Spring Cloud Azure 4.0 Quick Review

Spring Cloud Azure 4.0 was announced as GA last week, and now Spring Initialzr generates a project based on 4.0. In this article, I will quickly go through the changes and new features of 4.0. Full documentation is here.

...
<properties>
...
   <spring-cloud-azure.version>4.0.0</spring-cloud-azure.version>
</properties>
...
<dependencyManagement>
   <dependencies>
      <dependency>
         <groupId>com.azure.spring</groupId>
         <artifactId>spring-cloud-azure-dependencies</artifactId>
         <version>${spring-cloud-azure.version}</version>
         <type>pom</type>
         <scope>import</scope>
      </dependency>
   </dependencies>
</dependencyManagement>

DefaultAzureCredential

The credential chain is now enabled by default, and you can see it from the logs. SDK will go through each chain to get the Credential for authentication. This makes authentication a lot easier for developers to transition to different environments from laptop to cloud for example.

2022-04-05 17:52:43.191  INFO [sca4-sample,,] 95253 --- [     parallel-1] c.azure.identity.ChainedTokenCredential  : Azure Identity => Attempted credential EnvironmentCredential is unavailable.
2022-04-05 17:52:43.195  INFO [sca4-sample,,] 95253 --- [     parallel-1] c.azure.identity.ChainedTokenCredential  : Azure Identity => Attempted credential ManagedIdentityCredential is unavailable.
2022-04-05 17:52:43.231  INFO [sca4-sample,,] 95253 --- [     parallel-1] c.azure.identity.ChainedTokenCredential  : Azure Identity => Attempted credential SharedTokenCacheCredential is unavailable.
2022-04-05 17:52:43.232  INFO [sca4-sample,,] 95253 --- [     parallel-1] c.azure.identity.ChainedTokenCredential  : Azure Identity => Attempted credential IntelliJCredential is unavailable.
2022-04-05 17:52:45.882  INFO [sca4-sample,,] 95253 --- [     parallel-1] c.azure.identity.ChainedTokenCredential  : Azure Identity => Attempted credential VisualStudioCodeCredential is unavailable.

Authentication chain sequence

spring-cloud-azure-starter-actuator

A new actuator dependency spring-cloud-azure-starter-actuatoris introduced in 4.0. This dependency provides health indicators for Azure services including Azure App Configuration, Azure Cosmos DB, Azure EventHubs, Azure Key Vault, Azure Blob Storage, Azure Queue Storage, and Azure Files. For you to use it, this dependency should be manually added in the pom.xml or build.gradle

<dependency>
   <groupId>com.azure.spring</groupId>
   <artifactId>spring-cloud-azure-starter-actuator</artifactId>
</dependency>

It will autoconfigure health endpoints like /actuator/health/storageBlob , /actuator/health/redis To see the details of each health check, expose endpoints in the property, and enable show-details for health endpoint.

management:
  endpoints:
    web:
      exposure:
        include: "*"
  endpoint:
    health:
      show-details: always

Each health check does access the actual service that makes it suitable for readiness probe on Kubernetes. Here is the code snippet of the actual health check of the Storage Account in SDK.

doHealthCheck(Builder builder) throws Exception {
    if (this.blobServiceAsyncClient == null) {
        builder.status(StorageHealthConstants.NOT_CONFIGURED_STATUS);
    } else {
        builder.withDetail("URL", this.blobServiceAsyncClient.getAccountUrl());
        Response<BlobServiceProperties> info = (Response)this.blobServiceAsyncClient.getPropertiesWithResponse().block(this.timeout);

Enable Sleuth traces to Azure core SDK

Azure Core SDK added Sleuth support that will inject traces in the header accordingly. This gives developers more visibility in tracing underlying Azure SDK activities. The current limitation is that it only supports HTTP-based Azure SDKs activities.

<dependency>
    <groupId>com.azure.spring</groupId>
    <artifactId>spring-cloud-azure-trace-sleuth</artifactId>
</dependency>

Storage Account SDK trace

AzureStorageBlobProtocolResolver and AzureStorageFileProtocolResolver

Spring Cloud Azure 4.0 has added a new abstraction layer for BLOB storage and Azure Files. Here is an example of AzureStorageBlobProtocolResolver.

package io.jaylee.sca4sample.service;

import com.azure.spring.cloud.core.resource.AzureStorageBlobProtocolResolver;
import com.azure.storage.blob.BlobServiceAsyncClient;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.springframework.core.io.Resource;

import java.io.IOException;
import java.util.stream.Collectors;
import java.util.stream.Stream;

@Component
@Slf4j
public class BlobService {

   @Value("${spring.cloud.azure.storage.blob.container-name}")
   String containerName;

   private final AzureStorageBlobProtocolResolver azureStorageBlobProtocolResolver;

   public BlobService(AzureStorageBlobProtocolResolver azureStorageBlobProtocolResolver) {
      this.azureStorageBlobProtocolResolver = azureStorageBlobProtocolResolver;
   }

   public String listFilesInCSV() throws IOException {
      log.info("containerName : " + containerName);
      Resource[] resources = azureStorageBlobProtocolResolver.getResources("azure-blob://" + containerName + "/*");

      return Stream.of(resources).map(Resource::getFilename).collect(Collectors.joining(","));
   }

}

Azure Resource Manager

According to the official documentation, Azure Resource Manager dependency is “Connect to Azure Resources for All Azure SDKs service, which Spring Cloud used. Construct TokenCredential by using various credential information, and then construct AzureResourceManager to help Azure SDKs Client to authenticate and authorize.”

At this time of writing, Azure Resource Manager only supports Azure Cache For Redis, Azure Service Bus, Azure Event Hub, and Azure Storage Queue. It requires a few predicates to trigger the AutoConfiguration.

1. spring-cloud-azure-resourcemanager dependency
2. spring.cloud.azure.profile.subscription-id in property file

On top of it, each resource requires different properties. For example, AzureRedisAutoConfiguration requires the following.

1. spring.cloud.azure.redis.name in the property file
2. spring.cloud.azure.redis.resource.resource-group in the property file

AutoConfiguration configures RedisTemplate using Azure Resource Manager, so all we need to do is just inject it into the code.

package io.jaylee.sca4sample.service;

import com.azure.spring.cloud.autoconfigure.redis.AzureRedisAutoConfiguration;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Component;

@Component
@Slf4j
public class CacheForRedisService {

   @Autowired
   RedisTemplate redisTemplate;

   public String testRedis(String value) {
      redisTemplate.opsForValue().set(value, value);

      return redisTemplate.opsForValue().get(value).toString();
   }
}

Zipkin shows Sleuth integration is also working with Redis.

Zipkin captured Redis interaction

Wrapping Up

I’ve briefly covered most of the new features of Spring Cloud Azure 4.0. What I like the most from this version is Sleuth integration which gives fantastic traceability of SDK activities under the hood. I had one issue with StorageBlobHealthIndicator which is complaining about the permission, and I have opened an issue.

You can find the sample code here.

If you like my article, please leave some claps here or maybe even start following me. Thanks!