[BUG] DefaultAzureCredential can't work properly in Spring Cloud Azure

[saragluna]

Describe the bug

Found this issue when fixing this doc MicrosoftDocs/azure-docs#97305; the best case scenario is for users to run this application both locally and in Azure hosting environments without needing to modify any configurations.

If using system-assigned managed identity, users can use the following configuration

spring.cloud.azure.keyvault.secret.property-sources[0].endpoint=https://<your-keyvault-name>.vault.azure.net

But if users are using user-assigned managed identity, users can not make it work in the Azure hosting environment:

spring.cloud.azure.keyvault.secret.property-sources[0].endpoint=https://<your-keyvault-name>.vault.azure.net
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-id={Client ID of user-assigned managed identity}

The current solution I provided in the above PR is not ideal, because with such configurations, users won't be able to run the applications locally.

spring.cloud.azure.keyvault.secret.property-sources[0].endpoint=https://<your-keyvault-name>.vault.azure.net
spring.cloud.azure.keyvault.secret.property-sources[0].credential.managed-identity-enabled=true

or

spring.cloud.azure.keyvault.secret.property-sources[0].endpoint=https://<your-keyvault-name>.vault.azure.net
spring.cloud.azure.keyvault.secret.property-sources[0].credential.managed-identity-enabled=true
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-id={Client ID of user-assigned managed identity}

Exception or Stack Trace
N/A

To Reproduce
Follow this MicrosoftDocs/azure-docs#97305.

Code Snippet
N/A

Expected behavior
With the following configurations, users can run the application both locally and in the Azure hosting environment (with user-assigned managed identity)

spring.cloud.azure.keyvault.secret.property-sources[0].endpoint=https://<your-keyvault-name>.vault.azure.net
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-id={Client ID of user-assigned managed identity}

Screenshots
N/A

Setup (please complete the following information):

• OS: [e.g. MacOS]
• IDE: [e.g. IntelliJ]
• Library/Libraries: spring-cloud-azure-starter-keyvault-secrets:4.3.0
• Java version: [e.g. 8]
• App Server/Environment: Azure Spring Apps
• Frameworks: Spring Boot

If you suspect a dependency version mismatch (e.g. you see NoClassDefFoundError, NoSuchMethodError or similar), please check out Troubleshoot dependency version conflict article first. If it doesn't provide solution for the problem, please provide:

• verbose dependency tree (mvn dependency:tree -Dverbose)
• exception message, full stack trace, and any available logs

Additional context
N/A

Information Checklist
Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report

• Bug Description Added
• Repro Steps Added
• Setup information Added

[moarychan]

Related issue: #30683

[stliu]

it is not very clear to me the expected behavior, is it exptected to work on azure hosting with system-assigned managed identity?

let's say for this properties

spring.cloud.azure.keyvault.secret.property-sources[0].endpoint=https://<your-keyvault-name>.vault.azure.net
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-id={Client ID of user-assigned managed identity}

is it expected to work w/o any change nor extra properties ( for example, from system environment )

• Local with Azure Cli
• Azure Hosting with system managed identity
• Azure Hosting with user assigned identity

[stliu]

duplicated by #32443