问题
I'm using KeyVaultClient from the 2.3.2 Microsoft.Azure.KeyVault NuGet. Using GetSecretAsync(,), I noticed that a KeyVaultErrorException is raised if I try to access a non-existent secret.
Unfortunately that same error is also raised when access to the keyvault is denied or the keyvault endpoint is not found.
The only distinguisher I see at the moment is the Message property. So what's the right way to detect that a secret was not found? Why would this throw an exception versus returning a null or some other 'empty' object?
回答1:
Asking for nonexistent secret:
System.AggregateException occurred
HResult=0x80131500
Message=One or more errors occurred.
Source=mscorlib
Inner Exception 1:
KeyVaultErrorException: Secret not found: secret22222
((Microsoft.Azure.KeyVault.Models.KeyVaultErrorException)($exception).InnerException)
.Body.Error.Code = "SecretNotFound"
((Microsoft.Azure.KeyVault.Models.KeyVaultErrorException)($exception).InnerException)
.Body.Error.Message = "Secret not found: secret22222"
No rights for reading secret:
System.AggregateException occurred
HResult=0x80131500
Message=One or more errors occurred.
Source=mscorlib
Inner Exception 1:
KeyVaultErrorException: Access denied
((Microsoft.Azure.KeyVault.Models.KeyVaultErrorException)($exception).InnerException)
.Body.Error.Code = "Forbidden"
((Microsoft.Azure.KeyVault.Models.KeyVaultErrorException)($exception).InnerException)
.Body.Error.Message = "Access denied"
Trying to read a disabled secret:
System.AggregateException occurred
HResult=0x80131500
Message=One or more errors occurred.
Source=mscorlib
Inner Exception 1:
KeyVaultErrorException: Operation get is not allowed on a disabled secret.
((Microsoft.Azure.KeyVault.Models.KeyVaultErrorException)($exception).InnerException)
.Body.Error.Code = "Forbidden"
((Microsoft.Azure.KeyVault.Models.KeyVaultErrorException)($exception).InnerException)
.Body.Error.Message = "Operation get is not allowed on a disabled secret."
Invalid vault endpoint:
System.AggregateException occurred
HResult=0x80131500
Message=One or more errors occurred.
Source=mscorlib
Inner Exception 1:
HttpRequestException: An error occurred while sending the request.
Inner Exception 2:
WebException: The remote name could not be resolved: 'alicezzzzzz.vault.azure.net'
Doesn't look that bad to me. If you're expecting strong error typing, i don't think that's going to happen given the SDK is just a REST wrapper, probably (partially?) generated by AutoRest - not obviously mentioned, but still mentioned :) in the NuGet project description (Project Site).
来源:https://stackoverflow.com/questions/45534878/what-is-the-correct-way-to-detect-non-existent-key-in-keyvault