diff --git a/servers/Azure.Mcp.Server/changelog-entries/1774886640626.yaml b/servers/Azure.Mcp.Server/changelog-entries/1774886640626.yaml new file mode 100644 index 0000000000..8cb6480cc1 --- /dev/null +++ b/servers/Azure.Mcp.Server/changelog-entries/1774886640626.yaml @@ -0,0 +1,3 @@ +changes: + - section: "Bugs Fixed" + description: "Configure AppConfigurationAudience when creating AppConfiguration SDK clients" \ No newline at end of file diff --git a/tools/Azure.Mcp.Tools.AppConfig/src/Services/AppConfigService.cs b/tools/Azure.Mcp.Tools.AppConfig/src/Services/AppConfigService.cs index 264cda3c06..7141b5c217 100644 --- a/tools/Azure.Mcp.Tools.AppConfig/src/Services/AppConfigService.cs +++ b/tools/Azure.Mcp.Tools.AppConfig/src/Services/AppConfigService.cs @@ -7,6 +7,7 @@ using Azure.Mcp.Core.Models.Identity; using Azure.Mcp.Core.Options; using Azure.Mcp.Core.Services.Azure; +using Azure.Mcp.Core.Services.Azure.Authentication; using Azure.Mcp.Core.Services.Azure.Subscription; using Azure.Mcp.Core.Services.Azure.Tenant; using Azure.Mcp.Tools.AppConfig.Models; @@ -168,7 +169,7 @@ public async Task DeleteKeyValue( private async Task GetConfigurationClient(string accountName, string subscription, string? tenant, RetryPolicyOptions? retryPolicy, CancellationToken cancellationToken) { - var configStore = await FindAppConfigStore(subscription, accountName, subscription, retryPolicy, cancellationToken); + var configStore = await FindAppConfigStore(subscription, tenant, accountName, subscription, retryPolicy, cancellationToken); var endpoint = configStore.Endpoint; if (string.IsNullOrEmpty(endpoint)) { @@ -177,8 +178,9 @@ private async Task GetConfigurationClient(string accountNam EndpointValidator.ValidateAzureServiceEndpoint(endpoint, "appconfig"); - var credential = await GetCredential(cancellationToken); + var credential = await GetCredential(tenant, cancellationToken); var options = new ConfigurationClientOptions(); + options.Audience = GetAppConfigurationAudience(); AddDefaultPolicies(options); var endpointUri = new Uri(endpoint); @@ -191,25 +193,22 @@ private async Task GetConfigurationClient(string accountNam private async Task FindAppConfigStore( string subscription, + string? tenant, string accountName, string subscriptionIdentifier, RetryPolicyOptions? retryPolicy, CancellationToken cancellationToken) { - var account = await ExecuteSingleResourceQueryAsync( + return await ExecuteSingleResourceQueryAsync( "Microsoft.AppConfiguration/configurationStores", resourceGroup: null, // all resource groups subscription: subscription, retryPolicy: retryPolicy, converter: ConvertToAppConfigurationAccountModel, additionalFilter: $"name =~ '{EscapeKqlString(accountName)}'", - cancellationToken: cancellationToken); - - if (account == null) - { - throw new KeyNotFoundException($"App Configuration store '{accountName}' not found for subscription '{subscriptionIdentifier}'."); - } - return account; + tenant: tenant, + cancellationToken: cancellationToken) + ?? throw new KeyNotFoundException($"App Configuration store '{accountName}' not found for subscription '{subscriptionIdentifier}'."); } /// @@ -266,4 +265,15 @@ private static AppConfigurationAccount ConvertToAppConfigurationAccountModel(Jso } }; } + + private AppConfigurationAudience GetAppConfigurationAudience() + { + return TenantService.CloudConfiguration.CloudType switch + { + AzureCloudConfiguration.AzureCloud.AzurePublicCloud => AppConfigurationAudience.AzurePublicCloud, + AzureCloudConfiguration.AzureCloud.AzureChinaCloud => AppConfigurationAudience.AzureChina, + AzureCloudConfiguration.AzureCloud.AzureUSGovernmentCloud => AppConfigurationAudience.AzureGovernment, + _ => AppConfigurationAudience.AzurePublicCloud + }; + } }