I have a simple Dapr sample app with 2 apps: a checkout app that places an "order" order message using the Dapr PubSub components and a orderprocessor app that picks up the orders using the Dapr PubSub components and "processes" them.
This works just fine on my dev laptop (uses Redis) and also when deployed to Azure Container App and the pubsub component uses Azure Service Bus and a Connection string in the pubsub component metadata.
However, I want to use Azure Managed Identities to remove the connection string from the pubsub component.
According to the Dapr Github page the PubSub Azure service bus integration should support Managed Identities - https://github.com/dapr/components-contrib/issues/1103 and the necessary pubsub component configuration for this to work should be to add the azureClientId for the system managed identity (azure add appId created for the managed identity) property to the metadata section of the component - see https://docs.dapr.io/developing-applications/integrations/azure/authenticating-azure/
I have provisioned the managed identity (system) for the checkout app using Bicep and have also assigned the Azure Service Bus Data Sender role for the checkout app in my Service Bus Namespace.
Then I've used the ApplicationId created in AzureAD for my managed identity and added the azureClientId to the metadata of the pubsub component.
However, this seems like it's not enough despite what the documentation says. In my container logs I get the following error when I try to publish an order:
2023-04-25T09:44:14.32609 Connecting to the container 'checkout'... 2023-04-25T09:44:14.34928 Successfully Connected to container: 'checkout' [Revision: 'checkoutapp--4thiv3g', Replica: 'checkoutapp--4thiv3g-59bb548ccc-xdshg'] 2023-04-25T09:39:24.916018561Z ---> Grpc.Core.RpcException: Status(StatusCode="Internal", Detail="Error starting gRPC call. HttpRequestException: Connection refused (127.0.0.1:50001) SocketException: Connection refused", DebugException="System.Net.Http.HttpRequestException: Connection refused (127.0.0.1:50001) 2023-04-25T09:39:24.916023350Z ---> System.Net.Sockets.SocketException (111): Connection refused 2023-04-25T09:39:24.916026987Z at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken) 2023-04-25T09:39:24.916030854Z at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token) 2023-04-25T09:39:24.916034291Z at System.Net.Sockets.Socket.g__WaitForConnectWithCancellation|277_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken) 2023-04-25T09:39:24.916038719Z at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken) 2023-04-25T09:39:24.916042356Z
--- End of inner exception stack trace --- 2023-04-25T09:39:24.916046543Z at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken) 2023-04-25T09:39:24.916051272Z
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) 2023-04-25T09:39:24.916055540Z at System.Net.Http.HttpConnectionPool.AddHttp2ConnectionAsync(HttpRequestMessage request) 2023-04-25T09:39:24.916059838Z at System.Threading.Tasks.TaskCompletionSourceWithCancellation1.WaitWithCancellationAsync(CancellationToken cancellationToken) 2023-04-25T09:39:24.916063445Z at System.Net.Http.HttpConnectionPool.GetHttp2ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) 2023-04-25T09:39:24.916067963Z at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken) 2023-04-25T09:39:24.916071931Z at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) 2023-04-25T09:39:24.916074386Z at Grpc.Net.Client.Internal.GrpcCall2.RunCall(HttpRequestMessage request, Nullable1 timeout)") 2023-04-25T09:39:24.916076450Z at Dapr.Client.DaprClientGrpc.MakePublishRequest(String pubsubName, String topicName, ByteString content, Dictionary2 metadata, String dataContentType, CancellationToken cancellationToken) 2023-04-25T09:39:24.916078483Z --- End of inner exception stack trace --- 2023-04-25T09:39:24.916080597Z at Dapr.Client.DaprClientGrpc.MakePublishRequest(String pubsubName, String topicName, ByteString content, Dictionary`2 metadata, String dataContentType, CancellationToken cancellationToken) 2023-04-25T09:39:24.916082411Z at Program.$(String[] args) in /src/Program.cs:line 9 2023-04-25T09:39:24.916084234Z at Program.(String[] args)
Does anyone have experience with using Managed Identities with Dapr components and might have an idea what am I missing?
Thank you!
