When you are assigning role, you need the "Object Id" from Azure AD Application, however, when you are authenticating application into Cosmos DB you need to use "Application Id" from Azure AD Application.
disableLocalAuth for cosmos db
HAO XIN
0
Reputation points
Attempting to use RBAC authentication to connect to Cosmos DB results in different behaviors based on the disableLocalAuth
setting.
When disableLocalAuth
is set to false
, the connection to Cosmos DB is successful, and data can be retrieved. However, setting disableLocalAuth
to true
leads to the following error:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'cosmosAsyncClient' defined in class path resource [com/azure/spring/autoconfigure/cosmos/CosmosAutoConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.azure.cosmos.CosmosAsyncClient]: Factory method 'cosmosAsyncClient' threw exception; nested exception is java.lang.RuntimeException: Client initialization failed. Check if the endpoint is reachable and if your auth token is valid. More info: https://aka.ms/cosmosdb-tsg-service-unavailable-java
Failed to instantiate [com.azure.cosmos.CosmosAsyncClient]: Factory method 'cosmosAsyncClient' threw exception; nested exception is java.lang.RuntimeException: Client initialization failed. Check if the endpoint is reachable and if your auth token is valid. More info: https://aka.ms/cosmosdb-tsg-service-unavailable-java
and we already assign COSMOS build in data contributor role for exiting service principle.
Is there anyone who has encountered a similar issue? is there any missing steps for setting?
TokenCredential servicePrincipal =
new ClientSecretCredentialBuilder()
.authorityHost("https://login.microsoftonline.com")
.tenantId(cosmosConfig.getTenantId())
.clientId(cosmosConfig.getClientId())
.clientSecret(cosmosConfig.getClientKey())
.build();
return client = new CosmosClientBuilder()
.endpoint(cosmosConfig.getUri())
.credential(servicePrincipal)
.consistencyLevel(ConsistencyLevel.SESSION)
.buildAsyncClient();
1 answer
Sort by: Most helpful
-
Sajeetharan 2,261 Reputation points Microsoft Employee
2024-10-17T18:13:19.9933333+00:00