Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AzureAppConfigurationBuilder uses hardcoded DefaultAzureCredential() to read Key Vault but should use existing GetCredential() #230

Open
Juraj2 opened this issue Nov 15, 2023 · 3 comments
Open

AzureAppConfigurationBuilder uses hardcoded DefaultAzureCredential() to read Key Vault but should use existing GetCredential() #230

Juraj2 opened this issue Nov 15, 2023 · 3 comments

Comments

@Juraj2
Copy link

Juraj2 commented Nov 15, 2023
edited

AzureAppConfigurationBuilder uses hardcoded DefaultAzureCredential() to read Key Vault but should use existing GetCredential()

AzureAppConfigurationBuilder.cs always uses DefaultAzureCredential() when reading App Configuration Key-value references to Key Vault. It should use already existing virtual method GetCredential() instead.

Functional impact

Classes that inherit from AzureAppConfigurationBuilder and override the protected virtual TokenCredential GetCredential() still cannot influence which TokenCredential is used when reading App Configuration values that are referencing Key Vault.

Expected result

When classes that inherit from AzureAppConfigurationBuilder override the protected virtual TokenCredential GetCredential() then the GetCredential() should also be used for App Configuration Key-value references to Key Vault

Actual result

When classes that inherit from AzureAppConfigurationBuilder override the protected virtual TokenCredential GetCredential() then the GetCredential() is only used to read Key-values from App Configuration. But when reading App Configuration Key-value references that reference Key Vault then always the hardcoded new DefaultAzureCredential() is used.

Further technical details

There is a bug in the code in AzureAppConfigurationBuilder.cs in private SecretClient GetSecretClient() method. It should use already existing virtual method GetCredential() instead of hardcoded new DefaultAzureCredential()- the same way as it is used in AzureKeyVaultConfigBuilder.cs
Juraj2 pushed a commit to Juraj2/MicrosoftConfigurationBuilders that referenced this issue Nov 16, 2023
Fix for Issue aspnet#230 - Use already existing virtual GetCredential…
eec4ee9 
…() instead of hardcoded DefaultAzureCredential() to read values mapped from KeyVault

This is fix for issue aspnet#230

Background:
In order for AzureAppConfigurationBuilder to read Azure App Configuration values mapped from KeyVault, it gets the TokenCredential by calling `private SecretClient GetSecretClient()`.

But GetSecretClient() has hardcoded way to get `TokenCredential` by calling `new DefaultAzureCredential()` but it should honor an already existing virtual method `GetCredential()` instead to get the `TokenCredential`. So the classes that inherit from `AzureAppConfigurationBuilder` and override the `protected virtual TokenCredential GetCredential()` can influence which credential is used when reading app configuration values that are mapped from KeyVault.

The bug is that classes that inherit from `AzureAppConfigurationBuilder` and override the `protected virtual TokenCredential GetCredential()` cannot influence which credential is used when reading app configuration values that are mapped from KeyVault.
@Juraj2 Juraj2 changed the title AzureAppConfigurationBuilder always uses DefaultAzureCredentail() for SecretClient but should use virtual GetCredential() instead AzureAppConfigurationBuilder always uses DefaultAzureCredential() to read Key Vault but should use existing GetCredential() Nov 16, 2023
Juraj2 pushed a commit to Juraj2/MicrosoftConfigurationBuilders that referenced this issue Nov 16, 2023
Add overload for SecretClientOptions in AzureAppConfigurationBuilder (a…
34585fe 
…spnet#230)

So reading of App Configuration Key-value references to Key Vault
can be fine tuned by the derived classes.
Juraj2 pushed a commit to Juraj2/MicrosoftConfigurationBuilders that referenced this issue Nov 16, 2023
Use GetCredential() for Key Vault readings and Add overload for Secre…
03c6e97 
…tClientOptions in AzureAppConfigurationBuilder (aspnet#230)

- Fix for AzureAppConfigurationBuilder to read App Configuration Key-value references to Key Vault in the same way as AzureKeyVaultConfigBuilder

Addresses aspnet#230
@Juraj2 Juraj2 mentioned this issue Nov 16, 2023
Open
@Juraj2 Juraj2 changed the title AzureAppConfigurationBuilder always uses DefaultAzureCredential() to read Key Vault but should use existing GetCredential() AzureAppConfigurationBuilder uses hardcoded DefaultAzureCredential() to read Key Vault but should use existing GetCredential() Nov 16, 2023
Juraj2 pushed a commit to Juraj2/MicrosoftConfigurationBuilders that referenced this issue Nov 17, 2023
Clean up spacing (aspnet#230)
ba0ce66 
To spacing what was prior aspnet#230
Juraj2 pushed a commit to Juraj2/MicrosoftConfigurationBuilders that referenced this issue Nov 27, 2023
Fixing comments in AzureKeyVaultConfigBuilder and AzureAppConfigurati…
7d04b31 
…onBuilder (aspnet#230)
@skwazza09
Copy link

skwazza09 commented Nov 28, 2023
edited

Facing the same issue with AzureAppConfigurationBuilder. Able to load the AppConfig values just fine, however when reading App Configuration Key-value references that reference Key Vault it always uses the default credential which throws a Azure.RequestFailedException.

We are using a CheinedTokenCredential to gain access to the Azure Resource, but unable to use the overridden GetCredential() method as it defaults to the DefaultAzureCredential().

@masonhuemmer
Copy link

masonhuemmer commented Dec 14, 2023
edited

Any progress made on this issue?

@Juraj2
Copy link
Author

Juraj2 commented Dec 15, 2023
edited

I implemented the fix for it. I am waiting for the pull request approval so it gets to the next release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Juraj2 @masonhuemmer @skwazza09