Describe the bug
The Spring Key Vault integration (spring-cloud-azure-starter-keyvault-secrets) does not work with local test doubles because the disableChallengeResourceVerification option is not configurable.
Exception or Stack Trace
Add the exception log and stack trace if available
java.lang.IllegalStateException: Failed to configure KeyVault property source
at com.azure.spring.cloud.autoconfigure.implementation.keyvault.environment.KeyVaultEnvironmentPostProcessor.buildKeyVaultPropertySource(KeyVaultEnvironmentPostProcessor.java:131)
at com.azure.spring.cloud.autoconfigure.implementation.keyvault.environment.KeyVaultEnvironmentPostProcessor.buildKeyVaultPropertySourceList(KeyVaultEnvironmentPostProcessor.java:116)
at com.azure.spring.cloud.autoconfigure.implementation.keyvault.environment.KeyVaultEnvironmentPostProcessor.postProcessEnvironment(KeyVaultEnvironmentPostProcessor.java:89)
at org.springframework.boot.env.EnvironmentPostProcessorApplicationListener.onApplicationEnvironmentPreparedEvent(EnvironmentPostProcessorApplicationListener.java:109)
at org.springframework.boot.env.EnvironmentPostProcessorApplicationListener.onApplicationEvent(EnvironmentPostProcessorApplicationListener.java:94)
at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:143)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:131)
at org.springframework.boot.context.event.EventPublishingRunListener.multicastInitialEvent(EventPublishingRunListener.java:136)
at org.springframework.boot.context.event.EventPublishingRunListener.environmentPrepared(EventPublishingRunListener.java:81)
at org.springframework.boot.SpringApplicationRunListeners.lambda$environmentPrepared$2(SpringApplicationRunListeners.java:64)
at java.base/java.lang.Iterable.forEach(Iterable.java:75)
at org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:118)
at org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:112)
at org.springframework.boot.SpringApplicationRunListeners.environmentPrepared(SpringApplicationRunListeners.java:63)
at org.springframework.boot.SpringApplication.prepareEnvironment(SpringApplication.java:356)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:307)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1306)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1295)
at com.github.nagyesta.example.sbkvdemo.SpringBootLocalKeyVaultDemoApplication.main(SpringBootLocalKeyVaultDemoApplication.java:10)
Caused by: java.lang.RuntimeException: The challenge resource 'https://localhost:10543/.default' does not match the requested domain. If you wish to disable this check for your client, pass 'true' to the SecretClientBuilder.disableChallengeResourceVerification() method when building it. See https://aka.ms/azsdk/blog/vault-uri for more information.
at com.azure.security.keyvault.secrets.implementation.KeyVaultCredentialPolicy.authorizeRequestOnChallengeSync(KeyVaultCredentialPolicy.java:281)
at com.azure.core.http.policy.BearerTokenAuthenticationPolicy.processSync(BearerTokenAuthenticationPolicy.java:135)
at com.azure.core.http.HttpPipelineNextSyncPolicy.processSync(HttpPipelineNextSyncPolicy.java:41)
at com.azure.core.http.policy.RetryPolicy.attemptSync(RetryPolicy.java:164)
To Reproduce
Steps to reproduce the behavior:
Please check the failing branch of the example project I have created here: https://github.com/nagyesta/spring-boot-local-key-vault-demo/tree/failing
Code Snippet
com.azure.spring.cloud.autoconfigure.implementation.keyvault.secrets.properties.AzureKeyVaultPropertySourceProperties does not have a disableChallengeResourceVerification field (and the related getter-setter).
Therefore, the com.azure.security.keyvault.secrets.SecretClientBuilder#buildInnerClient method cannot set it as true in this line:
policies.add(new KeyVaultCredentialPolicy(credential, disableChallengeResourceVerification));
Expected behavior
The client configuration should allow disableChallengeResourceVerification to be freely configured for tests.
Screenshots
N/A
Setup (please complete the following information):
- OS: Any (tried on Kubuntu 22.04 LTS)
- IDE: Any (tried with IntelliJ)
- Library/Libraries: com.azure.spring:spring-cloud-azure-starter-keyvault-secrets:5.5.0
- Java version: Any (tried with 17)
- App Server/Environment: Any
- Frameworks: Spring Boot 3.1.2
Additional context
Related to #29651
Information Checklist
Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report
Describe the bug
The Spring Key Vault integration (
spring-cloud-azure-starter-keyvault-secrets) does not work with local test doubles because thedisableChallengeResourceVerificationoption is not configurable.Exception or Stack Trace
Add the exception log and stack trace if available
To Reproduce
Steps to reproduce the behavior:
Please check the
failingbranch of the example project I have created here: https://github.com/nagyesta/spring-boot-local-key-vault-demo/tree/failingCode Snippet
com.azure.spring.cloud.autoconfigure.implementation.keyvault.secrets.properties.AzureKeyVaultPropertySourcePropertiesdoes not have adisableChallengeResourceVerificationfield (and the related getter-setter).Therefore, the
com.azure.security.keyvault.secrets.SecretClientBuilder#buildInnerClientmethod cannot set it as true in this line:Expected behavior
The client configuration should allow disableChallengeResourceVerification to be freely configured for tests.
Screenshots
N/A
Setup (please complete the following information):
Additional context
Related to #29651
Information Checklist
Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report