gpt4 book ai didi

c# - Azure Key Vault .NET Core 3.1 Web API 无法访问 secret

转载 作者:行者123 更新时间:2023-12-02 23:16:49 25 4
gpt4 key购买 nike

我有一个 .NET Core 3.1 Web API 项目,我正在尝试连接 Azure 应用程序配置。我让它在其他几个 .NET Framework 项目中工作得很好,但是当我尝试在 Core 3.1 项目中实现它时,如果应用程序 Cong 仅 包含未加密的值,但只要我的应用程序配置包含任何任何 Azure Key Vault secret 的引用,就会出现异常。

到目前为止,我只是通过 API 解决方案中的单元测试项目来证明这一点。代码如下:

namespace WebApi.Test.Integration.Settings
{
public abstract class SettingsTestBase
{
protected SettingsTestBase()
{
Environment.SetEnvironmentVariable("Azure_Tenant_Id", "my-tenant-id");

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
}
}

public class SettingsTests : SettingsTestBase
{
[Fact]
public void SettingsRequest_ReturnsValidSettings()
{
var config = GetConfiguration("https://my.keyvault.url.net");

var setting = config["my-keyvaultvalue-v1"] ?? "Hello world!";

Assert.NotNull(setting);
Assert.NotEqual(string.Empty, setting);
Assert.NotEqual("Hello world!", setting);
}

private IConfigurationRoot GetConfiguration(string uri)
{
var azureCred = new DefaultAzureCredential();
var chainedCred = new ChainedTokenCredential(azureCred);
var builder = new ConfigurationBuilder();

//The optional:true parameter for AddAzureAppConfiguration does not work, as of AzureAppConfiguration 3.0.1,
//specifically for the KeyVaultReferenceException we're experiencing. However, this would only gracefully not
//load our key vault secrets, not solve the problem we're having with retrieving secrets.
//https://github.com/Azure/AppConfiguration-DotnetProvider/issues/136
builder.AddAzureAppConfiguration(options =>
options.Connect(new Uri(uri), chainedCred), optional: true);

var config = builder.Build();

return config;
}
}
}

到目前为止我已经包含的软件包:

Azure.Identity -v 1.1.1
Microsoft.Azure.KeyVault -v 3.0.5
Microsoft.Azure.Services.AppAuthentication -v 1.5.0
Microsoft.Extensions.Configuration.AzureAppConfiguration -v 3.0.1
Microsoft.Extensions.Configuration.AzureKeyVault -v 3.1.5

这是我运行测试时得到的结果:

 WebApi.Test.Integration.Settings.SettingsTests.SettingsRequest_ReturnsValidSettings
Source: SettingsTests.cs
Duration: 5 sec

Message:
Microsoft.Extensions.Configuration.AzureAppConfiguration.KeyVaultReferenceException : No key vault credential configured and no matching secret client could be found.. ErrorCode:, Key:my-keyvaultsecretvalue-v1, Label:, Etag:xxxxxxxxxxxxxxxxxxxxxxxxx, SecretIdentifier:https://my.keyvault.url.net/secrets/my-keyvaultsecretvalue-v1
---- System.UnauthorizedAccessException : No key vault credential configured and no matching secret client could be found.
Stack Trace:
AzureKeyVaultKeyValueAdapter.ProcessKeyValue(ConfigurationSetting setting, CancellationToken cancellationToken)
AzureAppConfigurationProvider.ProcessAdapters(ConfigurationSetting setting, CancellationToken cancellationToken)
AzureAppConfigurationProvider.SetData(IDictionary`2 data, CancellationToken cancellationToken)
AzureAppConfigurationProvider.LoadAll(Boolean ignoreFailures)
AzureAppConfigurationProvider.Load()
ConfigurationRoot.ctor(IList`1 providers)
ConfigurationBuilder.Build()
SettingsTests.GetConfiguration(String uri) line 91
SettingsTests.SettingsRequest_ReturnsValidSettings() line 60
----- Inner Stack Trace -----
AzureKeyVaultSecretProvider.GetSecretValue(Uri secretUri, CancellationToken cancellationToken)
AzureKeyVaultKeyValueAdapter.ProcessKeyValue(ConfigurationSetting setting, CancellationToken cancellationToken)

最佳答案

未配置 Key Vault 访问权限。

尝试调用:

builder.AddAzureAppConfiguration(options =>
{
options.Connect(new Uri(uri), chainedCred);
options.ConfigureKeyVault(kv => kv.SetCredential(chainedCred));
}, optional: true);

chainedCred 需要用于有权访问引用的 Key Vault 的主体。

或者,如果您未配置 Key Vault 的原因是您不需要这些 secret ,则需要设置 AzureAppConfiguration 选项,以便仅查询不引用 Key Vault 的设置。

关于c# - Azure Key Vault .NET Core 3.1 Web API 无法访问 secret ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/62563973/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com