我正在开发一个用 Kotlin 和 Spring 编写的项目,在 Azure Kubernetes 服务 (AKS) 上执行,并且我使用该库
com.azure.spring:azure-spring-boot-starter-keyvault-certificates:3.14.0KeyStore.getInstance("AzureKeyVault").load(KeyVaultLoadStoreParameter(keyVaultUri)java.security.KeyStore之前我使用的是 Azure AD Pod Identity 并且代码工作正常,但是当我切换到 Azure AD Workload Identity 时,我得到:
Caused by: java.lang.NullPointerException: Cannot invoke "com.azure.security.keyvault.jca.implementation.model.AccessToken.getAccessToken()" because "this.accessToken" is null
at com.azure.security.keyvault.jca.implementation.KeyVaultClient.getAccessToken(KeyVaultClient.java:195) ~[azure-security-keyvault-jca-2.6.0.jar!/:2.6.0]
at com.azure.security.keyvault.jca.implementation.KeyVaultClient.getAliases(KeyVaultClient.java:233) ~[azure-security-keyvault-jca-2.6.0.jar!/:2.6.0]
at com.azure.security.keyvault.jca.implementation.certificates.KeyVaultCertificates.refreshCertificates(KeyVaultCertificates.java:142) ~[azure-security-keyvault-jca-2.6.0.jar!/:2.6.0]
at com.azure.security.keyvault.jca.implementation.certificates.KeyVaultCertificates.refreshCertificatesIfNeeded(KeyVaultCertificates.java:130) ~[azure-security-keyvault-jca-2.6.0.jar!/:2.6.0]
at com.azure.security.keyvault.jca.implementation.certificates.KeyVaultCertificates.getCertificateKeys(KeyVaultCertificates.java:122) ~[azure-security-keyvault-jca-2.6.0.jar!/:2.6.0]
我还使用 Azure AD Workload Identity 依靠
WorkloadIdentityCredentialBuilder().build()我认为
com.azure.spring:azure-spring-boot-starter-keyvault-certificates:3.14.0为了从 Azure KeyVault 获取证书
java.security.KeyStoreval secretClient = SecretClientBuilder()
.vaultUrl(keyVaultUrl)
.credential(DefaultAzureCredentialBuilder().build())
.buildClient()
val certificateWithKey = secretClient.getSecret(certificateName, null).value
val keyStore = KeyStore.getInstance("JKS")
keyStore.load(Base64.getDecoder().decode(certificateWithKey).inputStream(), "".toCharArray())