(camel-k) branch main updated: Azure Key Vault Trait: Support Azure Identity as authentication method (#5244)

acosentino Tue, 12 Mar 2024 08:24:45 -0700

This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git



The following commit(s) were added to refs/heads/main by this push:
     new 5999bc8d1 Azure Key Vault Trait: Support Azure Identity as 
authentication method (#5244)
5999bc8d1 is described below

commit 5999bc8d17a384867b87967c9d4d36c58e54e3c7
Author: Andrea Cosentino <[email protected]>
AuthorDate: Tue Mar 12 16:24:32 2024 +0100

    Azure Key Vault Trait: Support Azure Identity as authentication method 
(#5244)
    
    Signed-off-by: Andrea Cosentino <[email protected]>
---
 addons/vault/azure/azure_key_vault.go          |  9 ++++-
 addons/vault/azure/azure_key_vault_test.go     | 49 ++++++++++++++++++++++++++
 docs/modules/traits/pages/azure-key-vault.adoc |  6 +++-
 3 files changed, 62 insertions(+), 2 deletions(-)

diff --git a/addons/vault/azure/azure_key_vault.go 
b/addons/vault/azure/azure_key_vault.go
index 6a639442b..a02fd2c17 100644
--- a/addons/vault/azure/azure_key_vault.go
+++ b/addons/vault/azure/azure_key_vault.go
@@ -42,7 +42,7 @@ import (
 //
 // To enable the automatic context reload on secrets updates you should define
 // the following trait options:
-// -t azure-key-vault.enabled=true -t azure-key-vault.tenant-id="tenant-id" -t 
azure-key-vault.client-id="client-id" -t 
azure-key-vault.client-secret="client-secret" -t 
azure-key-vault.vault-name="vault-name" -t 
azure-key-vault.context-reload-enabled="true" -t 
azure-key-vault.refresh-enabled="true" -t 
azure-key-vault.refresh-period="30000" -t azure-key-vault.secrets="test*" -t 
azure-key-vault.eventhub-connection-string="connection-string" -t 
azure-key-vault.blob-account-name="account-nam [...]
+// -t azure-key-vault.enabled=true -t azure-key-vault.tenant-id="tenant-id" -t 
azure-key-vault.client-id="client-id" -t 
azure-key-vault.client-secret="client-secret" -t 
azure-key-vault.vault-name="vault-name" -t 
azure-key-vault.context-reload-enabled="true" -t 
azure-key-vault.refresh-enabled="true" -t 
azure-key-vault.refresh-period="30000" -t azure-key-vault.secrets="test*" -t 
azure-key-vault.eventhub-connection-string="connection-string" -t 
azure-key-vault.blob-account-name="account-nam [...]
 //
 // +camel-k:trait=azure-key-vault.
 type Trait struct {
@@ -63,6 +63,8 @@ type Trait struct {
        ContextReloadEnabled *bool `property:"context-reload-enabled" 
json:"contextReloadEnabled,omitempty"`
        // Define if we want to use the Refresh Feature for secrets
        RefreshEnabled *bool `property:"refresh-enabled" 
json:"refreshEnabled,omitempty"`
+       // Whether the Azure Identity Authentication should be used or not
+       AzureIdentityEnabled *bool `property:"azure-identity-enabled" 
json:"azureIdentityEnabled,omitempty"`
        // If Refresh is enabled, this defines the interval to check the 
refresh event
        RefreshPeriod string `property:"refresh-period" 
json:"refreshPeriod,omitempty"`
        // If Refresh is enabled, the regular expression representing the 
secrets we want to track
@@ -107,6 +109,10 @@ func (t *azureKeyVaultTrait) Configure(environment 
*trait.Environment) (bool, *t
                t.RefreshEnabled = pointer.Bool(false)
        }
 
+       if t.AzureIdentityEnabled == nil {
+               t.AzureIdentityEnabled = pointer.Bool(false)
+       }
+
        return true, nil, nil
 }
 
@@ -143,6 +149,7 @@ func (t *azureKeyVaultTrait) Apply(environment 
*trait.Environment) error {
                environment.ApplicationProperties["camel.vault.azure.clientId"] 
= t.ClientID
                
environment.ApplicationProperties["camel.vault.azure.vaultName"] = t.VaultName
                
environment.ApplicationProperties["camel.vault.azure.refreshEnabled"] = 
strconv.FormatBool(*t.RefreshEnabled)
+               
environment.ApplicationProperties["camel.vault.azure.azureIdentityEnabled"] = 
strconv.FormatBool(*t.AzureIdentityEnabled)
                
environment.ApplicationProperties["camel.main.context-reload-enabled"] = 
strconv.FormatBool(*t.ContextReloadEnabled)
                
environment.ApplicationProperties["camel.vault.azure.refreshPeriod"] = 
t.RefreshPeriod
                if t.Secrets != "" {
diff --git a/addons/vault/azure/azure_key_vault_test.go 
b/addons/vault/azure/azure_key_vault_test.go
index 202efe9be..cc9c61171 100644
--- a/addons/vault/azure/azure_key_vault_test.go
+++ b/addons/vault/azure/azure_key_vault_test.go
@@ -152,6 +152,55 @@ func TestAzureKeyVaultTraitApplyWithSecretAndRefresh(t 
*testing.T) {
        assert.True(t, true, 
e.ApplicationProperties["camel.vault.azure.refreshEnabled"])
 }
 
+func TestAzureKeyVaultTraitAzureIdentityEnabledApplyWithSecretAndRefresh(t 
*testing.T) {
+       e := createEnvironment(t, camel.QuarkusCatalog, &corev1.Secret{
+               ObjectMeta: metav1.ObjectMeta{
+                       Namespace: "test",
+                       Name:      "my-secret1",
+               },
+               Data: map[string][]byte{
+                       "azure-client-secret": []byte("my-secret-key"),
+               },
+       }, &corev1.Secret{
+               ObjectMeta: metav1.ObjectMeta{
+                       Namespace: "test",
+                       Name:      "my-secret2",
+               },
+               Data: map[string][]byte{
+                       "azure-storage-blob-key": []byte("my-access-key"),
+               },
+       })
+       azure := NewAzureKeyVaultTrait()
+       secrets, _ := azure.(*azureKeyVaultTrait)
+       secrets.Enabled = pointer.Bool(true)
+       secrets.TenantID = "tenant-id"
+       secrets.ClientID = "client-id"
+       secrets.ClientSecret = "secret:my-secret1/azure-client-secret"
+       secrets.VaultName = "my-vault"
+       secrets.RefreshEnabled = pointer.Bool(true)
+       secrets.AzureIdentityEnabled = pointer.Bool(true)
+       secrets.BlobAccessKey = "secret:my-secret2/azure-storage-blob-key"
+       secrets.BlobAccountName = "camel-k"
+       secrets.BlobContainerName = "camel-k-container"
+       ok, condition, err := secrets.Configure(e)
+       require.NoError(t, err)
+       assert.True(t, ok)
+       assert.Nil(t, condition)
+
+       err = secrets.Apply(e)
+       require.NoError(t, err)
+
+       assert.Equal(t, "client-id", 
e.ApplicationProperties["camel.vault.azure.clientId"])
+       assert.Equal(t, "my-secret-key", 
e.ApplicationProperties["camel.vault.azure.clientSecret"])
+       assert.Equal(t, "tenant-id", 
e.ApplicationProperties["camel.vault.azure.tenantId"])
+       assert.Equal(t, "my-vault", 
e.ApplicationProperties["camel.vault.azure.vaultName"])
+       assert.Equal(t, "camel-k", 
e.ApplicationProperties["camel.vault.azure.blobAccountName"])
+       assert.Equal(t, "camel-k-container", 
e.ApplicationProperties["camel.vault.azure.blobContainerName"])
+       assert.Equal(t, "my-access-key", 
e.ApplicationProperties["camel.vault.azure.blobAccessKey"])
+       assert.True(t, true, 
e.ApplicationProperties["camel.vault.azure.refreshEnabled"])
+       assert.True(t, true, 
e.ApplicationProperties["camel.vault.azure.azureIdentityEnabled"])
+}
+
 func createEnvironment(t *testing.T, catalogGen func() (*camel.RuntimeCatalog, 
error), objects ...runtime.Object) *trait.Environment {
        t.Helper()
 
diff --git a/docs/modules/traits/pages/azure-key-vault.adoc 
b/docs/modules/traits/pages/azure-key-vault.adoc
index a5d8ffc69..6ff6e162d 100644
--- a/docs/modules/traits/pages/azure-key-vault.adoc
+++ b/docs/modules/traits/pages/azure-key-vault.adoc
@@ -13,7 +13,7 @@ the following trait options:
 
 To enable the automatic context reload on secrets updates you should define
 the following trait options:
--t azure-key-vault.enabled=true -t azure-key-vault.tenant-id="tenant-id" -t 
azure-key-vault.client-id="client-id" -t 
azure-key-vault.client-secret="client-secret" -t 
azure-key-vault.vault-name="vault-name" -t 
azure-key-vault.context-reload-enabled="true" -t 
azure-key-vault.refresh-enabled="true" -t 
azure-key-vault.refresh-period="30000" -t azure-key-vault.secrets="test*" -t 
azure-key-vault.eventhub-connection-string="connection-string" -t 
azure-key-vault.blob-account-name="account-name"  [...]
+-t azure-key-vault.enabled=true -t azure-key-vault.tenant-id="tenant-id" -t 
azure-key-vault.client-id="client-id" -t 
azure-key-vault.client-secret="client-secret" -t 
azure-key-vault.vault-name="vault-name" -t 
azure-key-vault.context-reload-enabled="true" -t 
azure-key-vault.refresh-enabled="true" -t 
azure-key-vault.refresh-period="30000" -t azure-key-vault.secrets="test*" -t 
azure-key-vault.eventhub-connection-string="connection-string" -t 
azure-key-vault.blob-account-name="account-name"  [...]
 
 
 This trait is available in the following profiles: **Kubernetes, Knative, 
OpenShift**.
@@ -67,6 +67,10 @@ Syntax: [configmap\|secret]:name[/key], where name 
represents the resource name,
 | bool
 | Define if we want to use the Refresh Feature for secrets
 
+| azure-key-vault.azure-identity-enabled
+| bool
+| Whether the Azure Identity Authentication should be used or not
+
 | azure-key-vault.refresh-period
 | string
 | If Refresh is enabled, this defines the interval to check the refresh event

(camel-k) branch main updated: Azure Key Vault Trait: Support Azure Identity as authentication method (#5244)

Reply via email to