Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] azure-identity-extentions - WorkloadIdentityCredential with JDBC lag in response #43894

Open
3 tasks done
grabskimm opened this issue Jan 23, 2025 · 2 comments
Open
3 tasks done

[BUG] azure-identity-extentions - WorkloadIdentityCredential with JDBC lag in response #43894

grabskimm opened this issue Jan 23, 2025 · 2 comments
Assignees
@g2vinay
Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that

Comments

@grabskimm
Copy link

grabskimm commented Jan 23, 2025
edited
Loading

Describe the bug
Our application setup with Java/Maven built with docker runs on AKS alongside Azure managed PostgreSQL Flexiable server. The application connects to PostgreSQL datababase via JDBC URL which until now included the complete URL with username & password. We have now setup service connector with workload identity as describe here, which in turn allows us to pass the JDBC URL without a password relying on AzurePostgresqlAuthenticationPlugin / azure-identity-extentions.

Previouslly with username/password auth the query for a single row would return a response within 500 milliseconds, the same query now takes up to 30 seconds. We suspect the logs below to cause the delay in returning the expected token.

Exception or Stack Trace

25/01/15 17:30:06 INFO ChainedTokenCredential: Azure Identity => Attempted credential EnvironmentCredential is unavailable.
25/01/15 17:30:12 INFO ChainedTokenCredential: Azure Identity => Attempted credential WorkloadIdentityCredential returns a token
25/01/15 17:30:12 INFO ChainedTokenCredential: Azure Identity => Attempted credential EnvironmentCredential is unavailable.
25/01/15 17:30:18 INFO ChainedTokenCredential: Azure Identity => Attempted credential WorkloadIdentityCredential returns a token
25/01/15 17:30:18 INFO ChainedTokenCredential: Azure Identity => Attempted credential EnvironmentCredential is unavailable.
25/01/15 17:30:19 INFO ChainedTokenCredential: Azure Identity => Attempted credential EnvironmentCredential is unavailable.
25/01/15 17:30:24 INFO ChainedTokenCredential: Azure Identity => Attempted credential WorkloadIdentityCredential returns a token
25/01/15 17:30:24 INFO ChainedTokenCredential: Azure Identity => Attempted credential EnvironmentCredential is unavailable.
25/01/15 17:30:25 INFO ChainedTokenCredential: Azure Identity => Attempted credential WorkloadIdentityCredential returns a token
25/01/15 17:30:25 INFO ChainedTokenCredential: Azure Identity => Attempted credential EnvironmentCredential is unavailable.
25/01/15 17:30:30 INFO ChainedTokenCredential: Azure Identity => Attempted credential WorkloadIdentityCredential returns a token
25/01/15 17:30:30 INFO ChainedTokenCredential: Azure Identity => Attempted credential EnvironmentCredential is unavailable.
25/01/15 17:30:31 INFO ChainedTokenCredential: Azure Identity => Attempted credential WorkloadIdentityCredential returns a token
25/01/15 17:30:36 INFO ChainedTokenCredential: Azure Identity => Attempted credential WorkloadIdentityCredential returns a token
25/01/15 17:30:36 INFO ChainedTokenCredential: Azure Identity => Attempted credential EnvironmentCredential is unavailable.
25/01/15 17:30:42 INFO ChainedTokenCredential: Azure Identity => Attempted credential WorkloadIdentityCredential returns a token

To Reproduce

  1. Setup AKS cluster
  2. Setup Azure PostgreSQL
  3. Setup service connector with workload identity as describe here.
  4. Connect to Postgres database via JDBC

Code Snippet
No code changes other than passing a new format of the full connection string now including the pluginName.

String url = System.getenv("AZURE_POSTGRESQL_CONNECTIONSTRING");
String pluginName = "com.azure.identity.extensions.jdbc.postgresql.AzurePostgresqlAuthenticationPlugin";  
Connection connection = DriverManager.getConnection(url + "&authenticationPluginClassName=" + pluginName);

Updated complete JDBC URL

jdbc:postgresql://HOSTNAME.postgres.database.azure.com:5432/postgres?sslmode=require&user=USERNAME&authenticationPluginClassName=com.azure.identity.extensions.jdbc.postgresql.AzurePostgresqlAuthenticationPlugin

Expected behavior
The expected behavior is returning a query within 500 milliseconds, instead the query time for a single row takes up close to 30 second.

Screenshots
If applicable, add screenshots to help explain your problem.

Setup (please complete the following information):

  • OS: AKS / Ubuntu Linux
  • IDE: N/A
  • Library/Libraries: azure-identity-extentions:1.2.0, azure-identity:1.15.0 PostgreSQL:42.3.6
  • Java version: 21.0.5, Apache Maven 3.8.7
  • App Server/Environment: Azure AKS
  • Frameworks: Java / Scala

If you suspect a dependency version mismatch (e.g. you see NoClassDefFoundError, NoSuchMethodError or similar), please check out Troubleshoot dependency version conflict article first. If it doesn't provide solution for the problem, please provide:

  • verbose dependency tree (mvn dependency:tree -Dverbose)
  • exception message, full stack trace, and any available logs

Additional context
Add any other context about the problem here.

Information Checklist
Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report

  • Bug Description Added
  • Repro Steps Added
  • Setup information Added
@github-actions github-actions bot added Azure.Identity Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Jan 23, 2025
@github-actions GitHub Actions
Copy link

@billwert @g2vinay

@github-actions GitHub Actions
Copy link

Thank you for your feedback. Tagging and routing to the team member best able to assist.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@g2vinay g2vinay

Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
Azure Identity SDK Improvements
Status: Untriaged
Milestone
No milestone
Development

No branches or pull requests
2 participants
@g2vinay @grabskimm