我有一个.NET Core 3.1 Web API项目,试图在其中连接Azure App Config。我可以在其他几个.NET Framework项目中正常工作,但是当我尝试在Core 3.1项目中实现它时,如果仅应用Cong 包含未加密的值,但是每当我的应用程序配置包含对 any Azure Key Vault机密的 any 引用时,都会出现异常。
到目前为止,我只是通过API解决方案中的单元测试项目对此进行了证明。这是代码:
namespace WebApi.Test.Integration.Settings
{
public abstract class SettingsTestBase
{
protected SettingsTestBase()
{
Environment.SetEnvironmentVariable("Azure_Tenant_Id", "my-tenant-id");
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
}
}
public class SettingsTests : SettingsTestBase
{
[Fact]
public void SettingsRequest_ReturnsValidSettings()
{
var config = GetConfiguration("https://my.keyvault.url.net");
var setting = config["my-keyvaultvalue-v1"] ?? "Hello world!";
Assert.NotNull(setting);
Assert.NotEqual(string.Empty, setting);
Assert.NotEqual("Hello world!", setting);
}
private IConfigurationRoot GetConfiguration(string uri)
{
var azureCred = new DefaultAzureCredential();
var chainedCred = new ChainedTokenCredential(azureCred);
var builder = new ConfigurationBuilder();
//The optional:true parameter for AddAzureAppConfiguration does not work, as of AzureAppConfiguration 3.0.1,
//specifically for the KeyVaultReferenceException we're experiencing. However, this would only gracefully not
//load our key vault secrets, not solve the problem we're having with retrieving secrets.
//https://github.com/Azure/AppConfiguration-DotnetProvider/issues/136
builder.AddAzureAppConfiguration(options =>
options.Connect(new Uri(uri), chainedCred), optional: true);
var config = builder.Build();
return config;
}
}
}
到目前为止我已经包含的软件包:
Azure.Identity -v 1.1.1
Microsoft.Azure.KeyVault -v 3.0.5
Microsoft.Azure.Services.AppAuthentication -v 1.5.0
Microsoft.Extensions.Configuration.AzureAppConfiguration -v 3.0.1
Microsoft.Extensions.Configuration.AzureKeyVault -v 3.1.5
这是我进行测试时得到的:
WebApi.Test.Integration.Settings.SettingsTests.SettingsRequest_ReturnsValidSettings
Source: SettingsTests.cs
Duration: 5 sec
Message:
Microsoft.Extensions.Configuration.AzureAppConfiguration.KeyVaultReferenceException : No key vault credential configured and no matching secret client could be found.. ErrorCode:, Key:my-keyvaultsecretvalue-v1, Label:, Etag:xxxxxxxxxxxxxxxxxxxxxxxxx, SecretIdentifier:https://my.keyvault.url.net/secrets/my-keyvaultsecretvalue-v1
---- System.UnauthorizedAccessException : No key vault credential configured and no matching secret client could be found.
Stack Trace:
AzureKeyVaultKeyValueAdapter.ProcessKeyValue(ConfigurationSetting setting, CancellationToken cancellationToken)
AzureAppConfigurationProvider.ProcessAdapters(ConfigurationSetting setting, CancellationToken cancellationToken)
AzureAppConfigurationProvider.SetData(IDictionary`2 data, CancellationToken cancellationToken)
AzureAppConfigurationProvider.LoadAll(Boolean ignoreFailures)
AzureAppConfigurationProvider.Load()
ConfigurationRoot.ctor(IList`1 providers)
ConfigurationBuilder.Build()
SettingsTests.GetConfiguration(String uri) line 91
SettingsTests.SettingsRequest_ReturnsValidSettings() line 60
----- Inner Stack Trace -----
AzureKeyVaultSecretProvider.GetSecretValue(Uri secretUri, CancellationToken cancellationToken)
AzureKeyVaultKeyValueAdapter.ProcessKeyValue(ConfigurationSetting setting, CancellationToken cancellationToken)
答案 0 :(得分:1)
未配置Key Vault访问权限。
尝试致电:
builder.AddAzureAppConfiguration(options =>
{
options.Connect(new Uri(uri), chainedCred);
options.ConfigureKeyVault(kv => kv.SetCredential(chainedCred));
}, optional: true);
chainedCred必须是有权访问引用的Key Vault的主体。
或者,如果未配置Key Vault的原因是因为您不希望获得机密,则需要设置AzureAppConfiguration选项,以便仅查询不引用Key Vault的设置。
>