Select a specific client id in a VM with multiple managed identities.

David Wong 46 Reputation points
2024-04-24T18:23:08.38+00:00

I could not authorize Azure Service Bus with spring-cloud-azure-starter-servicebus. From the log, my app had no problem getting the token, but I got "Unauthorized access. 'Send' claim(s) are required to perform this operation." when I sent the message.

From the same VM, I wrote a test program with azure-identity, which I believe spring-cloud-azure-starter-servicebus also uses DefaultAzureCredential from azure-identity to create a credential. I had similar problems. However, if I explicitly created a ManagedIdentityCredential with the specific client ID, it worked.

I suspect the DefaultAzureCredential picked up the default managed identities (system assigned) that did not require permission.  If this is the case, anyway I can specify the one I want?

Azure Service Bus
Azure Service Bus
An Azure service that provides cloud messaging as a service and hybrid integration.
638 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. 2024-04-25T07:12:55.6666667+00:00

    Try:

    TokenCredential managedIdentityCredentialUserAssigned = new ManagedIdentityCredentialBuilder()
         .clientId(clientId) // specify client id of user-assigned managed identity.
         .build();
    

    Source: https://learn.microsoft.com/en-us/java/api/com.azure.identity.managedidentitycredentialbuilder?view=azure-java-stable#com-azure-identity-managedidentitycredentialbuilder-clientid(java-lang-string)


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.