我在一个用Kotlin和Spring编写的项目上工作,在Azure Kubernetes Service(AKS)上执行,我使用com.azure.spring:azure-spring-boot-starter-keyvault-certificates:3.14.0库和以下代码:KeyStore.getInstance("AzureKeyVault").load(KeyVaultLoadStoreParameter(keyVaultUri)来检索java.security.KeyStore。
以前我使用的是Azure AD Pod Identity,代码运行良好,但当我切换到Azure AD Workload Identity时,我得到:
Caused by: java.lang.NullPointerException: Cannot invoke "com.azure.security.keyvault.jca.implementation.model.AccessToken.getAccessToken()" because "this.accessToken" is nullat com.azure.security.keyvault.jca.implementation.KeyVaultClient.getAccessToken(KeyVaultClient.java:195) ~[azure-security-keyvault-jca-2.6.0.jar!/:2.6.0]at com.azure.security.keyvault.jca.implementation.KeyVaultClient.getAliases(KeyVaultClient.java:233) ~[azure-security-keyvault-jca-2.6.0.jar!/:2.6.0]at com.azure.security.keyvault.jca.implementation.certificates.KeyVaultCertificates.refreshCertificates(KeyVaultCertificates.java:142) ~[azure-security-keyvault-jca-2.6.0.jar!/:2.6.0]at com.azure.security.keyvault.jca.implementation.certificates.KeyVaultCertificates.refreshCertificatesIfNeeded(KeyVaultCertificates.java:130) ~[azure-security-keyvault-jca-2.6.0.jar!/:2.6.0]at com.azure.security.keyvault.jca.implementation.certificates.KeyVaultCertificates.getCertificateKeys(KeyVaultCertificates.java:122) ~[azure-security-keyvault-jca-2.6.0.jar!/:2.6.0]
字符串
我还使用Azure AD Workload Identity与CosmosDB通信,服务总线依赖于WorkloadIdentityCredentialBuilder().build(),一切正常。
我假设com.azure.spring:azure-spring-boot-starter-keyvault-certificates:3.14.0失败是因为使用Azure AD Workload Identity获取令牌的过程有些不同,但我不确定到底是什么导致了这个问题。
1条答案
按热度按时间zy1mlcev1#
为了从Azure KeyVault获得证书的
java.security.KeyStore,我最终使用了以下方法(仅依赖于com.azure:azure-security-keyvault-secrets:4.7.1):字符串