragluna opened this issue Sep 6, 2022 · 34 comments
Assignees
@chenrujun
Labels
azure-spring All azure-spring related issues azure-spring-docs Docs
Milestone
2022-10

Comments

@saragluna
Copy link
Member

saragluna commented Sep 6, 2022
edited

Context

With all Kafka passwordless-doc being finished, we should check the readability and correctness of those docs.

Goal

Go through the docs in the below PRs to make sure it is easy to understand and execute, and all the commands are correct and operational.
@saragluna saragluna assigned yiliuTo and chenrujun and unassigned yiliuTo Sep 6, 2022
@saragluna saragluna added this to the 2022-10 milestone Sep 6, 2022
@yiliuTo yiliuTo added the Docs label Sep 7, 2022
@chenrujun
Copy link

Information update:

  1. Link to PR: https://github.com/MicrosoftDocs/azure-dev-docs-pr/pull/3583
  2. Link to quick start: https://review.docs.microsoft.com/en-us/azure/developer/java/spring-framework/configure-spring-cloud-stream-binder-java-app-kafka-azure-event-hub?branch=pr-en-us-3583&tabs=passwordless
  3. Link to migration-guide: https://review.docs.microsoft.com/en-us/azure/developer/java/spring-framework/migrate-kafka-to-passwordless-connection?branch=pr-en-us-3583&tabs=azure-portal-permission%2Csign-in-azure-cli%2Cjava-kafka%2Cservice-connector-portal%2Cservice-connector-cli%2Cassign-role-service-connector

@chenrujun
Copy link

chenrujun commented Sep 16, 2022
edited

Quick start feedback:

Link to quick start: https://review.docs.microsoft.com/en-us/azure/developer/java/spring-framework/configure-spring-cloud-stream-binder-java-app-kafka-azure-event-hub?branch=pr-en-us-3583&tabs=passwordless

  1. Add link to Azure Active Directory (Azure AD) authentication and Shared Access Signatures (SAS) authentication.
    image

1.1. Azure Active Directory (Azure AD) authentication
https://docs.microsoft.com/en-us/azure/event-hubs/authenticate-application or
https://docs.microsoft.com/en-us/azure/event-hubs/authenticate-managed-identity?tabs=latest
1.2. Shared Access Signatures (SAS) authentication
https://docs.microsoft.com/en-us/azure/event-hubs/authenticate-shared-access-signature

  1. This sentence is not right:
    image

Event Hubs provides an endpoint compatible with the Apache Kafka® producer and consumer APIs. This quick start is not using Apache Kafka.

My suggestion:

This article shows you how to develop a Spring Boot application that can send and receive messages in Azure Event Hubs for Kafka by spring-cloud-stream-binder-kafka.

  1. Error in command:
    image
    Lack / at the end of the first line.

  2. Add links:
    image

  3. I faced path problem about git bash:
    image

This problem has been solved by this:

export MSYS_NO_PATHCONV=1

Refs: https://github.com/git-for-windows/build-extra/blob/main/ReleaseNotes.md

We can write this down in the doc in case other reader face the same problem.

  1. Change 4.3.0 to spring-cloud-azure-dependencies:4.3.0 (I prefer this one) or Spring Cloud Azure: 4.3.0
    image

  2. Delete implementation detail in the quick start guide. Move it to reference doc if necessary.
    image

  3. For version after -> Since. 4.4.0 -> spring-cloud-azure-dependencies:4.4.0. Delete unnecessary description.
    image

@chenrujun
Copy link

chenrujun commented Sep 16, 2022
edited

Feedback of Migration guide

Link to migration-guide: https://review.docs.microsoft.com/en-us/azure/developer/java/spring-framework/migrate-kafka-to-passwordless-connection?branch=pr-en-us-3583&tabs=azure-portal-permission%2Csign-in-azure-cli%2Cjava-kafka%2Cservice-connector-portal%2Cservice-connector-cli%2Cassign-role-service-connector

  1. after -> since.
    image

BTW, why this feature is not written in the changelog? https://github.com/Azure/azure-sdk-for-java/blob/main/sdk/spring/CHANGELOG.md

  1. The support for passwordless connections is enabled -> The passwordless connections is supported. Before 4.3.0, this feature is not existed instead of not enabled.
    image

  2. source control -> source code
    image

  3. Uniform connection / connections. If there is no reason to plural, I suggest using connection in all places.
    image

  4. in the application, its configuration files, or in environment variables -> in application's configuration files or in environment variables
    image

  5. Azure Managed Identity and Role Based Access Control (RBAC) are not Azure services.
    image

  6. To make less confusing, add link to DefaultAzureCredential when it first appears in this document.
    image

8, Change link from .net to java
image

Current link is about .net: https://review.docs.microsoft.com/en-us/dotnet/api/overview/azure/Identity-readme#defaultazurecredential
We should use link to java sdk: https://docs.microsoft.com/en-us/java/api/overview/azure/Identity-readme?view=azure-java-stable#defaultazurecredential

  1. The content of Introducing passwordless connections is different from page to page.
    image
    image
    To avoid difference, I suggest writing this content in a standalone page, then add link to the page in other pages.

  2. overview -> managed-identity overview, the link text should self-explained. documentation -> page. IMY, documentation consists of many pages. This link is just a page.
    image

  3. The following steps explain how to migrate an existing application to use passwordless connections instead of a SAS solution -> The following steps explain how to migrate an existing application from SAS solution to passwordless connections solution
    image

  4. To make it less confusing, it's better to provide the project before migraion, and the project after migration.
    image
    image

13...
Not finished yet, will continue soon.

@chenrujun chenrujun changed the title Go through all Kafka passwordless migration guide/quickstart/tutorial to make sure by following them can work Go through all Kafka passwordless quickstart/migration-guide to make sure following them can work Sep 19, 2022
@chenrujun
Copy link

  1. Now there is only code after migration. It's better to keep the code before migration at the same time.
    image
    image

Here is code before migration created by myself:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

  <modelVersion>4.0.0</modelVersion>

  <groupId>com.azure.spring.password.less.migration.kafka.java</groupId>
  <artifactId>before-migration</artifactId>
  <version>1.0.0-SNAPSHOT</version>

  <properties>
    <maven.compiler.source>1.8</maven.compiler.source>
    <maven.compiler.target>1.8</maven.compiler.target>
  </properties>

  <dependencies>
    <dependency>
      <groupId>org.apache.kafka</groupId>
      <artifactId>kafka-clients</artifactId>
      <version>3.2.3</version>
    </dependency>
  </dependencies>

</project>
import org.apache.kafka.clients.CommonClientConfigs;
import org.apache.kafka.clients.producer.KafkaProducer;
import org.apache.kafka.clients.producer.Producer;
import org.apache.kafka.clients.producer.ProducerConfig;
import org.apache.kafka.clients.producer.ProducerRecord;
import org.apache.kafka.clients.producer.RecordMetadata;
import org.apache.kafka.common.config.SaslConfigs;
import org.apache.kafka.common.serialization.StringSerializer;

import java.util.Properties;
import java.util.concurrent.Future;

public class BeforeMigrationApplication {

    public static void main(String[] args) {
        try (Producer<String, String> producer = createProducer()) {
            ProducerRecord<String, String> record = new ProducerRecord<>("sample-topic", "sample-key", "sample-value");
            Future<RecordMetadata> future = producer.send(record);
            RecordMetadata metadata = future.get();
            System.out.println(metadata.toString());
        } catch (Exception e) {
            e.printStackTrace();
            System.out.println("Error happened when produce message. " + e);
        }
    }

    private static Producer<String, String> createProducer() {
        String hostName = System.getProperty("hostName");
        String connectionString = System.getProperty("connectionString");

        Properties properties = new Properties();
        properties.put(CommonClientConfigs.BOOTSTRAP_SERVERS_CONFIG, String.format("%s:9093", hostName));
        properties.put(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, "SASL_SSL");
        properties.put(ProducerConfig.KEY_SERIALIZER_CLASS_CONFIG, StringSerializer.class.getName());
        properties.put(ProducerConfig.VALUE_SERIALIZER_CLASS_CONFIG, StringSerializer.class.getName());
        properties.put(SaslConfigs.SASL_MECHANISM, "PLAIN");
        properties.put(SaslConfigs.SASL_JAAS_CONFIG,
                String.format("org.apache.kafka.common.security.plain.PlainLoginModule required username=\"$ConnectionString\" password=\"%s\";", connectionString));

        return new KafkaProducer<>(properties);
    }
}

@chenrujun
Copy link

  1. In current Java tab, it's using org.apache.kafka:kafka-clients. We should add some description about azure-messaging-eventhubs. It's official client to connect to Azure Event Hubs.
    14.1. Can azure-messaging-eventhubs be used to connect to Azure Event Hubs Kafka?
    14,2. If azure-messaging-eventhubs can be used to connect to Azure Event Hubs Kafka, is migration guide necessary here?

@chenrujun
Copy link

  1. It's better not use master branch. Because master branch may change. Use git tag instead.
    image

@chenrujun
Copy link

  1. Use constant value instead of raw string
    image

Here is the code in my localhost:
image

More context:
pom file:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

  <modelVersion>4.0.0</modelVersion>

  <groupId>com.azure.spring.password.less.migration.kafka.java</groupId>
  <artifactId>after-migration</artifactId>
  <version>1.0.0-SNAPSHOT</version>

  <properties>
    <maven.compiler.source>1.8</maven.compiler.source>
    <maven.compiler.target>1.8</maven.compiler.target>
  </properties>

  <dependencies>
    <dependency>
      <groupId>org.apache.kafka</groupId>
      <artifactId>kafka-clients</artifactId>
      <version>3.2.3</version>
    </dependency>
<!--    <dependency>-->
<!--      <groupId>org.apache.kafka</groupId>-->
<!--      <artifactId>kafka_2.12</artifactId>-->
<!--      <version>2.3.1</version>-->
<!--    </dependency>-->
    <dependency>
      <groupId>com.microsoft.azure</groupId>
      <artifactId>azure-client-authentication</artifactId>
      <version>1.6.15</version>
    </dependency>
  </dependencies>

</project>

java code:

import org.apache.kafka.clients.CommonClientConfigs;
import org.apache.kafka.clients.producer.KafkaProducer;
import org.apache.kafka.clients.producer.Producer;
import org.apache.kafka.clients.producer.ProducerRecord;
import org.apache.kafka.clients.producer.RecordMetadata;
import org.apache.kafka.common.config.SaslConfigs;

import java.util.Properties;
import java.util.concurrent.Future;

public class AfterMigrationApplication {

    public static void main(String[] args) {
        try (Producer<String, String> producer = createProducer()) {
            ProducerRecord<String, String> record = new ProducerRecord<>("after-migration-topic", "after-migration--key", "after-migration--value");
            Future<RecordMetadata> future = producer.send(record);
            RecordMetadata metadata = future.get();
            System.out.println(metadata.toString());
        } catch (Exception e) {
            e.printStackTrace();
            System.out.println("Error happened when produce message. " + e);
        }
    }

    private static Producer<String, String> createProducer() {
        String hostName = System.getProperty("hostName");

        Properties properties = new Properties();
        properties.put(CommonClientConfigs.BOOTSTRAP_SERVERS_CONFIG, String.format("%s:9093", hostName));
        properties.put(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, "SASL_SSL");
        properties.put(SaslConfigs.SASL_MECHANISM, "OAUTHBEARER");
        properties.put(SaslConfigs.SASL_JAAS_CONFIG, "org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required");
        properties.put(SaslConfigs.SASL_LOGIN_CALLBACK_HANDLER_CLASS, "CustomAuthenticateCallbackHandler");
        return new KafkaProducer<>(properties);
    }
}

@chenrujun
Copy link

chenrujun commented Sep 19, 2022
edited

  1. Problem: Missing required configuration "key.serializer" which has no default value.
    image

Fixed by adding the 2 properties:

        properties.put(ProducerConfig.KEY_SERIALIZER_CLASS_CONFIG, StringSerializer.class.getName());
        properties.put(ProducerConfig.VALUE_SERIALIZER_CLASS_CONFIG, StringSerializer.class.getName());

image

@chenrujun
Copy link

  1. Problem: JAAS config entry not terminated by semi-colon

image

Fixed by adding semi-colon:
image

@chenrujun
Copy link

chenrujun commented Sep 19, 2022
edited

  1. Problem: NullPointerException when using CREDENTIALS = AzureCliCredentials.create() in CustomAuthenticateCallbackHandler.

Code of CustomAuthenticateCallbackHandler:

import com.microsoft.azure.credentials.AzureCliCredentials;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.JWTParser;
import org.apache.kafka.clients.producer.ProducerConfig;
import org.apache.kafka.common.KafkaException;
import org.apache.kafka.common.security.auth.AuthenticateCallbackHandler;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerToken;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenCallback;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import java.io.IOException;
import java.net.URI;
import java.text.ParseException;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeoutException;

public class CustomAuthenticateCallbackHandler implements AuthenticateCallbackHandler {

    final static AzureCliCredentials CREDENTIALS;

    static {
        try {
            CREDENTIALS = AzureCliCredentials.create();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
    // final static MSICredentials CREDENTIALS = new MSICredentials();
    // Use AppServiceMSICredentials instead for App Service deployment.
    // final static AppServiceMSICredentials CREDENTIALS = new AppServiceMSICredentials(AzureEnvironment.AZURE);

    private String sbUri;

    @Override
    public void configure(Map<String, ?> configs, String mechanism, List<AppConfigurationEntry> jaasConfigEntries) {
        String bootstrapServer = Arrays.asList(configs.get(ProducerConfig.BOOTSTRAP_SERVERS_CONFIG)).get(0).toString();
        bootstrapServer = bootstrapServer.replaceAll("\\[|\\]", "");
        URI uri = URI.create("https://" + bootstrapServer);
        this.sbUri = uri.getScheme() + "://" + uri.getHost();
    }

    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
        for (Callback callback: callbacks) {
            if (callback instanceof OAuthBearerTokenCallback) {
                try {
                    OAuthBearerToken token = getOAuthBearerToken();
                    OAuthBearerTokenCallback oauthCallback = (OAuthBearerTokenCallback) callback;
                    oauthCallback.token(token);
                } catch (InterruptedException | ExecutionException | TimeoutException | ParseException e) {
                    e.printStackTrace();
                }
            } else {
                throw new UnsupportedCallbackException(callback);
            }
        }
    }

    OAuthBearerToken getOAuthBearerToken() throws InterruptedException, ExecutionException, TimeoutException, IOException, ParseException
    {
        String accessToken = CREDENTIALS.getToken(sbUri);
        JWT jwt = JWTParser.parse(accessToken);
        JWTClaimsSet claims = jwt.getJWTClaimsSet();

        return new OAuthBearerTokenImp(accessToken, claims.getExpirationTime());
    }

    public void close() throws KafkaException {
        // NOOP
    }
}

Log:

"C:\Program Files\Java\jdk-11.0.15.1\bin\java.exe" -agentlib:jdwp=transport=dt_socket,address=127.0.0.1:55481,suspend=y,server=n -DhostName=event-hub-namespace-12.servicebus.windows.net -javaagent:C:\Users\rujche\AppData\Local\JetBrains\IdeaIC2022.2\captureAgent\debugger-agent.jar=file:/C:/Users/rujche/AppData/Local/Temp/capture.props -Dfile.encoding=UTF-8 -classpath "C:\Users\rujche\Workspace\git-worktrees\main\azure-spring-boot-samples\password-less-connection-migration-kafka\java\after-migration\target\classes;C:\Users\rujche\.m2\repository\org\apache\kafka\kafka-clients\3.2.3\kafka-clients-3.2.3.jar;C:\Users\rujche\.m2\repository\com\github\luben\zstd-jni\1.5.2-1\zstd-jni-1.5.2-1.jar;C:\Users\rujche\.m2\repository\org\lz4\lz4-java\1.8.0\lz4-java-1.8.0.jar;C:\Users\rujche\.m2\repository\org\xerial\snappy\snappy-java\1.1.8.4\snappy-java-1.1.8.4.jar;C:\Users\rujche\.m2\repository\org\slf4j\slf4j-api\1.7.36\slf4j-api-1.7.36.jar;C:\Users\rujche\.m2\repository\com\microsoft\azure\azure-client-authentication\1.6.15\azure-client-authentication-1.6.15.jar;C:\Users\rujche\.m2\repository\com\microsoft\azure\azure-client-runtime\1.6.15\azure-client-runtime-1.6.15.jar;C:\Users\rujche\.m2\repository\com\microsoft\rest\client-runtime\1.6.15\client-runtime-1.6.15.jar;C:\Users\rujche\.m2\repository\com\google\guava\guava\20.0\guava-20.0.jar;C:\Users\rujche\.m2\repository\com\squareup\retrofit2\retrofit\2.5.0\retrofit-2.5.0.jar;C:\Users\rujche\.m2\repository\com\squareup\okhttp3\okhttp\3.12.2\okhttp-3.12.2.jar;C:\Users\rujche\.m2\repository\com\squareup\okio\okio\1.15.0\okio-1.15.0.jar;C:\Users\rujche\.m2\repository\com\squareup\okhttp3\logging-interceptor\3.12.2\logging-interceptor-3.12.2.jar;C:\Users\rujche\.m2\repository\com\squareup\okhttp3\okhttp-urlconnection\3.12.2\okhttp-urlconnection-3.12.2.jar;C:\Users\rujche\.m2\repository\com\squareup\retrofit2\converter-jackson\2.5.0\converter-jackson-2.5.0.jar;C:\Users\rujche\.m2\repository\com\fasterxml\jackson\core\jackson-databind\2.9.4\jackson-databind-2.9.4.jar;C:\Users\rujche\.m2\repository\com\fasterxml\jackson\datatype\jackson-datatype-joda\2.9.10\jackson-datatype-joda-2.9.10.jar;C:\Users\rujche\.m2\repository\com\fasterxml\jackson\core\jackson-annotations\2.9.10\jackson-annotations-2.9.10.jar;C:\Users\rujche\.m2\repository\com\fasterxml\jackson\core\jackson-core\2.9.10\jackson-core-2.9.10.jar;C:\Users\rujche\.m2\repository\joda-time\joda-time\2.7\joda-time-2.7.jar;C:\Users\rujche\.m2\repository\io\reactivex\rxjava\1.3.8\rxjava-1.3.8.jar;C:\Users\rujche\.m2\repository\com\squareup\retrofit2\adapter-rxjava\2.6.2\adapter-rxjava-2.6.2.jar;C:\Users\rujche\.m2\repository\commons-codec\commons-codec\1.11\commons-codec-1.11.jar;C:\Users\rujche\.m2\repository\com\microsoft\azure\adal4j\1.6.4\adal4j-1.6.4.jar;C:\Users\rujche\.m2\repository\com\nimbusds\oauth2-oidc-sdk\6.5\oauth2-oidc-sdk-6.5.jar;C:\Users\rujche\.m2\repository\com\sun\mail\javax.mail\1.6.1\javax.mail-1.6.1.jar;C:\Users\rujche\.m2\repository\javax\activation\activation\1.1\activation-1.1.jar;C:\Users\rujche\.m2\repository\com\github\stephenc\jcip\jcip-annotations\1.0-1\jcip-annotations-1.0-1.jar;C:\Users\rujche\.m2\repository\net\minidev\json-smart\2.3\json-smart-2.3.jar;C:\Users\rujche\.m2\repository\net\minidev\accessors-smart\1.2\accessors-smart-1.2.jar;C:\Users\rujche\.m2\repository\org\ow2\asm\asm\5.0.4\asm-5.0.4.jar;C:\Users\rujche\.m2\repository\com\nimbusds\lang-tag\1.7\lang-tag-1.7.jar;C:\Users\rujche\.m2\repository\com\nimbusds\nimbus-jose-jwt\9.25\nimbus-jose-jwt-9.25.jar;C:\Users\rujche\.m2\repository\com\google\code\gson\gson\2.8.0\gson-2.8.0.jar;C:\Users\rujche\.m2\repository\org\apache\commons\commons-lang3\3.5\commons-lang3-3.5.jar;C:\Users\rujche\.m2\repository\com\microsoft\azure\azure-annotations\1.7.0\azure-annotations-1.7.0.jar;C:\Program Files\JetBrains\IntelliJ IDEA Community Edition 2021.3.2\lib\idea_rt.jar" AfterMigrationApplication
Connected to the target VM, address: '127.0.0.1:55481', transport: 'socket'
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
org.apache.kafka.common.KafkaException: Failed to construct kafka producer
	at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:439)
	at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:289)
	at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:316)
	at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:301)
	at AfterMigrationApplication.createProducer(AfterMigrationApplication.java:38)
	at AfterMigrationApplication.main(AfterMigrationApplication.java:16)
Caused by: org.apache.kafka.common.KafkaException: javax.security.auth.login.LoginException: java.lang.NullPointerException
	at java.base/java.util.concurrent.ConcurrentHashMap.get(ConcurrentHashMap.java:936)
	at com.microsoft.azure.credentials.AzureCliCredentials.getToken(AzureCliCredentials.java:123)
	at CustomAuthenticateCallbackHandler.getOAuthBearerToken(CustomAuthenticateCallbackHandler.java:66)
	at CustomAuthenticateCallbackHandler.handle(CustomAuthenticateCallbackHandler.java:52)
	at org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule.identifyToken(OAuthBearerLoginModule.java:316)
	at org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule.login(OAuthBearerLoginModule.java:301)
	at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726)
	at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
	at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
	at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574)
	at org.apache.kafka.common.security.oauthbearer.internals.expiring.ExpiringCredentialRefreshingLogin.login(ExpiringCredentialRefreshingLogin.java:204)
	at org.apache.kafka.common.security.oauthbearer.internals.OAuthBearerRefreshingLogin.login(OAuthBearerRefreshingLogin.java:150)
	at org.apache.kafka.common.security.authenticator.LoginManager.<init>(LoginManager.java:62)
	at org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:105)
	at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:170)
	at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:192)
	at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:81)
	at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:105)
	at org.apache.kafka.clients.producer.KafkaProducer.newSender(KafkaProducer.java:484)
	at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:428)
	at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:289)
	at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:316)
	at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:301)
	at AfterMigrationApplication.createProducer(AfterMigrationApplication.java:38)
	at AfterMigrationApplication.main(AfterMigrationApplication.java:16)

	at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:184)
	at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:192)
	at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:81)
	at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:105)
	at org.apache.kafka.clients.producer.KafkaProducer.newSender(KafkaProducer.java:484)
	at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:428)
	... 5 more
Caused by: javax.security.auth.login.LoginException: java.lang.NullPointerException
	at java.base/java.util.concurrent.ConcurrentHashMap.get(ConcurrentHashMap.java:936)
	at com.microsoft.azure.credentials.AzureCliCredentials.getToken(AzureCliCredentials.java:123)
	at CustomAuthenticateCallbackHandler.getOAuthBearerToken(CustomAuthenticateCallbackHandler.java:66)
	at CustomAuthenticateCallbackHandler.handle(CustomAuthenticateCallbackHandler.java:52)
	at org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule.identifyToken(OAuthBearerLoginModule.java:316)
	at org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule.login(OAuthBearerLoginModule.java:301)
	at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726)
	at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
	at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
	at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574)
	at org.apache.kafka.common.security.oauthbearer.internals.expiring.ExpiringCredentialRefreshingLogin.login(ExpiringCredentialRefreshingLogin.java:204)
	at org.apache.kafka.common.security.oauthbearer.internals.OAuthBearerRefreshingLogin.login(OAuthBearerRefreshingLogin.java:150)
	at org.apache.kafka.common.security.authenticator.LoginManager.<init>(LoginManager.java:62)
	at org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:105)
	at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:170)
	at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:192)
	at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:81)
	at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:105)
	at org.apache.kafka.clients.producer.KafkaProducer.newSender(KafkaProducer.java:484)
	at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:428)
	at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:289)
	at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:316)
	at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:301)
	at AfterMigrationApplication.createProducer(AfterMigrationApplication.java:38)
	at AfterMigrationApplication.main(AfterMigrationApplication.java:16)

	at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:821)
	at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
	at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
	at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574)
	at org.apache.kafka.common.security.oauthbearer.internals.expiring.ExpiringCredentialRefreshingLogin.login(ExpiringCredentialRefreshingLogin.java:204)
	at org.apache.kafka.common.security.oauthbearer.internals.OAuthBearerRefreshingLogin.login(OAuthBearerRefreshingLogin.java:150)
	at org.apache.kafka.common.security.authenticator.LoginManager.<init>(LoginManager.java:62)
	at org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:105)
	at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:170)
	... 10 more
Error happened when produce message. org.apache.kafka.common.KafkaException: Failed to construct kafka producer
Disconnected from the target VM, address: '127.0.0.1:55481', transport: 'socket'

Process finished with exit code 0

This problem is not solved yet. I'll continue investigating. After discussing with @yiliuTo , abandom this for now. Current sample code may not be useful for java. Need move investigation about how to tell customer use passwordless connection in java application (without spring-boot)

@chenrujun
Copy link

  1. Mixed spring-kafka and spring-boot
    image

Property like spring.kafka.bootstrap-servers is only useful for spring-boot application. But spring-kafka can be used without spring-boot.

My suggestion: 2 options:

  1. Give migration guide of spring-kakfa without spring-boot.
  2. Change the tab name from Spring Kafka to something like Spring Kafka (Spring Boot App).

@chenrujun
Copy link

  1. Current guide only contains add contents, is it necessary to delete something? Because this guide assume customer is using Shared Access Signature (SAS) before migrate.

image

@chenrujun
Copy link

  1. Delete properties that is not caused by migration. For example: spring.kafka.bootstrap-servers already exists before migration. In my understanding, migration guide should only tell reader what should be changed.
    image

@chenrujun
Copy link

  1. Deleted properties should be written in the migration guide.
    image

@chenrujun
Copy link

  1. This is not about migration guide, it's about implementation. WARN log may confuse customer. Can we avoid this log?

WARN 25972 --- [ main] o.a.k.clients.producer.ProducerConfig : The configuration 'azure.token.credential' was supplied but isn't a known config.

@chenrujun
Copy link

  1. Similar to above one. But this one is not caused by spring-cloud-azure team. It's caused by azure-identity:

ERROR 25972 --- [ az-identity-1] c.a.i.i.WindowsCredentialAccessor : Element not found.

@chenrujun
Copy link

  1. Change the order of login method.
    image

Reasons:

  1. Cli and PowerShell are similar, better to put them together.
  2. Another option is to follow the order in DAC's default chain:
    image

@chenrujun
Copy link

chenrujun commented Sep 22, 2022
edited

  1. Is visual studio supported?

Visual studio appeared in the migration guide:
image

But there is no VisualStudioCredential:
image

@chenrujun
Copy link

  1. There should be a tab named Intellij
    image

@chenrujun
Copy link

  1. The login process it possible to change. It's better to add link to tell reader how to login instead of demonstrate login step by step.
    image

image

For example, we can use this link instead: https://github.com/microsoft/vscode-azure-account#signing-inout
image

Otherwise, it's possible that the login step changed, and we (migration guide maintainer) will not know that.

@chenrujun
Copy link

  1. This is not about migration guide, but implementation. Warn log may confuse customer:
2022-09-22 14:50:50.047  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : Spring Cloud Azure auto-configuration for Kafka OAUTHBEARER authentication will be loaded to configure your Kafka security and sasl properties to support Azure Identity credentials.
2022-09-22 14:50:50.047  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : OAUTHBEARER authentication property security.protocol will be configured as SASL_SSL to support Azure Identity credentials.
2022-09-22 14:50:50.047  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : OAUTHBEARER authentication property sasl.mechanism will be configured as OAUTHBEARER to support Azure Identity credentials.
2022-09-22 14:50:50.047  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : OAUTHBEARER authentication property sasl.jaas.config will be configured as org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required; to support Azure Identity credentials.
2022-09-22 14:50:50.047  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : OAUTHBEARER authentication property sasl.login.callback.handler.class will be configured as com.azure.spring.cloud.service.implementation.kafka.KafkaOAuth2AuthenticateCallbackHandler to support Azure Identity credentials.
2022-09-22 14:50:50.052  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : Spring Cloud Azure auto-configuration for Kafka OAUTHBEARER authentication will be loaded to configure your Kafka security and sasl properties to support Azure Identity credentials.
2022-09-22 14:50:50.052  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : OAUTHBEARER authentication property security.protocol will be configured as SASL_SSL to support Azure Identity credentials.
2022-09-22 14:50:50.052  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : OAUTHBEARER authentication property sasl.mechanism will be configured as OAUTHBEARER to support Azure Identity credentials.
2022-09-22 14:50:50.052  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : OAUTHBEARER authentication property sasl.jaas.config will be configured as org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required; to support Azure Identity credentials.
2022-09-22 14:50:50.052  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : OAUTHBEARER authentication property sasl.login.callback.handler.class will be configured as com.azure.spring.cloud.service.implementation.kafka.KafkaOAuth2AuthenticateCallbackHandler to support Azure Identity credentials.

2022-09-22 14:50:51.077  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : Spring Cloud Azure auto-configuration for Kafka OAUTHBEARER authentication will be loaded to configure your Kafka security and sasl properties to support Azure Identity credentials.
2022-09-22 14:50:51.077  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : OAUTHBEARER authentication property security.protocol will be configured as SASL_SSL to support Azure Identity credentials.
2022-09-22 14:50:51.077  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : OAUTHBEARER authentication property sasl.mechanism will be configured as OAUTHBEARER to support Azure Identity credentials.
2022-09-22 14:50:51.077  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : OAUTHBEARER authentication property sasl.jaas.config will be configured as org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required; to support Azure Identity credentials.
2022-09-22 14:50:51.078  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : OAUTHBEARER authentication property sasl.login.callback.handler.class will be configured as com.azure.spring.cloud.service.implementation.kafka.KafkaOAuth2AuthenticateCallbackHandler to support Azure Identity credentials.
2022-09-22 14:50:51.084  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : Spring Cloud Azure auto-configuration for Kafka OAUTHBEARER authentication will be loaded to configure your Kafka security and sasl properties to support Azure Identity credentials.
2022-09-22 14:50:51.084  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : OAUTHBEARER authentication property security.protocol will be configured as SASL_SSL to support Azure Identity credentials.
2022-09-22 14:50:51.084  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : OAUTHBEARER authentication property sasl.mechanism will be configured as OAUTHBEARER to support Azure Identity credentials.
2022-09-22 14:50:51.084  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : OAUTHBEARER authentication property sasl.jaas.config will be configured as org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required; to support Azure Identity credentials.
2022-09-22 14:50:51.084  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : OAUTHBEARER authentication property sasl.login.callback.handler.class will be configured as com.azure.spring.cloud.service.implementation.kafka.KafkaOAuth2AuthenticateCallbackHandler to support Azure Identity credentials.
2022-09-22 14:50:51.110  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : Spring Cloud Azure auto-configuration for Kafka OAUTHBEARER authentication will be loaded to configure your Kafka security and sasl properties to support Azure Identity credentials.
2022-09-22 14:50:51.110  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : OAUTHBEARER authentication property security.protocol will be configured as SASL_SSL to support Azure Identity credentials.
2022-09-22 14:50:51.110  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : OAUTHBEARER authentication property sasl.mechanism will be configured as OAUTHBEARER to support Azure Identity credentials.
2022-09-22 14:50:51.110  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : OAUTHBEARER authentication property sasl.jaas.config will be configured as org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required; to support Azure Identity credentials.
2022-09-22 14:50:51.113  WARN 30520 --- [           main] c.a.i.k.AzureKafkaAutoconfigurationUtils : OAUTHBEARER authentication property sasl.login.callback.handler.class will be configured as com.azure.spring.cloud.service.implementation.kafka.KafkaOAuth2AuthenticateCallbackHandler to support Azure Identity credentials.

2022-09-22 14:50:51.784  WARN 30520 --- [           main] .f.AbstractAzureHttpClientBuilderFactory : The client properties of an http-based client is of type com.azure.spring.cloud.core.properties.client.ClientProperties

2022-09-22 14:51:01.325  WARN 30520 --- [           main] .f.AbstractAzureHttpClientBuilderFactory : The client properties of an http-based client is of type com.azure.spring.cloud.core.properties.client.ClientProperties

...

2022-09-22 14:51:10.825  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.gallery-endpoint' was supplied but isn't a known config.
2022-09-22 14:51:10.825  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.cloud-type' was supplied but isn't a known config.
2022-09-22 14:51:10.825  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.azure-data-lake-store-file-system-endpoint-suffix' was supplied but isn't a known config.
2022-09-22 14:51:10.825  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.azure-data-lake-analytics-catalog-and-job-endpoint-suffix' was supplied but isn't a known config.
2022-09-22 14:51:10.825  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.credential.managed-identity-enabled' was supplied but isn't a known config.
2022-09-22 14:51:10.825  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.azure-application-insights-endpoint' was supplied but isn't a known config.
2022-09-22 14:51:10.825  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.resource-manager-endpoint' was supplied but isn't a known config.
2022-09-22 14:51:10.825  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.azure-log-analytics-endpoint' was supplied but isn't a known config.
2022-09-22 14:51:10.825  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.sql-management-endpoint' was supplied but isn't a known config.
2022-09-22 14:51:10.825  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.management-endpoint' was supplied but isn't a known config.
2022-09-22 14:51:10.825  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.storage-endpoint-suffix' was supplied but isn't a known config.
2022-09-22 14:51:10.825  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.publishing-profile' was supplied but isn't a known config.
2022-09-22 14:51:10.826  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.portal' was supplied but isn't a known config.
2022-09-22 14:51:10.826  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.active-directory-resource-id' was supplied but isn't a known config.
2022-09-22 14:51:10.826  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.active-directory-endpoint' was supplied but isn't a known config.
2022-09-22 14:51:10.826  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.microsoft-graph-endpoint' was supplied but isn't a known config.
2022-09-22 14:51:10.826  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.key-vault-dns-suffix' was supplied but isn't a known config.
2022-09-22 14:51:10.826  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.active-directory-graph-endpoint' was supplied but isn't a known config.
2022-09-22 14:51:10.826  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.sql-server-hostname-suffix' was supplied but isn't a known config.
2022-09-22 14:51:10.826  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.data-lake-endpoint-resource-id' was supplied but isn't a known config.
2022-09-22 14:51:10.826  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.active-directory-graph-api-version' was supplied but isn't a known config.

...

2022-09-22 14:51:14.694  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.gallery-endpoint' was supplied but isn't a known config.
2022-09-22 14:51:14.694  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.cloud-type' was supplied but isn't a known config.
2022-09-22 14:51:14.694  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.azure-data-lake-store-file-system-endpoint-suffix' was supplied but isn't a known config.
2022-09-22 14:51:14.694  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.azure-data-lake-analytics-catalog-and-job-endpoint-suffix' was supplied but isn't a known config.
2022-09-22 14:51:14.694  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.credential.managed-identity-enabled' was supplied but isn't a known config.
2022-09-22 14:51:14.694  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.azure-application-insights-endpoint' was supplied but isn't a known config.
2022-09-22 14:51:14.694  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.resource-manager-endpoint' was supplied but isn't a known config.
2022-09-22 14:51:14.694  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.azure-log-analytics-endpoint' was supplied but isn't a known config.
2022-09-22 14:51:14.695  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.sql-management-endpoint' was supplied but isn't a known config.
2022-09-22 14:51:14.695  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.management-endpoint' was supplied but isn't a known config.
2022-09-22 14:51:14.695  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.storage-endpoint-suffix' was supplied but isn't a known config.
2022-09-22 14:51:14.695  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.publishing-profile' was supplied but isn't a known config.
2022-09-22 14:51:14.695  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.portal' was supplied but isn't a known config.
2022-09-22 14:51:14.695  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.active-directory-resource-id' was supplied but isn't a known config.
2022-09-22 14:51:14.695  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.active-directory-endpoint' was supplied but isn't a known config.
2022-09-22 14:51:14.695  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.microsoft-graph-endpoint' was supplied but isn't a known config.
2022-09-22 14:51:14.695  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.key-vault-dns-suffix' was supplied but isn't a known config.
2022-09-22 14:51:14.695  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.active-directory-graph-endpoint' was supplied but isn't a known config.
2022-09-22 14:51:14.695  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.sql-server-hostname-suffix' was supplied but isn't a known config.
2022-09-22 14:51:14.695  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.data-lake-endpoint-resource-id' was supplied but isn't a known config.
2022-09-22 14:51:14.695  WARN 30520 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : The configuration 'azure.profile.environment.active-directory-graph-api-version' was supplied but isn't a known config.

@chenrujun
Copy link

  1. Tell customer what should be deleted:
    image

image

@chenrujun
Copy link

  1. Text error
    image

@chenrujun
Copy link

  1. Change the order of host environment
    image

Reasons: Service Connector depends on other host environments. Should not appear at first

@chenrujun
Copy link

chenrujun commented Sep 22, 2022
edited

  1. It's better to add link to another page instead of adding steps (screenshots) by ourselves. Because the steps (including the portal page) may change in the future.
    For example:
    image

This content can be replaced by this link: https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm#enable-system-assigned-managed-identity-on-an-existing-vm

@chenrujun
Copy link

  1. Enable managed identity by portal has 5 tabs, but by cli has 6 tabs:
    image

image

@chenrujun
Copy link

  1. Better to uniform the word: create / enable / assign.
    image

image

@chenrujun
Copy link

  1. Tab is confusing.
    image

@chenrujun
Copy link

  1. Can not find Azure Spring Apps in Event Hubs role assign page.

Screenshot in migration guide:
image

Screenshot in Azure Portal:
image

Workaround: assign role in Azure Spring Apps -> Apps page.
Screenshot:
image

image

@chenrujun
Copy link

  1. Suggestion: Organize content in this style:
    https://learn.microsoft.com/en-us/azure/app-service/quickstart-java?tabs=javase&pivots=platform-windows-development-environment-maven

image

@chenrujun
Copy link

chenrujun commented Sep 26, 2022
edited

  1. Update: Problem solved by setting the probes:
    image

===========
Original problem:

  1. When run spring-cloud-stream-biner app in Azure Container Apps, log shows that token can be got, but message cannot be consumed. (Message can be consumed successfully in localhost and other Azure environments like Azure Spring Apps)

Screenshots:

  1. Token can be got:
    image

  2. Message cannot be consumed:
    image

  3. Sample code:
    image

Link to sample project: https://github.com/chenrujun/azure-spring-boot-samples/tree/2a0b5d45e9034c928f0f7740d90ccdf358090073/password-less-connection-migration-kafka/spring-cloud-stream-binder-kafka/spring-cloud-stream-binder-kafka-after-migration

@yiliuTo yiliuTo mentioned this issue Sep 28, 2022
Closed
@chenrujun
Copy link

  1. When deploy to AKS, password-less feature cannot work well.

Here is screenshot of related log:
image

@chenrujun chenrujun modified the milestones: 2022-10, 2022-11 Oct 9, 2022
@chenrujun chenrujun mentioned this issue Oct 9, 2022
Closed
2 tasks
@chenrujun
Copy link

I have finished go-through related documents. Closing this issue.

Next step: #31346

@chenrujun chenrujun modified the milestones: 2022-11, 2022-10 Oct 9, 2022
@hui1110
Copy link
Contributor

hui1110 commented Nov 11, 2022

The #30800 (comment) is tracked with microsoft/spring-cloud-azure#1037.

@github-actions github-actions bot locked and limited conversation to collaborators Apr 11, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@chenrujun chenrujun

Labels
azure-spring All azure-spring related issues azure-spring-docs Docs
Projects
Spring Cloud Azure
Archived in project
Milestone
2022-10
Development

No branches or pull requests
4 participants
@chenrujun @saragluna @hui1110 @yiliuTo