Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] The Spring Key Vault integration (spring-cloud-azure-starter-keyvault-secrets) does not work with local test doubles #36561

Closed
3 tasks done
nagyesta opened this issue Aug 28, 2023 · 3 comments
Closed
3 tasks done

[BUG] The Spring Key Vault integration (spring-cloud-azure-starter-keyvault-secrets) does not work with local test doubles #36561

nagyesta opened this issue Aug 28, 2023 · 3 comments
Labels
azure-spring All azure-spring related issues azure-spring-keyvault Spring keyvault related issues. Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that

Comments

@nagyesta
Copy link
Contributor

Describe the bug
The Spring Key Vault integration (spring-cloud-azure-starter-keyvault-secrets) does not work with local test doubles because the disableChallengeResourceVerification option is not configurable.

Exception or Stack Trace
Add the exception log and stack trace if available

java.lang.IllegalStateException: Failed to configure KeyVault property source
	at com.azure.spring.cloud.autoconfigure.implementation.keyvault.environment.KeyVaultEnvironmentPostProcessor.buildKeyVaultPropertySource(KeyVaultEnvironmentPostProcessor.java:131)
	at com.azure.spring.cloud.autoconfigure.implementation.keyvault.environment.KeyVaultEnvironmentPostProcessor.buildKeyVaultPropertySourceList(KeyVaultEnvironmentPostProcessor.java:116)
	at com.azure.spring.cloud.autoconfigure.implementation.keyvault.environment.KeyVaultEnvironmentPostProcessor.postProcessEnvironment(KeyVaultEnvironmentPostProcessor.java:89)
	at org.springframework.boot.env.EnvironmentPostProcessorApplicationListener.onApplicationEnvironmentPreparedEvent(EnvironmentPostProcessorApplicationListener.java:109)
	at org.springframework.boot.env.EnvironmentPostProcessorApplicationListener.onApplicationEvent(EnvironmentPostProcessorApplicationListener.java:94)
	at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
	at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
	at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:143)
	at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:131)
	at org.springframework.boot.context.event.EventPublishingRunListener.multicastInitialEvent(EventPublishingRunListener.java:136)
	at org.springframework.boot.context.event.EventPublishingRunListener.environmentPrepared(EventPublishingRunListener.java:81)
	at org.springframework.boot.SpringApplicationRunListeners.lambda$environmentPrepared$2(SpringApplicationRunListeners.java:64)
	at java.base/java.lang.Iterable.forEach(Iterable.java:75)
	at org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:118)
	at org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:112)
	at org.springframework.boot.SpringApplicationRunListeners.environmentPrepared(SpringApplicationRunListeners.java:63)
	at org.springframework.boot.SpringApplication.prepareEnvironment(SpringApplication.java:356)
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:307)
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1306)
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1295)
	at com.github.nagyesta.example.sbkvdemo.SpringBootLocalKeyVaultDemoApplication.main(SpringBootLocalKeyVaultDemoApplication.java:10)
Caused by: java.lang.RuntimeException: The challenge resource 'https://localhost:10543/.default' does not match the requested domain. If you wish to disable this check for your client, pass 'true' to the SecretClientBuilder.disableChallengeResourceVerification() method when building it. See https://aka.ms/azsdk/blog/vault-uri for more information.
	at com.azure.security.keyvault.secrets.implementation.KeyVaultCredentialPolicy.authorizeRequestOnChallengeSync(KeyVaultCredentialPolicy.java:281)
	at com.azure.core.http.policy.BearerTokenAuthenticationPolicy.processSync(BearerTokenAuthenticationPolicy.java:135)
	at com.azure.core.http.HttpPipelineNextSyncPolicy.processSync(HttpPipelineNextSyncPolicy.java:41)
	at com.azure.core.http.policy.RetryPolicy.attemptSync(RetryPolicy.java:164)

To Reproduce
Steps to reproduce the behavior:
Please check the failing branch of the example project I have created here: https://github.com/nagyesta/spring-boot-local-key-vault-demo/tree/failing

Code Snippet
com.azure.spring.cloud.autoconfigure.implementation.keyvault.secrets.properties.AzureKeyVaultPropertySourceProperties does not have a disableChallengeResourceVerification field (and the related getter-setter).
Therefore, the com.azure.security.keyvault.secrets.SecretClientBuilder#buildInnerClient method cannot set it as true in this line:

policies.add(new KeyVaultCredentialPolicy(credential, disableChallengeResourceVerification));

Expected behavior
The client configuration should allow disableChallengeResourceVerification to be freely configured for tests.

Screenshots
N/A

Setup (please complete the following information):

  • OS: Any (tried on Kubuntu 22.04 LTS)
  • IDE: Any (tried with IntelliJ)
  • Library/Libraries: com.azure.spring:spring-cloud-azure-starter-keyvault-secrets:5.5.0
  • Java version: Any (tried with 17)
  • App Server/Environment: Any
  • Frameworks: Spring Boot 3.1.2

Additional context
Related to #29651

Information Checklist
Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report

  • Bug Description Added
  • Repro Steps Added
  • Setup information Added
@github-actions github-actions bot added azure-spring All azure-spring related issues Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-triage Workflow: This issue needs the team to triage. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Aug 28, 2023
@Netyyyy Netyyyy added azure-spring-keyvault Spring keyvault related issues. and removed needs-team-triage Workflow: This issue needs the team to triage. labels Aug 29, 2023
@github-actions github-actions bot added the needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team label Aug 29, 2023
@Netyyyy
Copy link
Member

Netyyyy commented Aug 29, 2023

Hi @nagyesta , thanks for reaching out.
We have received your submission and will take it into consideration. We appreciate your input and will review this matter as soon as possible.
Please feel free to provide any additional information or context that you think may be helpful. We'll keep you updated on the progress of our review.
Thank you for your contribution to improving our project.

nagyesta added a commit to nagyesta/azure-sdk-for-java that referenced this issue Aug 30, 2023
@nagyesta
Allows configuration of disableChallengeResourceVerification property
129bf62 
- Adds disableChallengeResourceVerification property to properties objects
- Includes new property in mapping methods
- Configures SecretClient in Factory when disableChallengeResourceVerification is set
- Configures CertificateClient in Factory when disableChallengeResourceVerification is set
- Updates/adds new tests
- Updates Changelog

Resolves Azure#36561

Signed-off-by: Esta Nagy <nagyesta@gmail.com>
@nagyesta
Copy link
Contributor Author

Hi @Netyyyy ,
thank you! I have prepared a PR as well (#36603). I hope it will help!

@nagyesta nagyesta mentioned this issue Aug 30, 2023
Merged
6 tasks
nagyesta added a commit to nagyesta/azure-sdk-for-java that referenced this issue Aug 31, 2023
@nagyesta
Allows configuration of disableChallengeResourceVerification property…
dc3dd89 
… - Code review fixes #1

- Renames disableChallengeResourceVerification to challengeResourceVerificationEnabled
- Adds additional JavaDoc

Resolves Azure#36561

Signed-off-by: Esta Nagy <nagyesta@gmail.com>
nagyesta added a commit to nagyesta/azure-sdk-for-java that referenced this issue Sep 1, 2023
@nagyesta
Allows configuration of disableChallengeResourceVerification property…
79d9606 
… - Code review fixes Azure#3

- Simplifies factory method logic as per code review recommendation

Resolves Azure#36561

Signed-off-by: Esta Nagy <nagyesta@gmail.com>
saragluna added a commit that referenced this issue Sep 2, 2023
@nagyesta @azure-sdk @saragluna
Bugfix - Allow configuration of disableChallengeResourceVerification …
a0d30ff 
…property of AKV SecretClient (#36603)

* Allows configuration of disableChallengeResourceVerification property
- Adds disableChallengeResourceVerification property to properties objects
- Includes new property in mapping methods
- Configures SecretClient in Factory when disableChallengeResourceVerification is set
- Configures CertificateClient in Factory when disableChallengeResourceVerification is set
- Updates/adds new tests
- Updates Changelog

Resolves #36561

Signed-off-by: Esta Nagy <nagyesta@gmail.com>

* Allows configuration of disableChallengeResourceVerification property - Code review fixes #1
- Renames disableChallengeResourceVerification to challengeResourceVerificationEnabled
- Adds additional JavaDoc

Resolves #36561

Signed-off-by: Esta Nagy <nagyesta@gmail.com>

* Allows configuration of disableChallengeResourceVerification property

- Fix a missed JavaDoc

Signed-off-by: Esta Nagy <nagyesta@gmail.com>

* Improve the configuration properties javadoc, and complete the additional-spring-configuration-metadata.json

* Allows configuration of disableChallengeResourceVerification property - Code review fixes #3
- Simplifies factory method logic as per code review recommendation

Resolves #36561

Signed-off-by: Esta Nagy <nagyesta@gmail.com>

---------

Signed-off-by: Esta Nagy <nagyesta@gmail.com>
Co-authored-by: Azure SDK Bot <53356347+azure-sdk@users.noreply.github.com>
Co-authored-by: Xiaolu Dai <xiada@microsoft.com>
@Netyyyy
Copy link
Member

Netyyyy commented Sep 5, 2023

close it for fixed

@Netyyyy Netyyyy closed this as completed Sep 5, 2023
@github-actions github-actions bot locked and limited conversation to collaborators Dec 4, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
azure-spring All azure-spring related issues azure-spring-keyvault Spring keyvault related issues. Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
Spring Cloud Azure
Archived in project
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nagyesta @Netyyyy