Skip to content

[Bug] Secret URI not populated for App Configuration Settings using Key Vault References #20518

New issue
New issue
Closed
Closed
[Bug] Secret URI not populated for App Configuration Settings using Key Vault References#20518
Assignees
xiangyan99YalinLi0312
Labels
App ConfigurationAzure.ApplicationModel.ConfigurationClientThis issue points to a problem in the data-plane of the library.bugThis issue requires a change to an existing behavior in the product in order to be resolved.customer-reportedIssues that are reported by GitHub users external to the Azure organization.issue-addressedWorkflow: The Azure SDK team believes it to be addressed and ready to close.
Milestone
[2021] November
@DhavalShewale

Description

@DhavalShewale
DhavalShewale
opened on Sep 2, 2021

Setup

  • Package Name: azure-appconfiguration
  • Package Version: 1.2.0
  • Python Version: 3.8.3

Describe the bug

  • Version 1.1.1 would populate the uri for secret reference configuration in value field
  • However since version 1.2.0, a new type SecretReferenceConfigurationSetting was introduced. There is no field populated which could help to identify or retrieve the secret

Code Snippet

Code that works on version 1.1.1

from azure.appconfiguration import AzureAppConfigurationClient
from azure.keyvault.secrets import SecretClient
from azure.identity import AzureCliCredential

import json


credential = AzureCliCredential()
config_client = AzureAppConfigurationClient(base_url= APP_CONFIG_URL, credential=credential)
secret_client = SecretClient(vault_url=KEY_VAULT_URL, credential=credential)

app_config = dict()

for namespace in NAMESPACE_FILTER.split(','):
    for config in config_client.list_configuration_settings(key_filter=f'/{namespace}/*', label_filter=LABEL_FILTER):
         if config.content_type == 'application/vnd.microsoft.appconfig.keyvaultref+json;charset=utf-8':
             app_config[config.key.split('/')[-1]] = secret_client.get_secret(json.loads(config.value)['uri'].split('/')[-1]).value
         else:
             app_config[config.key.split('/')[-1]] = config.value

Code Output

Config returned by version 1.1.1

  • Type of config returned - azure.appconfiguration._models.ConfigurationSetting
  • Contents:
{
  'additional_properties': {},
  'key': <key>, 
  'label': <label>, 
  'content_type': 'application/vnd.microsoft.appconfig.keyvaultref+json;charset=utf-8', 
  'value': '{"uri":<keyvault_uri>}', 
  'last_modified': <last_modified>, 
  'tags': {}, 
  'read_only': False, 
  'etag': <etag>'
}

Config returned by version 1.2.0

  • Type of config returned - azure.appconfiguration._models.SecretReferenceConfigurationSetting
  • Contents:
{
  'key': <key>, 
  'label': <label>, 
  'content_type': 'application/vnd.microsoft.appconfig.keyvaultref+json;charset=utf-8', 
  'etag': <etag>, 
  'last_modified': <last_modified>, 
  'read_only': False, 
  'tags': {}, 
  'secret_id': None, 
  '_value': '{"secret_uri": null}'
}

Expected behavior

  • uri for the referred secret should be populated so that it can be used to retrieve the secret value using SecretClient

Metadata

Metadata

Assignees

Labels

App ConfigurationAzure.ApplicationModel.ConfigurationClientThis issue points to a problem in the data-plane of the library.bugThis issue requires a change to an existing behavior in the product in order to be resolved.customer-reportedIssues that are reported by GitHub users external to the Azure organization.issue-addressedWorkflow: The Azure SDK team believes it to be addressed and ready to close.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions