You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ac...@apache.org on 2023/02/06 13:45:53 UTC
[camel-k] branch main updated (57361bf46 -> 32cefead7)
This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git
from 57361bf46 chore: changelog automatic update
new 901c8bac0 feat(vault): Support Hashicorp Vault as secrets properties source
new 32cefead7 feat(vault): Support Hashicorp Vault as secrets properties source - Generated docs
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../hashicorp_vault.go} | 57 ++++++++++++----------
.../hashicorp_vault_test.go} | 27 +++++-----
docs/modules/ROOT/nav.adoc | 1 +
docs/modules/traits/pages/hashicorp-vault.adoc | 0
pkg/resources/resources.go | 4 +-
resources/traits.yaml | 36 ++++++++++++++
script/gen_doc.sh | 3 +-
7 files changed, 86 insertions(+), 42 deletions(-)
copy addons/vault/{azure/azure_key_vault.go => hashicorp/hashicorp_vault.go} (50%)
copy addons/vault/{azure/azure_key_vault_test.go => hashicorp/hashicorp_vault_test.go} (68%)
create mode 100644 docs/modules/traits/pages/hashicorp-vault.adoc
[camel-k] 01/02: feat(vault): Support Hashicorp Vault as secrets properties source
Posted by ac...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 901c8bac0e4a26845313dcfc5e7841ed3ed16c19
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Mon Feb 6 13:58:06 2023 +0100
feat(vault): Support Hashicorp Vault as secrets properties source
Signed-off-by: Andrea Cosentino <an...@gmail.com>
---
addons/vault/hashicorp/hashicorp_vault.go | 94 ++++++++++++++++++++++++++
addons/vault/hashicorp/hashicorp_vault_test.go | 79 ++++++++++++++++++++++
2 files changed, 173 insertions(+)
diff --git a/addons/vault/hashicorp/hashicorp_vault.go b/addons/vault/hashicorp/hashicorp_vault.go
new file mode 100644
index 000000000..0419a21a7
--- /dev/null
+++ b/addons/vault/hashicorp/hashicorp_vault.go
@@ -0,0 +1,94 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package hashicorp
+
+import (
+ v1 "github.com/apache/camel-k/pkg/apis/camel/v1"
+ traitv1 "github.com/apache/camel-k/pkg/apis/camel/v1/trait"
+ "github.com/apache/camel-k/pkg/trait"
+ "github.com/apache/camel-k/pkg/util"
+ "k8s.io/utils/pointer"
+)
+
+// The Hashicorp Vault trait can be used to use secrets from Hashicorp Vault
+//
+// The Hashicorp Vault trait is disabled by default.
+//
+// For more information about how to use secrets from Hashicorp vault take a look at the components docs: xref:components::hashicorp-vault-component.adoc[Hashicorp Vault component]
+//
+// A sample execution of this trait, would require
+// the following trait options:
+// -t hashicorp-vault.enabled=true -t hashicorp-vault.token="token" -t hashicorp-vault.port="port" -t hashicorp-vault.engine="engine" -t hashicorp-vault.port="port" -t hashicorp-vault.scheme="scheme"
+//
+// +camel-k:trait=aws-secrets-manager.
+type Trait struct {
+ traitv1.Trait `property:",squash"`
+ // Enables automatic configuration of the trait.
+ Auto *bool `property:"auto" json:"auto,omitempty"`
+ // The Host to use
+ Host string `property:"host,omitempty"`
+ // The Port to use
+ Port string `property:"port,omitempty"`
+ // The Hashicorp engine to use
+ Engine string `property:"engine,omitempty"`
+ // The token to access Hashicorp Vault
+ Token string `property:"token,omitempty"`
+ // The scheme to access Hashicorp Vault
+ Scheme string `property:"scheme,omitempty"`
+}
+
+type hashicorpVaultTrait struct {
+ trait.BaseTrait
+ Trait `property:",squash"`
+}
+
+func NewHashicorpVaultTrait() trait.Trait {
+ return &hashicorpVaultTrait{
+ BaseTrait: trait.NewBaseTrait("hashicorp-vault", trait.TraitOrderBeforeControllerCreation),
+ }
+}
+
+func (t *hashicorpVaultTrait) Configure(environment *trait.Environment) (bool, error) {
+ if !pointer.BoolDeref(t.Enabled, false) {
+ return false, nil
+ }
+
+ if !environment.IntegrationInPhase(v1.IntegrationPhaseInitialization) && !environment.IntegrationInRunningPhases() {
+ return false, nil
+ }
+
+ return true, nil
+}
+
+func (t *hashicorpVaultTrait) Apply(environment *trait.Environment) error {
+ if environment.IntegrationInPhase(v1.IntegrationPhaseInitialization) {
+ util.StringSliceUniqueAdd(&environment.Integration.Status.Capabilities, v1.CapabilityAwsSecretsManager)
+ // Add the Camel Quarkus AWS Secrets Manager
+ util.StringSliceUniqueAdd(&environment.Integration.Status.Dependencies, "mvn:org.apache.camel.quarkus:camel-quarkus-hashicorp-vault")
+ }
+
+ if environment.IntegrationInRunningPhases() {
+ environment.ApplicationProperties["camel.vault.hashicorp.token"] = t.Token
+ environment.ApplicationProperties["camel.vault.hashicorp.host"] = t.Host
+ environment.ApplicationProperties["camel.vault.hashicorp.port"] = t.Port
+ environment.ApplicationProperties["camel.vault.hashicorp.engine"] = t.Engine
+ environment.ApplicationProperties["camel.vault.hashicorp.scheme"] = t.Scheme
+ }
+
+ return nil
+}
diff --git a/addons/vault/hashicorp/hashicorp_vault_test.go b/addons/vault/hashicorp/hashicorp_vault_test.go
new file mode 100644
index 000000000..53babdfaf
--- /dev/null
+++ b/addons/vault/hashicorp/hashicorp_vault_test.go
@@ -0,0 +1,79 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package hashicorp
+
+import (
+ "testing"
+
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/utils/pointer"
+
+ v1 "github.com/apache/camel-k/pkg/apis/camel/v1"
+ "github.com/apache/camel-k/pkg/trait"
+ "github.com/apache/camel-k/pkg/util/camel"
+
+ "github.com/stretchr/testify/assert"
+)
+
+func TestHashicorpVaultTraitApply(t *testing.T) {
+ e := createEnvironment(t, camel.QuarkusCatalog)
+ hashicorp := NewHashicorpVaultTrait()
+ secrets, _ := hashicorp.(*hashicorpVaultTrait)
+ secrets.Enabled = pointer.Bool(true)
+ secrets.Engine = "test"
+ secrets.Token = "wwww.testx1234590"
+ secrets.Host = "localhost"
+ secrets.Port = "9091"
+ secrets.Scheme = "http"
+ ok, err := secrets.Configure(e)
+ assert.Nil(t, err)
+ assert.True(t, ok)
+
+ err = secrets.Apply(e)
+ assert.Nil(t, err)
+
+ assert.Empty(t, e.ApplicationProperties["quarkus.jaeger.enabled"])
+ assert.Equal(t, "test", e.ApplicationProperties["camel.vault.hashicorp.engine"])
+ assert.Equal(t, "wwww.testx1234590", e.ApplicationProperties["camel.vault.hashicorp.token"])
+ assert.Equal(t, "localhost", e.ApplicationProperties["camel.vault.hashicorp.host"])
+ assert.Equal(t, "9091", e.ApplicationProperties["camel.vault.hashicorp.port"])
+ assert.Equal(t, "http", e.ApplicationProperties["camel.vault.hashicorp.scheme"])
+}
+
+func createEnvironment(t *testing.T, catalogGen func() (*camel.RuntimeCatalog, error)) *trait.Environment {
+ t.Helper()
+
+ catalog, err := catalogGen()
+ assert.Nil(t, err)
+
+ e := trait.Environment{
+ CamelCatalog: catalog,
+ ApplicationProperties: make(map[string]string),
+ }
+
+ it := v1.Integration{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "test",
+ },
+ Status: v1.IntegrationStatus{
+ Phase: v1.IntegrationPhaseDeploying,
+ },
+ }
+ e.Integration = &it
+ return &e
+}
[camel-k] 02/02: feat(vault): Support Hashicorp Vault as secrets properties source - Generated docs
Posted by ac...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 32cefead7a3e1d9abc918bd699d6f78e4610cd01
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Mon Feb 6 14:06:51 2023 +0100
feat(vault): Support Hashicorp Vault as secrets properties source - Generated docs
Signed-off-by: Andrea Cosentino <an...@gmail.com>
---
addons/vault/hashicorp/hashicorp_vault.go | 2 +-
docs/modules/ROOT/nav.adoc | 1 +
docs/modules/traits/pages/hashicorp-vault.adoc | 0
pkg/resources/resources.go | 4 +--
resources/traits.yaml | 36 ++++++++++++++++++++++++++
script/gen_doc.sh | 3 ++-
6 files changed, 42 insertions(+), 4 deletions(-)
diff --git a/addons/vault/hashicorp/hashicorp_vault.go b/addons/vault/hashicorp/hashicorp_vault.go
index 0419a21a7..3c7818638 100644
--- a/addons/vault/hashicorp/hashicorp_vault.go
+++ b/addons/vault/hashicorp/hashicorp_vault.go
@@ -35,7 +35,7 @@ import (
// the following trait options:
// -t hashicorp-vault.enabled=true -t hashicorp-vault.token="token" -t hashicorp-vault.port="port" -t hashicorp-vault.engine="engine" -t hashicorp-vault.port="port" -t hashicorp-vault.scheme="scheme"
//
-// +camel-k:trait=aws-secrets-manager.
+// +camel-k:trait=hashicorp-vault.
type Trait struct {
traitv1.Trait `property:",squash"`
// Enables automatic configuration of the trait.
diff --git a/docs/modules/ROOT/nav.adoc b/docs/modules/ROOT/nav.adoc
index a9919e50a..5087a8ad3 100644
--- a/docs/modules/ROOT/nav.adoc
+++ b/docs/modules/ROOT/nav.adoc
@@ -55,6 +55,7 @@
** xref:traits:3scale.adoc[3Scale]
** xref:traits:affinity.adoc[Affinity]
** xref:traits:aws-secrets-manager.adoc[Aws Secrets Manager]
+** xref:traits:aws-secrets-manager.adoc[Aws Secrets Manager]
** xref:traits:azure-key-vault.adoc[Azure Key Vault]
** xref:traits:builder.adoc[Builder]
** xref:traits:camel.adoc[Camel]
diff --git a/docs/modules/traits/pages/hashicorp-vault.adoc b/docs/modules/traits/pages/hashicorp-vault.adoc
new file mode 100644
index 000000000..e69de29bb
diff --git a/pkg/resources/resources.go b/pkg/resources/resources.go
index 2bf047ab2..b2920f81a 100644
--- a/pkg/resources/resources.go
+++ b/pkg/resources/resources.go
@@ -611,9 +611,9 @@ var assets = func() http.FileSystem {
"/traits.yaml": &vfsgen۰CompressedFileInfo{
name: "traits.yaml",
modTime: time.Time{},
- uncompressedSize: 58334,
+ uncompressedSize: 59727,
- compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xec\xbd\xfd\x73\x1c\x37\x92\x20\xfa\xbb\xfe\x0a\x04\xf7\x6d\x90\xd4\xeb\x6e\xca\x9e\xf5\xac\x97\xef\x69\xe7\x68\x59\x9e\xa1\xad\x0f\x9e\x48\x7b\x76\x42\xa7\x98\x46\x57\xa1\xbb\xa1\xae\x02\x6a\x00\x14\xc9\xf6\xed\xfd\xef\x17\xc8\x4c\x7c\x54\x75\x35\xbb\x29\x89\xbe\xe1\xcd\xee\x44\xac\x45\xb2\x90\x48\x24\x12\x89\x44\x7e\x3a\xc3\xa5\xb3\xa7\x4f\xc6\x4c\xf1\x5a\x9c\xb2\xdf\xd9\x82\x57\xe2\x09\x63\x4d\xc5\xdd\x5c\x9b\xfa\x [...]
+ compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xec\xbd\xfd\x77\x1b\x37\x92\x28\xfa\xbb\xff\x0a\x1c\xee\xdb\x23\xc9\x8f\xa4\x9c\xcc\x66\x36\xab\xf7\xbc\xf3\x14\xc7\x99\x51\xe2\x0f\x3d\x4b\xc9\xec\x1c\x5f\x9f\x21\xd8\x0d\x92\x30\x9b\x40\x0f\x80\x96\xc4\xdc\xbd\xff\xfb\x3d\xa8\x2a\x7c\x74\xb3\x29\x92\xb6\x95\x1d\xdd\xd9\x99\x73\x62\x91\xec\x2e\x14\x0a\x85\x42\xa1\x3e\x9d\xe1\xd2\xd9\xb3\x27\x23\xa6\xf8\x4a\x9c\xb1\xdf\xd9\x82\x57\xe2\x09\x63\x75\xc5\xdd\x4c\x9b\xd5\x [...]
},
}
fs["/"].(*vfsgen۰DirInfo).entries = []os.FileInfo{
diff --git a/resources/traits.yaml b/resources/traits.yaml
index a5fef3a9f..a56ea725f 100755
--- a/resources/traits.yaml
+++ b/resources/traits.yaml
@@ -99,6 +99,42 @@ traits:
type: bool
description: Define if we want to use the Default Credentials Provider chain as
authentication method
+- name: aws-secrets-manager
+ platform: false
+ profiles:
+ - Kubernetes
+ - Knative
+ - OpenShift
+ description: 'The Hashicorp Vault trait can be used to use secrets from Hashicorp
+ Vault The Hashicorp Vault trait is disabled by default. For more information about
+ how to use secrets from Hashicorp vault take a look at the components docs: xref:components::hashicorp-vault-component.adoc[Hashicorp
+ Vault component] A sample execution of this trait, would require the following
+ trait options: -t hashicorp-vault.enabled=true -t hashicorp-vault.token="token"
+ -t hashicorp-vault.port="port" -t hashicorp-vault.engine="engine" -t hashicorp-vault.port="port"
+ -t hashicorp-vault.scheme="scheme"'
+ properties:
+ - name: enabled
+ type: bool
+ description: Can be used to enable or disable a trait. All traits share this common
+ property.
+ - name: auto
+ type: bool
+ description: Enables automatic configuration of the trait.
+ - name: host,omitempty
+ type: string
+ description: The Host to use
+ - name: port,omitempty
+ type: string
+ description: The Port to use
+ - name: engine,omitempty
+ type: string
+ description: The Hashicorp engine to use
+ - name: token,omitempty
+ type: string
+ description: The token to access Hashicorp Vault
+ - name: scheme,omitempty
+ type: string
+ description: The scheme to access Hashicorp Vault
- name: azure-key-vault
platform: false
profiles:
diff --git a/script/gen_doc.sh b/script/gen_doc.sh
index 76982a18b..6594403ca 100755
--- a/script/gen_doc.sh
+++ b/script/gen_doc.sh
@@ -34,5 +34,6 @@ go run ./cmd/util/doc-gen \
--input-dirs github.com/apache/camel-k/addons/telemetry \
--input-dirs github.com/apache/camel-k/addons/vault/aws \
--input-dirs github.com/apache/camel-k/addons/vault/gcp \
- --input-dirs github.com/apache/camel-k/addons/vault/azure
+ --input-dirs github.com/apache/camel-k/addons/vault/azure \
+ --input-dirs github.com/apache/camel-k/addons/vault/hashicorp
echo "Generating traits documentation... done!"