对于初学者来说,当我的应用程序配置没有任何keyvault引用链接时,我可以在启动时毫无问题地获取我的值。然而,我正在尝试将我的Spring Boot应用程序连接到我的Azure应用程序配置资源,该资源具有链接到Azure Keyvault的机密。我遵循以下指南:https://learn.microsoft.com/en-us/azure/azure-app-configuration/use-key-vault-references-spring-boot#prerequisites
我得到错误:
ERROR 5088 --- [ main] c.a.i.implementation.IdentityClient : ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, connect timed out.
ERROR 5088 --- [ main] c.a.identity.ManagedIdentityCredential : Azure Identity => ERROR in getToken() call for scopes [https://{SERVICE-NAME}.azconfig.io/.default]: ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, connect timed out.
ERROR 5088 --- [ main] c.a.core.credential.SimpleTokenCache : Failed to acquire a new access token.
[...]
java.lang.RuntimeException: Max retries 2 times exceeded. Error Details: ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, connect timed out.
据我所知,从这篇SO文章来看,DefaultAzureCredentialBuilder((应该通过一系列可能存储的身份验证值来提取并尝试访问Keyvault。由于ManagedIdentity Credential应该失败,因为它只在我的本地计算机上(而不是在Azure虚拟机上托管(,所以它看起来不像。它似乎在尝试连接和达到最大重试次数时被挂断了。
我有没有办法强制DefaultAzureCredentialBuilder((跳过managedIdentity红色,直接转到AzureCliCred?
这是我的pom.xml
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>spring-cloud-azure-appconfiguration-config</artifactId>
<version>1.3.0</version>
</dependency>
这是我的AzureCredentials.class和我尝试过的:
import com.azure.core.credential.TokenCredential;
import com.azure.identity.*;
import com.microsoft.azure.spring.cloud.config.AppConfigurationCredentialProvider;
import com.microsoft.azure.spring.cloud.config.KeyVaultCredentialProvider;
public class AzureCredentials implements AppConfigurationCredentialProvider, KeyVaultCredentialProvider {
@Override
public TokenCredential getKeyVaultCredential(String uri) {
return getCredential();
}
@Override
public TokenCredential getAppConfigCredential(String uri) {
return getCredential();
}
private TokenCredential getCredential() {
return new AzureCliCredentialBuilder().build(); // fails, is attempting ManagedIdentityCredential anyways! times out after 3 attempts
// return new DefaultAzureCredentialBuilder().build(); //fails, is attempting ManagedIdentityCredential but times out after 3 attempts
}
}
spring.factories、bootstrap.yml和引用AzureCredentials的Configbean也被创建(根据教程(。
如果你有什么建议,请告诉我。
谢谢!
看起来您没有设置环境变量,默认的azure凭据应该尝试使用该设置。您可以在此处找到帮助/示例https://github.com/Azure/azure-sdk-for-java/tree/main/sdk/identity/azure-identity#credential-类。
可能是你用来运行项目的任何东西都没有获得新的环境变量,需要重新启动。