我有一个 .NET Core 3.1 Web API 项目,我正在尝试连接 Azure App Config。我让它在其他几个 .NET Framework 项目中工作得很好,但是当我尝试在 Core 3.1 项目中实现它时,如果 App Cong只包含未加密的值,我可以从 App Config 中读取未加密的值,但是得到每当我的应用程序配置包含对任何Azure Key Vault 机密的任何引用时都会出现异常。
到目前为止,我只是通过 API 解决方案中的单元测试项目来证明这一点。这是代码:
namespace WebApi.Test.Integration.Settings
{
public abstract class SettingsTestBase
{
protected SettingsTestBase()
{
Environment.SetEnvironmentVariable("Azure_Tenant_Id", "my-tenant-id");
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
}
}
public class SettingsTests : SettingsTestBase
{
[Fact]
public void SettingsRequest_ReturnsValidSettings()
{
var config = GetConfiguration("https://my.keyvault.url.net");
var setting = config["my-keyvaultvalue-v1"] ?? "Hello world!";
Assert.NotNull(setting);
Assert.NotEqual(string.Empty, setting);
Assert.NotEqual("Hello world!", setting);
}
private IConfigurationRoot GetConfiguration(string uri)
{
var azureCred = new DefaultAzureCredential();
var chainedCred = new ChainedTokenCredential(azureCred);
var builder = new ConfigurationBuilder();
//The optional:true parameter for AddAzureAppConfiguration does not work, as of AzureAppConfiguration 3.0.1,
//specifically for the KeyVaultReferenceException we're experiencing. However, this would only gracefully not
//load our key vault secrets, not solve the problem we're having with retrieving secrets.
//https://github.com/Azure/AppConfiguration-DotnetProvider/issues/136
builder.AddAzureAppConfiguration(options =>
options.Connect(new Uri(uri), chainedCred), optional: true);
var config = builder.Build();
return config;
}
}
}
到目前为止我已经包含的包:
Azure.Identity -v 1.1.1
Microsoft.Azure.KeyVault -v 3.0.5
Microsoft.Azure.Services.AppAuthentication -v 1.5.0
Microsoft.Extensions.Configuration.AzureAppConfiguration -v 3.0.1
Microsoft.Extensions.Configuration.AzureKeyVault -v 3.1.5
这是我运行测试时得到的结果:
WebApi.Test.Integration.Settings.SettingsTests.SettingsRequest_ReturnsValidSettings
Source: SettingsTests.cs
Duration: 5 sec
Message:
Microsoft.Extensions.Configuration.AzureAppConfiguration.KeyVaultReferenceException : No key vault credential configured and no matching secret client could be found.. ErrorCode:, Key:my-keyvaultsecretvalue-v1, Label:, Etag:xxxxxxxxxxxxxxxxxxxxxxxxx, SecretIdentifier:https://my.keyvault.url.net/secrets/my-keyvaultsecretvalue-v1
---- System.UnauthorizedAccessException : No key vault credential configured and no matching secret client could be found.
Stack Trace:
AzureKeyVaultKeyValueAdapter.ProcessKeyValue(ConfigurationSetting setting, CancellationToken cancellationToken)
AzureAppConfigurationProvider.ProcessAdapters(ConfigurationSetting setting, CancellationToken cancellationToken)
AzureAppConfigurationProvider.SetData(IDictionary`2 data, CancellationToken cancellationToken)
AzureAppConfigurationProvider.LoadAll(Boolean ignoreFailures)
AzureAppConfigurationProvider.Load()
ConfigurationRoot.ctor(IList`1 providers)
ConfigurationBuilder.Build()
SettingsTests.GetConfiguration(String uri) line 91
SettingsTests.SettingsRequest_ReturnsValidSettings() line 60
----- Inner Stack Trace -----
AzureKeyVaultSecretProvider.GetSecretValue(Uri secretUri, CancellationToken cancellationToken)
AzureKeyVaultKeyValueAdapter.ProcessKeyValue(ConfigurationSetting setting, CancellationToken cancellationToken)