-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AzureAppConfigurationBuilder uses hardcoded DefaultAzureCredential() to read Key Vault but should use existing GetCredential() #230
Comments
…() instead of hardcoded DefaultAzureCredential() to read values mapped from KeyVault This is fix for issue aspnet#230 Background: In order for AzureAppConfigurationBuilder to read Azure App Configuration values mapped from KeyVault, it gets the TokenCredential by calling `private SecretClient GetSecretClient()`. But GetSecretClient() has hardcoded way to get `TokenCredential` by calling `new DefaultAzureCredential()` but it should honor an already existing virtual method `GetCredential()` instead to get the `TokenCredential`. So the classes that inherit from `AzureAppConfigurationBuilder` and override the `protected virtual TokenCredential GetCredential()` can influence which credential is used when reading app configuration values that are mapped from KeyVault. The bug is that classes that inherit from `AzureAppConfigurationBuilder` and override the `protected virtual TokenCredential GetCredential()` cannot influence which credential is used when reading app configuration values that are mapped from KeyVault.
…spnet#230) So reading of App Configuration Key-value references to Key Vault can be fine tuned by the derived classes.
…tClientOptions in AzureAppConfigurationBuilder (aspnet#230) - Fix for AzureAppConfigurationBuilder to read App Configuration Key-value references to Key Vault in the same way as AzureKeyVaultConfigBuilder Addresses aspnet#230
To spacing what was prior aspnet#230
Facing the same issue with AzureAppConfigurationBuilder. Able to load the AppConfig values just fine, however when reading App Configuration Key-value references that reference Key Vault it always uses the default credential which throws a Azure.RequestFailedException. We are using a CheinedTokenCredential to gain access to the Azure Resource, but unable to use the overridden GetCredential() method as it defaults to the DefaultAzureCredential(). |
Any progress made on this issue? |
I implemented the fix for it. I am waiting for the pull request approval so it gets to the next release. |
AzureAppConfigurationBuilder uses hardcoded DefaultAzureCredential() to read Key Vault but should use existing GetCredential()
AzureAppConfigurationBuilder.cs always uses DefaultAzureCredential() when reading App Configuration
Key-value references
toKey Vault
. It should use already existing virtual method GetCredential() instead.Functional impact
Classes that inherit from
AzureAppConfigurationBuilder
and override theprotected virtual TokenCredential GetCredential()
still cannot influence whichTokenCredential
is used when reading App Configuration values that are referencingKey Vault
.Expected result
When classes that inherit from
AzureAppConfigurationBuilder
override theprotected virtual TokenCredential GetCredential()
then theGetCredential()
should also be used for App ConfigurationKey-value references
toKey Vault
Actual result
When classes that inherit from
AzureAppConfigurationBuilder
override theprotected virtual TokenCredential GetCredential()
then theGetCredential()
is only used to readKey-values
from App Configuration. But when reading App ConfigurationKey-value references
that referenceKey Vault
then always the hardcodednew DefaultAzureCredential()
is used.Further technical details
There is a bug in the code in AzureAppConfigurationBuilder.cs in private SecretClient GetSecretClient() method. It should use already existing virtual method GetCredential() instead of hardcoded
new DefaultAzureCredential()
- the same way as it is used in AzureKeyVaultConfigBuilder.csThe text was updated successfully, but these errors were encountered: