Reputation: 912
Unable to access App Configuration with User Managed Identity in Java spring boot
I am facing issues connecting to azure app configuration with User Managed Identity.
The issue that I am getting is:
com.microsoft.aad.msal4j.MsalAzureSDKException: java.util.concurrent.ExecutionException: com.azure.identity.CredentialUnavailableException: ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, Network is unreachable: no further information.
I am using below dependency in my spring boot application:
implementation ('com.azure.spring:azure-spring-cloud-appconfiguration-config-web:2.11.0')
My bootstrap.yml looks like this:
spring:
application:
name: app-service
version: 0.0.1
cloud:
azure:
appconfiguration:
enabled: ${APP_CONFIGURATION_ENABLED} // true
managed-identity:
client-id: ${AZURE_CLIENT_ID} // some valid client_id, created on azure portal
stores:
- endpoint: ${AZURE_END_POINT} // some valid endpoint
Please note i have created sample configurations on my azure portal and also exported AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID properties as environment variables containing valid values.
I am using spring boot version 3.1.0 and have been following this doc:
The same set of configurations works fine in plain Java, by creating beans explicitily like this:
public class Main {
public static void main(String[] args) {
TokenCredential credential = new DefaultAzureCredentialBuilder().build();
ConfigurationClient client = new ConfigurationClientBuilder()
.credential(credential)
.endpoint("same endpoint as used above")
.buildClient();
ConfigurationSetting retrievedSetting = client.getConfigurationSetting("/application/app-service/appconfig.appUrl", "local");
System.out.println(retrievedSetting.toString()); // works fine
}
}
but these configurations doesn't work well with spring boot 3.x.
Can anyone point what probably i am doing wrong or what could be the issue here.
Thanks in advance.
Upvotes: 2
Views: 1734
Answers (1)
Reputation: 65461
For this to work the code must be running in a process that has a managed identity. When you are running your spring boot application locally you do not have this.
The reason why the java code works it that it is using credentials of the logged on user.
To delpoy your spring boot application to Azure App Service see: https://learn.microsoft.com/en-us/training/modules/deploy-java-spring-boot-app-service-mysql/
Upvotes: 1
Related Questions
- How to access a value defined in the application.properties file in Spring Boot
- Spring boot - Not a managed type
- How to read Azure web site app settings values in Spring boot java class
- Dynamic configuration does not work with spring boot property when it is assigned a value in the application.properties
- AttributeError: 'MonitorManagementClient' object has no attribute 'location' Microsoft Azure
- azure sdk java + Azure Kubernetes Cluster + Spring Boot application + System Assigned Managed Identity