You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ac...@apache.org on 2023/10/04 12:16:52 UTC
[camel-k] branch 4743 created (now 389fd1404)
This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a change to branch 4743
in repository https://gitbox.apache.org/repos/asf/camel-k.git
at 389fd1404 Kamelet - Inject secret in Vaults - AWS Secret Manager
This branch includes the following new commits:
new 389fd1404 Kamelet - Inject secret in Vaults - AWS Secret Manager
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[camel-k] 01/01: Kamelet - Inject secret in Vaults - AWS Secret Manager
Posted by ac...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch 4743
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 389fd1404d76ba10631bb9f60e1ec67f270793d7
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Wed Oct 4 14:15:48 2023 +0200
Kamelet - Inject secret in Vaults - AWS Secret Manager
Signed-off-by: Andrea Cosentino <an...@gmail.com>
---
addons/vault/aws/aws_secrets_manager.go | 26 ++++++++++++++++----
addons/vault/aws/aws_secrets_manager_test.go | 22 +++++++++++++++++
docs/modules/traits/pages/aws-secrets-manager.adoc | 8 +++++--
resources/traits.yaml | 28 ++++++++++++++++++++--
4 files changed, 76 insertions(+), 8 deletions(-)
diff --git a/addons/vault/aws/aws_secrets_manager.go b/addons/vault/aws/aws_secrets_manager.go
index 8ad20e026..87dd892c2 100644
--- a/addons/vault/aws/aws_secrets_manager.go
+++ b/addons/vault/aws/aws_secrets_manager.go
@@ -18,6 +18,7 @@ limitations under the License.
package aws
import (
+ "regexp"
"strconv"
v1 "github.com/apache/camel-k/v2/pkg/apis/camel/v1"
@@ -46,9 +47,13 @@ type Trait struct {
traitv1.Trait `property:",squash"`
// Enables automatic configuration of the trait.
Auto *bool `property:"auto" json:"auto,omitempty"`
- // The AWS Access Key to use
+ // The AWS Access Key to use. This could be a plain text or a configmap/secret
+ // The content of the aws access key is expected to be a text containing a valid AWS access key.
+ // Syntax: [configmap|secret]:name[/key], where name represents the resource name, key optionally represents the resource key to be filtered (default key value = aws-access-key).
AccessKey string `property:"access-key" json:"accessKey,omitempty"`
- // The AWS Secret Key to use
+ // The AWS Secret Key to use. This could be a plain text or a configmap/secret
+ // // The content of the aws secret key is expected to be a text containing a valid AWS secret key.
+ // // Syntax: [configmap|secret]:name[/key], where name represents the resource name, key optionally represents the resource key to be filtered (default key value = aws-secret-key).
SecretKey string `property:"secret-key" json:"secretKey,omitempty"`
// The AWS Region to use
Region string `property:"region" json:"region,omitempty"`
@@ -98,6 +103,7 @@ func (t *awsSecretsManagerTrait) Configure(environment *trait.Environment) (bool
}
func (t *awsSecretsManagerTrait) Apply(environment *trait.Environment) error {
+ rex := regexp.MustCompile(`^(configmap|secret):([a-zA-Z0-9][a-zA-Z0-9-]*)(/([a-zA-Z0-9].*))?$`)
if environment.IntegrationInPhase(v1.IntegrationPhaseInitialization) {
util.StringSliceUniqueAdd(&environment.Integration.Status.Capabilities, v1.CapabilityAwsSecretsManager)
// Deprecated
@@ -106,8 +112,20 @@ func (t *awsSecretsManagerTrait) Apply(environment *trait.Environment) error {
}
if environment.IntegrationInRunningPhases() {
- environment.ApplicationProperties["camel.vault.aws.accessKey"] = t.AccessKey
- environment.ApplicationProperties["camel.vault.aws.secretKey"] = t.SecretKey
+ hits := rex.FindAllStringSubmatch(t.AccessKey, -1)
+ if len(hits) >= 1 {
+ var res, _ = v1.DecodeValueSource(t.AccessKey, "aws-access-key", "The access Key provided is not valid")
+ environment.ApplicationProperties["camel.vault.aws.accessKey"] = res.SecretKeyRef.Key
+ } else {
+ environment.ApplicationProperties["camel.vault.aws.accessKey"] = t.AccessKey
+ }
+ hits = rex.FindAllStringSubmatch(t.SecretKey, -1)
+ if len(hits) >= 1 {
+ var res, _ = v1.DecodeValueSource(t.SecretKey, "aws-secret-key", "The secret Key provided is not valid")
+ environment.ApplicationProperties["camel.vault.aws.secretKey"] = res.SecretKeyRef.Key
+ } else {
+ environment.ApplicationProperties["camel.vault.aws.secretKey"] = t.SecretKey
+ }
environment.ApplicationProperties["camel.vault.aws.region"] = t.Region
environment.ApplicationProperties["camel.vault.aws.defaultCredentialsProvider"] = strconv.FormatBool(*t.UseDefaultCredentialsProvider)
environment.ApplicationProperties["camel.vault.aws.refreshEnabled"] = strconv.FormatBool(*t.RefreshEnabled)
diff --git a/addons/vault/aws/aws_secrets_manager_test.go b/addons/vault/aws/aws_secrets_manager_test.go
index a1084c3b0..2d5dbcd51 100644
--- a/addons/vault/aws/aws_secrets_manager_test.go
+++ b/addons/vault/aws/aws_secrets_manager_test.go
@@ -75,6 +75,28 @@ func TestAwsSecretsManagerTraitNoDefaultCreds(t *testing.T) {
assert.Equal(t, "false", e.ApplicationProperties["camel.vault.aws.defaultCredentialsProvider"])
}
+func TestAwsSecretsManagerTraitWithSecrets(t *testing.T) {
+ e := createEnvironment(t, camel.QuarkusCatalog)
+ aws := NewAwsSecretsManagerTrait()
+ secrets, _ := aws.(*awsSecretsManagerTrait)
+ secrets.Enabled = pointer.Bool(true)
+ secrets.Region = "eu-west-1"
+ secrets.AccessKey = "secret:my-secret/accessKey"
+ secrets.SecretKey = "secret:my-secret/secretKey"
+ ok, err := secrets.Configure(e)
+ assert.Nil(t, err)
+ assert.True(t, ok)
+
+ err = secrets.Apply(e)
+ assert.Nil(t, err)
+
+ assert.Empty(t, e.ApplicationProperties["quarkus.jaeger.enabled"])
+ assert.Equal(t, "eu-west-1", e.ApplicationProperties["camel.vault.aws.region"])
+ assert.Equal(t, "accessKey", e.ApplicationProperties["camel.vault.aws.accessKey"])
+ assert.Equal(t, "secretKey", e.ApplicationProperties["camel.vault.aws.secretKey"])
+ assert.Equal(t, "false", e.ApplicationProperties["camel.vault.aws.defaultCredentialsProvider"])
+}
+
func createEnvironment(t *testing.T, catalogGen func() (*camel.RuntimeCatalog, error)) *trait.Environment {
t.Helper()
diff --git a/docs/modules/traits/pages/aws-secrets-manager.adoc b/docs/modules/traits/pages/aws-secrets-manager.adoc
index 03383744a..4a67be3c1 100644
--- a/docs/modules/traits/pages/aws-secrets-manager.adoc
+++ b/docs/modules/traits/pages/aws-secrets-manager.adoc
@@ -43,11 +43,15 @@ The following configuration options are available:
| aws-secrets-manager.access-key
| string
-| The AWS Access Key to use
+| The AWS Access Key to use. This could be a plain text or a configmap/secret
+The content of the aws access key is expected to be a text containing a valid AWS access key.
+Syntax: [configmap\|secret]:name[/key], where name represents the resource name, key optionally represents the resource key to be filtered (default key value = aws-access-key).
| aws-secrets-manager.secret-key
| string
-| The AWS Secret Key to use
+| The AWS Secret Key to use. This could be a plain text or a configmap/secret
+ // The content of the aws secret key is expected to be a text containing a valid AWS secret key.
+ // Syntax: [configmap\|secret]:name[/key], where name represents the resource name, key optionally represents the resource key to be filtered (default key value = aws-secret-key).
| aws-secrets-manager.region
| string
diff --git a/resources/traits.yaml b/resources/traits.yaml
index 8a0e7c586..826996269 100755
--- a/resources/traits.yaml
+++ b/resources/traits.yaml
@@ -1,3 +1,19 @@
+# ---------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ---------------------------------------------------------------------------
traits:
- name: 3scale
platform: false
@@ -93,10 +109,18 @@ traits:
description: Enables automatic configuration of the trait.
- name: access-key
type: string
- description: The AWS Access Key to use
+ description: 'The AWS Access Key to use. This could be a plain text or a configmap/secret
+ The content of the aws access key is expected to be a text containing a valid
+ AWS access key. Syntax: [configmap|secret]:name[/key], where name represents
+ the resource name, key optionally represents the resource key to be filtered
+ (default key value = aws-access-key).'
- name: secret-key
type: string
- description: The AWS Secret Key to use
+ description: "The AWS Secret Key to use. This could be a plain text or a configmap/secret
+ \t// The content of the aws secret key is expected to be a text containing a
+ valid AWS secret key. \t// Syntax: [configmap|secret]:name[/key], where name
+ represents the resource name, key optionally represents the resource key to
+ be filtered (default key value = aws-secret-key)."
- name: region
type: string
description: The AWS Region to use