You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@camel.apache.org by ac...@apache.org on 2024/03/12 14:04:24 UTC

(camel-k) branch 4983 created (now 8896d4f18)

This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a change to branch 4983
in repository https://gitbox.apache.org/repos/asf/camel-k.git


      at 8896d4f18 Azure Key Vault Trait: Support Azure Identity as authentication method

This branch includes the following new commits:

     new 8896d4f18 Azure Key Vault Trait: Support Azure Identity as authentication method

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

(camel-k) 01/01: Azure Key Vault Trait: Support Azure Identity as authentication method

Posted by ac...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch 4983
in repository https://gitbox.apache.org/repos/asf/camel-k.git

commit 8896d4f18915cf0be591799d0c99a155d8d435c9
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Tue Mar 12 15:04:03 2024 +0100

    Azure Key Vault Trait: Support Azure Identity as authentication method
    
    Signed-off-by: Andrea Cosentino <an...@gmail.com>
---
 addons/vault/azure/azure_key_vault.go          |  9 ++++-
 addons/vault/azure/azure_key_vault_test.go     | 49 ++++++++++++++++++++++++++
 docs/modules/traits/pages/azure-key-vault.adoc |  6 +++-
 3 files changed, 62 insertions(+), 2 deletions(-)

diff --git a/addons/vault/azure/azure_key_vault.go b/addons/vault/azure/azure_key_vault.go
index 6a639442b..a02fd2c17 100644
--- a/addons/vault/azure/azure_key_vault.go
+++ b/addons/vault/azure/azure_key_vault.go
@@ -42,7 +42,7 @@ import (
 //
 // To enable the automatic context reload on secrets updates you should define
 // the following trait options:
-// -t azure-key-vault.enabled=true -t azure-key-vault.tenant-id="tenant-id" -t azure-key-vault.client-id="client-id" -t azure-key-vault.client-secret="client-secret" -t azure-key-vault.vault-name="vault-name" -t azure-key-vault.context-reload-enabled="true" -t azure-key-vault.refresh-enabled="true" -t azure-key-vault.refresh-period="30000" -t azure-key-vault.secrets="test*" -t azure-key-vault.eventhub-connection-string="connection-string" -t azure-key-vault.blob-account-name="account-nam [...]
+// -t azure-key-vault.enabled=true -t azure-key-vault.tenant-id="tenant-id" -t azure-key-vault.client-id="client-id" -t azure-key-vault.client-secret="client-secret" -t azure-key-vault.vault-name="vault-name" -t azure-key-vault.context-reload-enabled="true" -t azure-key-vault.refresh-enabled="true" -t azure-key-vault.refresh-period="30000" -t azure-key-vault.secrets="test*" -t azure-key-vault.eventhub-connection-string="connection-string" -t azure-key-vault.blob-account-name="account-nam [...]
 //
 // +camel-k:trait=azure-key-vault.
 type Trait struct {
@@ -63,6 +63,8 @@ type Trait struct {
 	ContextReloadEnabled *bool `property:"context-reload-enabled" json:"contextReloadEnabled,omitempty"`
 	// Define if we want to use the Refresh Feature for secrets
 	RefreshEnabled *bool `property:"refresh-enabled" json:"refreshEnabled,omitempty"`
+	// Whether the Azure Identity Authentication should be used or not
+	AzureIdentityEnabled *bool `property:"azure-identity-enabled" json:"azureIdentityEnabled,omitempty"`
 	// If Refresh is enabled, this defines the interval to check the refresh event
 	RefreshPeriod string `property:"refresh-period" json:"refreshPeriod,omitempty"`
 	// If Refresh is enabled, the regular expression representing the secrets we want to track
@@ -107,6 +109,10 @@ func (t *azureKeyVaultTrait) Configure(environment *trait.Environment) (bool, *t
 		t.RefreshEnabled = pointer.Bool(false)
 	}
 
+	if t.AzureIdentityEnabled == nil {
+		t.AzureIdentityEnabled = pointer.Bool(false)
+	}
+
 	return true, nil, nil
 }
 
@@ -143,6 +149,7 @@ func (t *azureKeyVaultTrait) Apply(environment *trait.Environment) error {
 		environment.ApplicationProperties["camel.vault.azure.clientId"] = t.ClientID
 		environment.ApplicationProperties["camel.vault.azure.vaultName"] = t.VaultName
 		environment.ApplicationProperties["camel.vault.azure.refreshEnabled"] = strconv.FormatBool(*t.RefreshEnabled)
+		environment.ApplicationProperties["camel.vault.azure.azureIdentityEnabled"] = strconv.FormatBool(*t.AzureIdentityEnabled)
 		environment.ApplicationProperties["camel.main.context-reload-enabled"] = strconv.FormatBool(*t.ContextReloadEnabled)
 		environment.ApplicationProperties["camel.vault.azure.refreshPeriod"] = t.RefreshPeriod
 		if t.Secrets != "" {
diff --git a/addons/vault/azure/azure_key_vault_test.go b/addons/vault/azure/azure_key_vault_test.go
index 202efe9be..cc9c61171 100644
--- a/addons/vault/azure/azure_key_vault_test.go
+++ b/addons/vault/azure/azure_key_vault_test.go
@@ -152,6 +152,55 @@ func TestAzureKeyVaultTraitApplyWithSecretAndRefresh(t *testing.T) {
 	assert.True(t, true, e.ApplicationProperties["camel.vault.azure.refreshEnabled"])
 }
 
+func TestAzureKeyVaultTraitAzureIdentityEnabledApplyWithSecretAndRefresh(t *testing.T) {
+	e := createEnvironment(t, camel.QuarkusCatalog, &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: "test",
+			Name:      "my-secret1",
+		},
+		Data: map[string][]byte{
+			"azure-client-secret": []byte("my-secret-key"),
+		},
+	}, &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: "test",
+			Name:      "my-secret2",
+		},
+		Data: map[string][]byte{
+			"azure-storage-blob-key": []byte("my-access-key"),
+		},
+	})
+	azure := NewAzureKeyVaultTrait()
+	secrets, _ := azure.(*azureKeyVaultTrait)
+	secrets.Enabled = pointer.Bool(true)
+	secrets.TenantID = "tenant-id"
+	secrets.ClientID = "client-id"
+	secrets.ClientSecret = "secret:my-secret1/azure-client-secret"
+	secrets.VaultName = "my-vault"
+	secrets.RefreshEnabled = pointer.Bool(true)
+	secrets.AzureIdentityEnabled = pointer.Bool(true)
+	secrets.BlobAccessKey = "secret:my-secret2/azure-storage-blob-key"
+	secrets.BlobAccountName = "camel-k"
+	secrets.BlobContainerName = "camel-k-container"
+	ok, condition, err := secrets.Configure(e)
+	require.NoError(t, err)
+	assert.True(t, ok)
+	assert.Nil(t, condition)
+
+	err = secrets.Apply(e)
+	require.NoError(t, err)
+
+	assert.Equal(t, "client-id", e.ApplicationProperties["camel.vault.azure.clientId"])
+	assert.Equal(t, "my-secret-key", e.ApplicationProperties["camel.vault.azure.clientSecret"])
+	assert.Equal(t, "tenant-id", e.ApplicationProperties["camel.vault.azure.tenantId"])
+	assert.Equal(t, "my-vault", e.ApplicationProperties["camel.vault.azure.vaultName"])
+	assert.Equal(t, "camel-k", e.ApplicationProperties["camel.vault.azure.blobAccountName"])
+	assert.Equal(t, "camel-k-container", e.ApplicationProperties["camel.vault.azure.blobContainerName"])
+	assert.Equal(t, "my-access-key", e.ApplicationProperties["camel.vault.azure.blobAccessKey"])
+	assert.True(t, true, e.ApplicationProperties["camel.vault.azure.refreshEnabled"])
+	assert.True(t, true, e.ApplicationProperties["camel.vault.azure.azureIdentityEnabled"])
+}
+
 func createEnvironment(t *testing.T, catalogGen func() (*camel.RuntimeCatalog, error), objects ...runtime.Object) *trait.Environment {
 	t.Helper()
 
diff --git a/docs/modules/traits/pages/azure-key-vault.adoc b/docs/modules/traits/pages/azure-key-vault.adoc
index a5d8ffc69..6ff6e162d 100644
--- a/docs/modules/traits/pages/azure-key-vault.adoc
+++ b/docs/modules/traits/pages/azure-key-vault.adoc
@@ -13,7 +13,7 @@ the following trait options:
 
 To enable the automatic context reload on secrets updates you should define
 the following trait options:
--t azure-key-vault.enabled=true -t azure-key-vault.tenant-id="tenant-id" -t azure-key-vault.client-id="client-id" -t azure-key-vault.client-secret="client-secret" -t azure-key-vault.vault-name="vault-name" -t azure-key-vault.context-reload-enabled="true" -t azure-key-vault.refresh-enabled="true" -t azure-key-vault.refresh-period="30000" -t azure-key-vault.secrets="test*" -t azure-key-vault.eventhub-connection-string="connection-string" -t azure-key-vault.blob-account-name="account-name"  [...]
+-t azure-key-vault.enabled=true -t azure-key-vault.tenant-id="tenant-id" -t azure-key-vault.client-id="client-id" -t azure-key-vault.client-secret="client-secret" -t azure-key-vault.vault-name="vault-name" -t azure-key-vault.context-reload-enabled="true" -t azure-key-vault.refresh-enabled="true" -t azure-key-vault.refresh-period="30000" -t azure-key-vault.secrets="test*" -t azure-key-vault.eventhub-connection-string="connection-string" -t azure-key-vault.blob-account-name="account-name"  [...]
 
 
 This trait is available in the following profiles: **Kubernetes, Knative, OpenShift**.
@@ -67,6 +67,10 @@ Syntax: [configmap\|secret]:name[/key], where name represents the resource name,
 | bool
 | Define if we want to use the Refresh Feature for secrets
 
+| azure-key-vault.azure-identity-enabled
+| bool
+| Whether the Azure Identity Authentication should be used or not
+
 | azure-key-vault.refresh-period
 | string
 | If Refresh is enabled, this defines the interval to check the refresh event