You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ac...@apache.org on 2023/12/12 11:03:12 UTC
(camel) 01/01: CAMEL-20220 - Camel Azure Key Vault: Support Azure Identity in the component and secrets function
This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch CAMEL-20220
in repository https://gitbox.apache.org/repos/asf/camel.git
commit 302266b28e1adab7d5871b18c08571119a242089
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Tue Dec 12 11:52:02 2023 +0100
CAMEL-20220 - Camel Azure Key Vault: Support Azure Identity in the component and secrets function
Signed-off-by: Andrea Cosentino <an...@gmail.com>
---
.../camel/catalog/components/azure-key-vault.json | 13 ++++----
.../main/camel-main-configuration-metadata.json | 1 +
.../key/vault/KeyVaultEndpointConfigurer.java | 6 ++++
.../key/vault/KeyVaultEndpointUriFactory.java | 3 +-
.../component/azure/key/vault/azure-key-vault.json | 13 ++++----
.../component/azure/key/vault/CredentialType.java | 35 ++++++++++++++++++++++
.../azure/key/vault/KeyVaultConfiguration.java | 18 +++++++++++
.../azure/key/vault/KeyVaultEndpoint.java | 17 +++++++----
.../key/vault/KeyVaultPropertiesFunction.java | 25 ++++++++++++++--
.../camel/vault/AzureVaultConfiguration.java | 13 ++++++++
.../main/AzureVaultConfigurationConfigurer.java | 6 ++++
...zureVaultConfigurationPropertiesConfigurer.java | 6 ++++
.../camel-main-configuration-metadata.json | 1 +
core/camel-main/src/main/docs/main.adoc | 3 +-
.../main/AzureVaultConfigurationProperties.java | 8 +++++
.../java/org/apache/camel/main/MainVaultTest.java | 2 ++
16 files changed, 148 insertions(+), 22 deletions(-)
diff --git a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/azure-key-vault.json b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/azure-key-vault.json
index f7cb32df0fa..6acab7018d6 100644
--- a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/azure-key-vault.json
+++ b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/azure-key-vault.json
@@ -31,11 +31,12 @@
},
"properties": {
"vaultName": { "index": 0, "kind": "path", "displayName": "Vault Name", "group": "producer", "label": "", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Vault Name to be used" },
- "operation": { "index": 1, "kind": "parameter", "displayName": "Operation", "group": "producer", "label": "producer", "required": false, "type": "object", "javaType": "org.apache.camel.component.azure.key.vault.KeyVaultOperation", "enum": [ "createSecret", "getSecret", "deleteSecret", "purgeDeletedSecret" ], "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configu [...]
- "secretClient": { "index": 2, "kind": "parameter", "displayName": "Secret Client", "group": "producer", "label": "", "required": false, "type": "object", "javaType": "com.azure.security.keyvault.secrets.SecretClient", "deprecated": false, "deprecationNote": "", "autowired": true, "secret": false, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Instance of Secret client" },
- "lazyStartProducer": { "index": 3, "kind": "parameter", "displayName": "Lazy Start Producer", "group": "producer (advanced)", "label": "producer,advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a produc [...]
- "clientId": { "index": 4, "kind": "parameter", "displayName": "Client Id", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Client Id to be used" },
- "clientSecret": { "index": 5, "kind": "parameter", "displayName": "Client Secret", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Client Secret to be used" },
- "tenantId": { "index": 6, "kind": "parameter", "displayName": "Tenant Id", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Tenant Id to be used" }
+ "credentialType": { "index": 1, "kind": "parameter", "displayName": "Credential Type", "group": "common", "label": "common", "required": false, "type": "object", "javaType": "org.apache.camel.component.azure.key.vault.CredentialType", "enum": [ "CLIENT_SECRET", "AZURE_IDENTITY" ], "deprecated": false, "autowired": false, "secret": false, "defaultValue": "CLIENT_SECRET", "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "co [...]
+ "operation": { "index": 2, "kind": "parameter", "displayName": "Operation", "group": "producer", "label": "producer", "required": false, "type": "object", "javaType": "org.apache.camel.component.azure.key.vault.KeyVaultOperation", "enum": [ "createSecret", "getSecret", "deleteSecret", "purgeDeletedSecret" ], "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configu [...]
+ "secretClient": { "index": 3, "kind": "parameter", "displayName": "Secret Client", "group": "producer", "label": "", "required": false, "type": "object", "javaType": "com.azure.security.keyvault.secrets.SecretClient", "deprecated": false, "deprecationNote": "", "autowired": true, "secret": false, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Instance of Secret client" },
+ "lazyStartProducer": { "index": 4, "kind": "parameter", "displayName": "Lazy Start Producer", "group": "producer (advanced)", "label": "producer,advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a produc [...]
+ "clientId": { "index": 5, "kind": "parameter", "displayName": "Client Id", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Client Id to be used" },
+ "clientSecret": { "index": 6, "kind": "parameter", "displayName": "Client Secret", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Client Secret to be used" },
+ "tenantId": { "index": 7, "kind": "parameter", "displayName": "Tenant Id", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Tenant Id to be used" }
}
}
diff --git a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/main/camel-main-configuration-metadata.json b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/main/camel-main-configuration-metadata.json
index 72f4180cad8..5577ce62cb1 100644
--- a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/main/camel-main-configuration-metadata.json
+++ b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/main/camel-main-configuration-metadata.json
@@ -276,6 +276,7 @@
{ "name": "camel.vault.aws.region", "description": "The AWS region", "sourceType": "org.apache.camel.vault.AwsVaultConfiguration", "type": "string", "javaType": "java.lang.String" },
{ "name": "camel.vault.aws.secretKey", "description": "The AWS secret key", "sourceType": "org.apache.camel.vault.AwsVaultConfiguration", "type": "string", "javaType": "java.lang.String" },
{ "name": "camel.vault.aws.secrets", "description": "Specify the secret names (or pattern) to check for updates. Multiple secrets can be separated by comma.", "sourceType": "org.apache.camel.vault.AwsVaultConfiguration", "type": "string", "javaType": "java.lang.String" },
+ { "name": "camel.vault.azure.azureIdentityEnabled", "description": "Whether the Azure Identity Authentication should be used or not.", "sourceType": "org.apache.camel.vault.AzureVaultConfiguration", "type": "boolean", "javaType": "boolean", "defaultValue": "false" },
{ "name": "camel.vault.azure.blobAccessKey", "description": "The Eventhubs Blob Access Key for CheckpointStore purpose", "sourceType": "org.apache.camel.vault.AzureVaultConfiguration", "type": "string", "javaType": "java.lang.String" },
{ "name": "camel.vault.azure.blobAccountName", "description": "The Eventhubs Blob Account Name for CheckpointStore purpose", "sourceType": "org.apache.camel.vault.AzureVaultConfiguration", "type": "string", "javaType": "java.lang.String" },
{ "name": "camel.vault.azure.blobContainerName", "description": "The Eventhubs Blob Container Name for CheckpointStore purpose", "sourceType": "org.apache.camel.vault.AzureVaultConfiguration", "type": "string", "javaType": "java.lang.String" },
diff --git a/components/camel-azure/camel-azure-key-vault/src/generated/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpointConfigurer.java b/components/camel-azure/camel-azure-key-vault/src/generated/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpointConfigurer.java
index a36c1210bd5..372ecd3a4fb 100644
--- a/components/camel-azure/camel-azure-key-vault/src/generated/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpointConfigurer.java
+++ b/components/camel-azure/camel-azure-key-vault/src/generated/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpointConfigurer.java
@@ -25,6 +25,8 @@ public class KeyVaultEndpointConfigurer extends PropertyConfigurerSupport implem
case "clientId": target.getConfiguration().setClientId(property(camelContext, java.lang.String.class, value)); return true;
case "clientsecret":
case "clientSecret": target.getConfiguration().setClientSecret(property(camelContext, java.lang.String.class, value)); return true;
+ case "credentialtype":
+ case "credentialType": target.getConfiguration().setCredentialType(property(camelContext, org.apache.camel.component.azure.key.vault.CredentialType.class, value)); return true;
case "lazystartproducer":
case "lazyStartProducer": target.setLazyStartProducer(property(camelContext, boolean.class, value)); return true;
case "operation": target.getConfiguration().setOperation(property(camelContext, org.apache.camel.component.azure.key.vault.KeyVaultOperation.class, value)); return true;
@@ -48,6 +50,8 @@ public class KeyVaultEndpointConfigurer extends PropertyConfigurerSupport implem
case "clientId": return java.lang.String.class;
case "clientsecret":
case "clientSecret": return java.lang.String.class;
+ case "credentialtype":
+ case "credentialType": return org.apache.camel.component.azure.key.vault.CredentialType.class;
case "lazystartproducer":
case "lazyStartProducer": return boolean.class;
case "operation": return org.apache.camel.component.azure.key.vault.KeyVaultOperation.class;
@@ -67,6 +71,8 @@ public class KeyVaultEndpointConfigurer extends PropertyConfigurerSupport implem
case "clientId": return target.getConfiguration().getClientId();
case "clientsecret":
case "clientSecret": return target.getConfiguration().getClientSecret();
+ case "credentialtype":
+ case "credentialType": return target.getConfiguration().getCredentialType();
case "lazystartproducer":
case "lazyStartProducer": return target.isLazyStartProducer();
case "operation": return target.getConfiguration().getOperation();
diff --git a/components/camel-azure/camel-azure-key-vault/src/generated/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpointUriFactory.java b/components/camel-azure/camel-azure-key-vault/src/generated/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpointUriFactory.java
index af6be600796..bc03fdbffa0 100644
--- a/components/camel-azure/camel-azure-key-vault/src/generated/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpointUriFactory.java
+++ b/components/camel-azure/camel-azure-key-vault/src/generated/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpointUriFactory.java
@@ -21,9 +21,10 @@ public class KeyVaultEndpointUriFactory extends org.apache.camel.support.compone
private static final Set<String> SECRET_PROPERTY_NAMES;
private static final Set<String> MULTI_VALUE_PREFIXES;
static {
- Set<String> props = new HashSet<>(7);
+ Set<String> props = new HashSet<>(8);
props.add("clientId");
props.add("clientSecret");
+ props.add("credentialType");
props.add("lazyStartProducer");
props.add("operation");
props.add("secretClient");
diff --git a/components/camel-azure/camel-azure-key-vault/src/generated/resources/org/apache/camel/component/azure/key/vault/azure-key-vault.json b/components/camel-azure/camel-azure-key-vault/src/generated/resources/org/apache/camel/component/azure/key/vault/azure-key-vault.json
index f7cb32df0fa..6acab7018d6 100644
--- a/components/camel-azure/camel-azure-key-vault/src/generated/resources/org/apache/camel/component/azure/key/vault/azure-key-vault.json
+++ b/components/camel-azure/camel-azure-key-vault/src/generated/resources/org/apache/camel/component/azure/key/vault/azure-key-vault.json
@@ -31,11 +31,12 @@
},
"properties": {
"vaultName": { "index": 0, "kind": "path", "displayName": "Vault Name", "group": "producer", "label": "", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Vault Name to be used" },
- "operation": { "index": 1, "kind": "parameter", "displayName": "Operation", "group": "producer", "label": "producer", "required": false, "type": "object", "javaType": "org.apache.camel.component.azure.key.vault.KeyVaultOperation", "enum": [ "createSecret", "getSecret", "deleteSecret", "purgeDeletedSecret" ], "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configu [...]
- "secretClient": { "index": 2, "kind": "parameter", "displayName": "Secret Client", "group": "producer", "label": "", "required": false, "type": "object", "javaType": "com.azure.security.keyvault.secrets.SecretClient", "deprecated": false, "deprecationNote": "", "autowired": true, "secret": false, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Instance of Secret client" },
- "lazyStartProducer": { "index": 3, "kind": "parameter", "displayName": "Lazy Start Producer", "group": "producer (advanced)", "label": "producer,advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a produc [...]
- "clientId": { "index": 4, "kind": "parameter", "displayName": "Client Id", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Client Id to be used" },
- "clientSecret": { "index": 5, "kind": "parameter", "displayName": "Client Secret", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Client Secret to be used" },
- "tenantId": { "index": 6, "kind": "parameter", "displayName": "Tenant Id", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Tenant Id to be used" }
+ "credentialType": { "index": 1, "kind": "parameter", "displayName": "Credential Type", "group": "common", "label": "common", "required": false, "type": "object", "javaType": "org.apache.camel.component.azure.key.vault.CredentialType", "enum": [ "CLIENT_SECRET", "AZURE_IDENTITY" ], "deprecated": false, "autowired": false, "secret": false, "defaultValue": "CLIENT_SECRET", "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "co [...]
+ "operation": { "index": 2, "kind": "parameter", "displayName": "Operation", "group": "producer", "label": "producer", "required": false, "type": "object", "javaType": "org.apache.camel.component.azure.key.vault.KeyVaultOperation", "enum": [ "createSecret", "getSecret", "deleteSecret", "purgeDeletedSecret" ], "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configu [...]
+ "secretClient": { "index": 3, "kind": "parameter", "displayName": "Secret Client", "group": "producer", "label": "", "required": false, "type": "object", "javaType": "com.azure.security.keyvault.secrets.SecretClient", "deprecated": false, "deprecationNote": "", "autowired": true, "secret": false, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Instance of Secret client" },
+ "lazyStartProducer": { "index": 4, "kind": "parameter", "displayName": "Lazy Start Producer", "group": "producer (advanced)", "label": "producer,advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a produc [...]
+ "clientId": { "index": 5, "kind": "parameter", "displayName": "Client Id", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Client Id to be used" },
+ "clientSecret": { "index": 6, "kind": "parameter", "displayName": "Client Secret", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Client Secret to be used" },
+ "tenantId": { "index": 7, "kind": "parameter", "displayName": "Tenant Id", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Tenant Id to be used" }
}
}
diff --git a/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/CredentialType.java b/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/CredentialType.java
new file mode 100644
index 00000000000..8c8b294a98a
--- /dev/null
+++ b/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/CredentialType.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.azure.key.vault;
+
+public enum CredentialType {
+ /**
+ * Client Secret Credential
+ */
+ CLIENT_SECRET,
+ /**
+ * Includes:
+ * <uL>
+ * <li>Service principal with secret</li>
+ * <li>Service principal with certificate</li>
+ * <li>username and password</li>
+ * </uL>
+ *
+ * @see com.azure.identity.DefaultAzureCredentialBuilder
+ */
+ AZURE_IDENTITY
+}
diff --git a/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultConfiguration.java b/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultConfiguration.java
index a92ef9e767f..2e3fb12b957 100644
--- a/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultConfiguration.java
+++ b/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultConfiguration.java
@@ -23,6 +23,9 @@ import org.apache.camel.spi.UriParam;
import org.apache.camel.spi.UriParams;
import org.apache.camel.spi.UriPath;
+import static org.apache.camel.component.azure.key.vault.CredentialType.AZURE_IDENTITY;
+import static org.apache.camel.component.azure.key.vault.CredentialType.CLIENT_SECRET;
+
@UriParams
public class KeyVaultConfiguration implements Cloneable {
@@ -39,6 +42,9 @@ public class KeyVaultConfiguration implements Cloneable {
private String tenantId;
@UriParam(label = "producer")
private KeyVaultOperation operation = KeyVaultOperation.createSecret;
+ @UriParam(label = "common", enums = "CLIENT_SECRET,AZURE_IDENTITY",
+ defaultValue = "CLIENT_SECRET")
+ private CredentialType credentialType = CLIENT_SECRET;
/**
* Instance of Secret client
@@ -106,6 +112,18 @@ public class KeyVaultConfiguration implements Cloneable {
this.operation = operation;
}
+
+ public CredentialType getCredentialType() {
+ return credentialType;
+ }
+
+ /**
+ * Determines the credential strategy to adopt
+ */
+ public void setCredentialType(CredentialType credentialType) {
+ this.credentialType = credentialType;
+ }
+
// *************************************************
//
// *************************************************
diff --git a/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpoint.java b/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpoint.java
index 0840244dc4c..17bdcbca647 100644
--- a/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpoint.java
+++ b/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpoint.java
@@ -16,8 +16,10 @@
*/
package org.apache.camel.component.azure.key.vault;
+import com.azure.core.credential.TokenCredential;
import com.azure.identity.ClientSecretCredential;
import com.azure.identity.ClientSecretCredentialBuilder;
+import com.azure.identity.DefaultAzureCredentialBuilder;
import com.azure.security.keyvault.secrets.SecretClient;
import com.azure.security.keyvault.secrets.SecretClientBuilder;
import org.apache.camel.Category;
@@ -61,12 +63,17 @@ public class KeyVaultEndpoint extends DefaultEndpoint {
// Build key vault URI
String keyVaultUri = "https://" + getConfiguration().getVaultName() + ".vault.azure.net";
+ TokenCredential credential = null;
// Credential
- ClientSecretCredential credential = new ClientSecretCredentialBuilder()
- .tenantId(getConfiguration().getTenantId())
- .clientId(getConfiguration().getClientId())
- .clientSecret(getConfiguration().getClientSecret())
- .build();
+ if (configuration.getCredentialType().equals(CredentialType.CLIENT_SECRET)) {
+ credential = new ClientSecretCredentialBuilder()
+ .tenantId(getConfiguration().getTenantId())
+ .clientId(getConfiguration().getClientId())
+ .clientSecret(getConfiguration().getClientSecret())
+ .build();
+ } else if (configuration.getCredentialType().equals(CredentialType.AZURE_IDENTITY)) {
+ credential = new DefaultAzureCredentialBuilder().build();
+ }
// Build Client
localClient = new SecretClientBuilder()
diff --git a/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultPropertiesFunction.java b/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultPropertiesFunction.java
index 35f71cd6ad1..ad758c560a2 100644
--- a/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultPropertiesFunction.java
+++ b/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultPropertiesFunction.java
@@ -19,9 +19,11 @@ package org.apache.camel.component.azure.key.vault;
import java.util.HashSet;
import java.util.Set;
+import com.azure.core.credential.TokenCredential;
import com.azure.core.exception.ResourceNotFoundException;
import com.azure.identity.ClientSecretCredential;
import com.azure.identity.ClientSecretCredentialBuilder;
+import com.azure.identity.DefaultAzureCredentialBuilder;
import com.azure.security.keyvault.secrets.SecretClient;
import com.azure.security.keyvault.secrets.SecretClientBuilder;
import com.azure.security.keyvault.secrets.models.KeyVaultSecret;
@@ -46,6 +48,7 @@ import org.apache.camel.vault.AzureVaultConfiguration;
* <li><tt>CAMEL_VAULT_AZURE_CLIENT_ID</tt></li>
* <li><tt>CAMEL_VAULT_AZURE_CLIENT_SECRET</tt></li>
* <li><tt>CAMEL_VAULT_AZURE_TENANT_ID</tt></li>
+ * <li><tt>CAMEL_VAULT_AZURE_IDENTITY_ENABLED</tt></li>
* </ul>
* <p/>
*
@@ -56,12 +59,13 @@ import org.apache.camel.vault.AzureVaultConfiguration;
* <li><tt>camel.vault.azure.clientId</tt></li>
* <li><tt>camel.vault.azure.clientSecret</tt></li>
* <li><tt>camel.vault.azure.tenantId</tt></li>
+ * <li><tt>camel.vault.azure.azureIdentityEnabled</tt></li>
* </ul>
* <p/>
*
* This implementation is to return the secret value associated with a key. The properties related to this kind of
* Properties Function are all prefixed with <tt>azure:</tt>. For example asking for <tt>azure:token</tt>, will return
- * the secret value associated to the secret named token on AWS Secrets Manager.
+ * the secret value associated to the secret named token on Azure Key Vault.
*
* Another way of retrieving a secret value is using the following notation <tt>azure:database/username</tt>: in this
* case the field username of the secret database will be returned. As a fallback, the user could provide a default
@@ -78,6 +82,8 @@ public class KeyVaultPropertiesFunction extends ServiceSupport implements Proper
private static final String CAMEL_VAULT_AZURE_CLIENT_ID = "CAMEL_VAULT_AZURE_CLIENT_ID";
private static final String CAMEL_VAULT_AZURE_CLIENT_SECRET = "CAMEL_VAULT_AZURE_CLIENT_SECRET";
private static final String CAMEL_VAULT_AZURE_TENANT_ID = "CAMEL_VAULT_AZURE_TENANT_ID";
+
+ private static final String CAMEL_VAULT_AZURE_IDENTITY_ENABLED = "CAMEL_VAULT_AZURE_IDENTITY_ENABLED";
private CamelContext camelContext;
private SecretClient client;
private final Set<String> secrets = new HashSet<>();
@@ -89,6 +95,7 @@ public class KeyVaultPropertiesFunction extends ServiceSupport implements Proper
String clientId = System.getenv(CAMEL_VAULT_AZURE_CLIENT_ID);
String clientSecret = System.getenv(CAMEL_VAULT_AZURE_CLIENT_SECRET);
String tenantId = System.getenv(CAMEL_VAULT_AZURE_TENANT_ID);
+ boolean azureIdentityEnabled = Boolean.parseBoolean(System.getenv(CAMEL_VAULT_AZURE_IDENTITY_ENABLED));
if (ObjectHelper.isEmpty(vaultName) && ObjectHelper.isEmpty(clientId) && ObjectHelper.isEmpty(clientSecret)
&& ObjectHelper.isEmpty(tenantId)) {
AzureVaultConfiguration azureVaultConfiguration = getCamelContext().getVaultConfiguration().azure();
@@ -97,10 +104,11 @@ public class KeyVaultPropertiesFunction extends ServiceSupport implements Proper
clientId = azureVaultConfiguration.getClientId();
clientSecret = azureVaultConfiguration.getClientSecret();
tenantId = azureVaultConfiguration.getTenantId();
+ azureIdentityEnabled = azureVaultConfiguration.isAzureIdentityEnabled();
}
}
if (ObjectHelper.isNotEmpty(vaultName) && ObjectHelper.isNotEmpty(clientId) && ObjectHelper.isNotEmpty(clientSecret)
- && ObjectHelper.isNotEmpty(tenantId)) {
+ && ObjectHelper.isNotEmpty(tenantId) && !azureIdentityEnabled) {
String keyVaultUri = "https://" + vaultName + ".vault.azure.net";
// Credential
@@ -110,6 +118,17 @@ public class KeyVaultPropertiesFunction extends ServiceSupport implements Proper
.clientSecret(clientSecret)
.build();
+ // Build Client
+ client = new SecretClientBuilder()
+ .vaultUrl(keyVaultUri)
+ .credential(credential)
+ .buildClient();
+ } else if (ObjectHelper.isNotEmpty(vaultName) && azureIdentityEnabled) {
+ String keyVaultUri = "https://" + vaultName + ".vault.azure.net";
+
+ // Credential
+ TokenCredential credential = new DefaultAzureCredentialBuilder().build();
+
// Build Client
client = new SecretClientBuilder()
.vaultUrl(keyVaultUri)
@@ -117,7 +136,7 @@ public class KeyVaultPropertiesFunction extends ServiceSupport implements Proper
.buildClient();
} else {
throw new RuntimeCamelException(
- "Using the Azure Key Vault Properties Function requires setting Azure credentials as application properties or environment variables");
+ "Using the Azure Key Vault Properties Function requires setting Azure credentials as application properties or environment variables or enable the Azure Identity Authentication mechanism");
}
}
diff --git a/core/camel-api/src/main/java/org/apache/camel/vault/AzureVaultConfiguration.java b/core/camel-api/src/main/java/org/apache/camel/vault/AzureVaultConfiguration.java
index 5e1804c661b..64e70878154 100644
--- a/core/camel-api/src/main/java/org/apache/camel/vault/AzureVaultConfiguration.java
+++ b/core/camel-api/src/main/java/org/apache/camel/vault/AzureVaultConfiguration.java
@@ -32,6 +32,8 @@ public class AzureVaultConfiguration extends VaultConfiguration {
@Metadata(secret = true)
private String tenantId;
@Metadata
+ private boolean azureIdentityEnabled;
+ @Metadata
private boolean refreshEnabled;
@Metadata(defaultValue = "30000")
private long refreshPeriod = 30000;
@@ -90,6 +92,17 @@ public class AzureVaultConfiguration extends VaultConfiguration {
this.tenantId = tenantId;
}
+ public boolean isAzureIdentityEnabled() {
+ return azureIdentityEnabled;
+ }
+
+ /**
+ * Whether the Azure Identity Authentication should be used or not.
+ */
+ public void setAzureIdentityEnabled(boolean azureIdentityEnabled) {
+ this.azureIdentityEnabled = azureIdentityEnabled;
+ }
+
public boolean isRefreshEnabled() {
return refreshEnabled;
}
diff --git a/core/camel-main/src/generated/java/org/apache/camel/main/AzureVaultConfigurationConfigurer.java b/core/camel-main/src/generated/java/org/apache/camel/main/AzureVaultConfigurationConfigurer.java
index 9560719e584..ea4798b7450 100644
--- a/core/camel-main/src/generated/java/org/apache/camel/main/AzureVaultConfigurationConfigurer.java
+++ b/core/camel-main/src/generated/java/org/apache/camel/main/AzureVaultConfigurationConfigurer.java
@@ -23,6 +23,8 @@ public class AzureVaultConfigurationConfigurer extends org.apache.camel.support.
switch (ignoreCase ? name.toLowerCase() : name) {
case "awsvaultconfiguration":
case "AwsVaultConfiguration": target.setAwsVaultConfiguration(property(camelContext, org.apache.camel.vault.AwsVaultConfiguration.class, value)); return true;
+ case "azureidentityenabled":
+ case "AzureIdentityEnabled": target.setAzureIdentityEnabled(property(camelContext, boolean.class, value)); return true;
case "azurevaultconfiguration":
case "AzureVaultConfiguration": target.setAzureVaultConfiguration(property(camelContext, org.apache.camel.vault.AzureVaultConfiguration.class, value)); return true;
case "blobaccesskey":
@@ -60,6 +62,8 @@ public class AzureVaultConfigurationConfigurer extends org.apache.camel.support.
switch (ignoreCase ? name.toLowerCase() : name) {
case "awsvaultconfiguration":
case "AwsVaultConfiguration": return org.apache.camel.vault.AwsVaultConfiguration.class;
+ case "azureidentityenabled":
+ case "AzureIdentityEnabled": return boolean.class;
case "azurevaultconfiguration":
case "AzureVaultConfiguration": return org.apache.camel.vault.AzureVaultConfiguration.class;
case "blobaccesskey":
@@ -98,6 +102,8 @@ public class AzureVaultConfigurationConfigurer extends org.apache.camel.support.
switch (ignoreCase ? name.toLowerCase() : name) {
case "awsvaultconfiguration":
case "AwsVaultConfiguration": return target.getAwsVaultConfiguration();
+ case "azureidentityenabled":
+ case "AzureIdentityEnabled": return target.isAzureIdentityEnabled();
case "azurevaultconfiguration":
case "AzureVaultConfiguration": return target.getAzureVaultConfiguration();
case "blobaccesskey":
diff --git a/core/camel-main/src/generated/java/org/apache/camel/main/AzureVaultConfigurationPropertiesConfigurer.java b/core/camel-main/src/generated/java/org/apache/camel/main/AzureVaultConfigurationPropertiesConfigurer.java
index cafee650316..65616f5136c 100644
--- a/core/camel-main/src/generated/java/org/apache/camel/main/AzureVaultConfigurationPropertiesConfigurer.java
+++ b/core/camel-main/src/generated/java/org/apache/camel/main/AzureVaultConfigurationPropertiesConfigurer.java
@@ -23,6 +23,8 @@ public class AzureVaultConfigurationPropertiesConfigurer extends org.apache.came
switch (ignoreCase ? name.toLowerCase() : name) {
case "awsvaultconfiguration":
case "AwsVaultConfiguration": target.setAwsVaultConfiguration(property(camelContext, org.apache.camel.vault.AwsVaultConfiguration.class, value)); return true;
+ case "azureidentityenabled":
+ case "AzureIdentityEnabled": target.setAzureIdentityEnabled(property(camelContext, boolean.class, value)); return true;
case "azurevaultconfiguration":
case "AzureVaultConfiguration": target.setAzureVaultConfiguration(property(camelContext, org.apache.camel.vault.AzureVaultConfiguration.class, value)); return true;
case "blobaccesskey":
@@ -60,6 +62,8 @@ public class AzureVaultConfigurationPropertiesConfigurer extends org.apache.came
switch (ignoreCase ? name.toLowerCase() : name) {
case "awsvaultconfiguration":
case "AwsVaultConfiguration": return org.apache.camel.vault.AwsVaultConfiguration.class;
+ case "azureidentityenabled":
+ case "AzureIdentityEnabled": return boolean.class;
case "azurevaultconfiguration":
case "AzureVaultConfiguration": return org.apache.camel.vault.AzureVaultConfiguration.class;
case "blobaccesskey":
@@ -98,6 +102,8 @@ public class AzureVaultConfigurationPropertiesConfigurer extends org.apache.came
switch (ignoreCase ? name.toLowerCase() : name) {
case "awsvaultconfiguration":
case "AwsVaultConfiguration": return target.getAwsVaultConfiguration();
+ case "azureidentityenabled":
+ case "AzureIdentityEnabled": return target.isAzureIdentityEnabled();
case "azurevaultconfiguration":
case "AzureVaultConfiguration": return target.getAzureVaultConfiguration();
case "blobaccesskey":
diff --git a/core/camel-main/src/generated/resources/META-INF/camel-main-configuration-metadata.json b/core/camel-main/src/generated/resources/META-INF/camel-main-configuration-metadata.json
index 72f4180cad8..5577ce62cb1 100644
--- a/core/camel-main/src/generated/resources/META-INF/camel-main-configuration-metadata.json
+++ b/core/camel-main/src/generated/resources/META-INF/camel-main-configuration-metadata.json
@@ -276,6 +276,7 @@
{ "name": "camel.vault.aws.region", "description": "The AWS region", "sourceType": "org.apache.camel.vault.AwsVaultConfiguration", "type": "string", "javaType": "java.lang.String" },
{ "name": "camel.vault.aws.secretKey", "description": "The AWS secret key", "sourceType": "org.apache.camel.vault.AwsVaultConfiguration", "type": "string", "javaType": "java.lang.String" },
{ "name": "camel.vault.aws.secrets", "description": "Specify the secret names (or pattern) to check for updates. Multiple secrets can be separated by comma.", "sourceType": "org.apache.camel.vault.AwsVaultConfiguration", "type": "string", "javaType": "java.lang.String" },
+ { "name": "camel.vault.azure.azureIdentityEnabled", "description": "Whether the Azure Identity Authentication should be used or not.", "sourceType": "org.apache.camel.vault.AzureVaultConfiguration", "type": "boolean", "javaType": "boolean", "defaultValue": "false" },
{ "name": "camel.vault.azure.blobAccessKey", "description": "The Eventhubs Blob Access Key for CheckpointStore purpose", "sourceType": "org.apache.camel.vault.AzureVaultConfiguration", "type": "string", "javaType": "java.lang.String" },
{ "name": "camel.vault.azure.blobAccountName", "description": "The Eventhubs Blob Account Name for CheckpointStore purpose", "sourceType": "org.apache.camel.vault.AzureVaultConfiguration", "type": "string", "javaType": "java.lang.String" },
{ "name": "camel.vault.azure.blobContainerName", "description": "The Eventhubs Blob Container Name for CheckpointStore purpose", "sourceType": "org.apache.camel.vault.AzureVaultConfiguration", "type": "string", "javaType": "java.lang.String" },
diff --git a/core/camel-main/src/main/docs/main.adoc b/core/camel-main/src/main/docs/main.adoc
index cf27329b981..b4bbd92d60a 100644
--- a/core/camel-main/src/main/docs/main.adoc
+++ b/core/camel-main/src/main/docs/main.adoc
@@ -316,11 +316,12 @@ The camel.vault.gcp supports 7 options, which are listed below.
=== Camel Azure Key Vault configurations
-The camel.vault.azure supports 11 options, which are listed below.
+The camel.vault.azure supports 12 options, which are listed below.
[width="100%",cols="2,5,^1,2",options="header"]
|===
| Name | Description | Default | Type
+| *camel.vault.azure.azure{zwsp}IdentityEnabled* | Whether the Azure Identity Authentication should be used or not. | false | boolean
| *camel.vault.azure.blobAccess{zwsp}Key* | The Eventhubs Blob Access Key for CheckpointStore purpose | | String
| *camel.vault.azure.blobAccount{zwsp}Name* | The Eventhubs Blob Account Name for CheckpointStore purpose | | String
| *camel.vault.azure.blob{zwsp}ContainerName* | The Eventhubs Blob Container Name for CheckpointStore purpose | | String
diff --git a/core/camel-main/src/main/java/org/apache/camel/main/AzureVaultConfigurationProperties.java b/core/camel-main/src/main/java/org/apache/camel/main/AzureVaultConfigurationProperties.java
index 57f786cb978..4a15b5168b2 100644
--- a/core/camel-main/src/main/java/org/apache/camel/main/AzureVaultConfigurationProperties.java
+++ b/core/camel-main/src/main/java/org/apache/camel/main/AzureVaultConfigurationProperties.java
@@ -81,6 +81,14 @@ public class AzureVaultConfigurationProperties extends AzureVaultConfiguration i
return this;
}
+ /**
+ * Whether the Azure Identity Authentication should be used or not.
+ */
+ public AzureVaultConfigurationProperties withAzureIdentityEnabled(boolean azureIdentityEnabled) {
+ setAzureIdentityEnabled(azureIdentityEnabled);
+ return this;
+ }
+
/**
* Whether to automatically reload Camel upon secrets being updated in Azure.
*/
diff --git a/core/camel-main/src/test/java/org/apache/camel/main/MainVaultTest.java b/core/camel-main/src/test/java/org/apache/camel/main/MainVaultTest.java
index ca7ca42b3d8..18fcbe55a8e 100644
--- a/core/camel-main/src/test/java/org/apache/camel/main/MainVaultTest.java
+++ b/core/camel-main/src/test/java/org/apache/camel/main/MainVaultTest.java
@@ -201,6 +201,7 @@ public class MainVaultTest {
Assertions.assertEquals("id1", cfg.getClientId());
Assertions.assertEquals("secret1", cfg.getClientSecret());
Assertions.assertEquals("tenant1", cfg.getTenantId());
+ Assertions.assertEquals(false, cfg.isAzureIdentityEnabled());
main.stop();
}
@@ -226,6 +227,7 @@ public class MainVaultTest {
Assertions.assertEquals("id1", cfg.getClientId());
Assertions.assertEquals("secret1", cfg.getClientSecret());
Assertions.assertEquals("tenant1", cfg.getTenantId());
+ Assertions.assertEquals(false, cfg.isAzureIdentityEnabled());
main.stop();
}