This is an automated email from the ASF dual-hosted git repository. acosentino pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 07de2e08a93fdaf6a7cf51c661c550c2694cd40d Author: Andrea Cosentino <[email protected]> AuthorDate: Fri Sep 30 13:36:55 2022 +0200 Added Support for Azure Key Vault addon --- addons/register_azure_key_vault.go | 27 ++++++++ addons/vault/azure/azure_key_vault.go | 91 ++++++++++++++++++++++++++ addons/vault/azure/azure_key_vault_test.go | 76 +++++++++++++++++++++ addons/vault/azure/zz_desc_generated.go | 1 + addons/vault/azure/zz_generated_doc.go | 1 + docs/modules/ROOT/nav.adoc | 1 + docs/modules/traits/pages/azure-key-vault.adoc | 58 ++++++++++++++++ pkg/apis/camel/v1/common_types.go | 2 + pkg/resources/resources.go | 4 +- resources/traits.yaml | 33 ++++++++++ script/gen_doc.sh | 3 +- 11 files changed, 294 insertions(+), 3 deletions(-) diff --git a/addons/register_azure_key_vault.go b/addons/register_azure_key_vault.go new file mode 100644 index 000000000..ab0ccca8c --- /dev/null +++ b/addons/register_azure_key_vault.go @@ -0,0 +1,27 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package addons + +import ( + "github.com/apache/camel-k/addons/vault/azure" + "github.com/apache/camel-k/pkg/trait" +) + +func init() { + trait.AddToTraits(azure.NewAzureKeyVaultTrait) +} diff --git a/addons/vault/azure/azure_key_vault.go b/addons/vault/azure/azure_key_vault.go new file mode 100644 index 000000000..337ab1df6 --- /dev/null +++ b/addons/vault/azure/azure_key_vault.go @@ -0,0 +1,91 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package azure + +import ( + v1 "github.com/apache/camel-k/pkg/apis/camel/v1" + traitv1 "github.com/apache/camel-k/pkg/apis/camel/v1/trait" + "github.com/apache/camel-k/pkg/trait" + "github.com/apache/camel-k/pkg/util" + "k8s.io/utils/pointer" +) + +// The Azure Key Vault trait can be used to use secrets from Azure Key Vault service +// +// The Azure Key Vault trait is disabled by default. +// +// For more information about how to use secrets from Azure Key Vault component take a look at the components docs: xref:components::azure-key-vault-component.adoc[Azure Key Vault component] +// +// A sample execution of this trait, would require +// the following trait options: +// -t azure-key-vault.enabled=true -t azure-key-vault.tenant-id="tenant-id" -t azure-key-vault.client-id="client-id" -t azure-key-vault.client-secret="client-secret" -t azure-key-vault.vault-name="vault-name" +// +// +camel-k:trait=azure-key-vault +type Trait struct { + traitv1.Trait `property:",squash"` + // Enables automatic configuration of the trait. + Auto *bool `property:"auto" json:"auto,omitempty"` + // The Azure Tenant Id for accessing Key Vault + TenantID string `property:"tenant-id,omitempty"` + // The Azure Client Id for accessing Key Vault + ClientID string `property:"client-id,omitempty"` + // The Azure Client Secret for accessing Key Vault + ClientSecret string `property:"client-secret,omitempty"` + // The Azure Vault Name for accessing Key Vault + VaultName string `property:"vault-name,omitempty"` +} + +type azureKeyVaultTrait struct { + trait.BaseTrait + Trait `property:",squash"` +} + +func NewAzureKeyVaultTrait() trait.Trait { + return &azureKeyVaultTrait{ + BaseTrait: trait.NewBaseTrait("azure-key-vault", trait.TraitOrderBeforeControllerCreation), + } +} + +func (t *azureKeyVaultTrait) Configure(environment *trait.Environment) (bool, error) { + if !pointer.BoolDeref(t.Enabled, false) { + return false, nil + } + + if !environment.IntegrationInPhase(v1.IntegrationPhaseInitialization) && !environment.IntegrationInRunningPhases() { + return false, nil + } + + return true, nil +} + +func (t *azureKeyVaultTrait) Apply(environment *trait.Environment) error { + if environment.IntegrationInPhase(v1.IntegrationPhaseInitialization) { + util.StringSliceUniqueAdd(&environment.Integration.Status.Capabilities, v1.CapabilityAzureKeyVault) + // Add the Camel Quarkus Azure Key Vault dependency + util.StringSliceUniqueAdd(&environment.Integration.Status.Dependencies, "mvn:org.apache.camel.quarkus:camel-quarkus-azure-key-vault") + } + + if environment.IntegrationInRunningPhases() { + environment.ApplicationProperties["camel.vault.azure.tenantId"] = t.TenantID + environment.ApplicationProperties["camel.vault.azure.clientId"] = t.ClientID + environment.ApplicationProperties["camel.vault.azure.clientSecret"] = t.ClientSecret + environment.ApplicationProperties["camel.vault.azure.vaultName"] = t.VaultName + } + + return nil +} diff --git a/addons/vault/azure/azure_key_vault_test.go b/addons/vault/azure/azure_key_vault_test.go new file mode 100644 index 000000000..b074d5589 --- /dev/null +++ b/addons/vault/azure/azure_key_vault_test.go @@ -0,0 +1,76 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package azure + +import ( + "testing" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/pointer" + + v1 "github.com/apache/camel-k/pkg/apis/camel/v1" + "github.com/apache/camel-k/pkg/trait" + "github.com/apache/camel-k/pkg/util/camel" + + "github.com/stretchr/testify/assert" +) + +func TestAzureKeyVaultTraitApply(t *testing.T) { + e := createEnvironment(t, camel.QuarkusCatalog) + azure := NewAzureKeyVaultTrait() + secrets, _ := azure.(*azureKeyVaultTrait) + secrets.Enabled = pointer.Bool(true) + secrets.TenantID = "tenant-id" + secrets.ClientID = "client-id" + secrets.ClientSecret = "secret" + secrets.VaultName = "my-vault" + ok, err := secrets.Configure(e) + assert.Nil(t, err) + assert.True(t, ok) + + err = secrets.Apply(e) + assert.Nil(t, err) + + assert.Equal(t, "client-id", e.ApplicationProperties["camel.vault.azure.clientId"]) + assert.Equal(t, "secret", e.ApplicationProperties["camel.vault.azure.clientSecret"]) + assert.Equal(t, "tenant-id", e.ApplicationProperties["camel.vault.azure.tenantId"]) + assert.Equal(t, "my-vault", e.ApplicationProperties["camel.vault.azure.vaultName"]) +} + +func createEnvironment(t *testing.T, catalogGen func() (*camel.RuntimeCatalog, error)) *trait.Environment { + t.Helper() + + catalog, err := catalogGen() + assert.Nil(t, err) + + e := trait.Environment{ + CamelCatalog: catalog, + ApplicationProperties: make(map[string]string), + } + + it := v1.Integration{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + }, + Status: v1.IntegrationStatus{ + Phase: v1.IntegrationPhaseDeploying, + }, + } + e.Integration = &it + return &e +} diff --git a/addons/vault/azure/zz_desc_generated.go b/addons/vault/azure/zz_desc_generated.go new file mode 100644 index 000000000..6512f735e --- /dev/null +++ b/addons/vault/azure/zz_desc_generated.go @@ -0,0 +1 @@ +package azure diff --git a/addons/vault/azure/zz_generated_doc.go b/addons/vault/azure/zz_generated_doc.go new file mode 100644 index 000000000..6512f735e --- /dev/null +++ b/addons/vault/azure/zz_generated_doc.go @@ -0,0 +1 @@ +package azure diff --git a/docs/modules/ROOT/nav.adoc b/docs/modules/ROOT/nav.adoc index 454f040a8..a58d73f31 100644 --- a/docs/modules/ROOT/nav.adoc +++ b/docs/modules/ROOT/nav.adoc @@ -53,6 +53,7 @@ ** xref:traits:3scale.adoc[3scale] ** xref:traits:affinity.adoc[Affinity] ** xref:traits:aws-secrets-manager.adoc[Aws Secrets Manager] +** xref:traits:azure-key-vault.adoc[Azure Key Vault] ** xref:traits:builder.adoc[Builder] ** xref:traits:camel.adoc[Camel] ** xref:traits:container.adoc[Container] diff --git a/docs/modules/traits/pages/azure-key-vault.adoc b/docs/modules/traits/pages/azure-key-vault.adoc new file mode 100644 index 000000000..cef504219 --- /dev/null +++ b/docs/modules/traits/pages/azure-key-vault.adoc @@ -0,0 +1,58 @@ += Azure Key Vault Trait + +// Start of autogenerated code - DO NOT EDIT! (description) +The Azure Key Vault trait can be used to use secrets from Azure Key Vault service + +The Azure Key Vault trait is disabled by default. + +For more information about how to use secrets from Azure Key Vault component take a look at the components docs: xref:components::azure-key-vault-component.adoc[Azure Key Vault component] + +A sample execution of this trait, would require +the following trait options: +-t azure-key-vault.enabled=true -t azure-key-vault.tenant-id="tenant-id" -t azure-key-vault.client-id="client-id" -t azure-key-vault.client-secret="client-secret" -t azure-key-vault.vault-name="vault-name" + + +This trait is available in the following profiles: **Kubernetes, Knative, OpenShift**. + +// End of autogenerated code - DO NOT EDIT! (description) +// Start of autogenerated code - DO NOT EDIT! (configuration) +== Configuration + +Trait properties can be specified when running any integration with the CLI: +[source,console] +---- +$ kamel run --trait azure-key-vault.[key]=[value] --trait azure-key-vault.[key2]=[value2] integration.groovy +---- +The following configuration options are available: + +[cols="2m,1m,5a"] +|=== +|Property | Type | Description + +| azure-key-vault.enabled +| bool +| Can be used to enable or disable a trait. All traits share this common property. + +| azure-key-vault.auto +| bool +| Enables automatic configuration of the trait. + +| azure-key-vault.tenant-id,omitempty +| string +| The Azure Tenant Id for accessing Key Vault + +| azure-key-vault.client-id,omitempty +| string +| The Azure Client Id for accessing Key Vault + +| azure-key-vault.client-secret,omitempty +| string +| The Azure Client Secret for accessing Key Vault + +| azure-key-vault.vault-name,omitempty +| string +| The Azure Vault Name for accessing Key Vault + +|=== + +// End of autogenerated code - DO NOT EDIT! (configuration) diff --git a/pkg/apis/camel/v1/common_types.go b/pkg/apis/camel/v1/common_types.go index 6b141a221..d24d8c45f 100644 --- a/pkg/apis/camel/v1/common_types.go +++ b/pkg/apis/camel/v1/common_types.go @@ -310,6 +310,8 @@ const ( CapabilityAwsSecretsManager = "aws-secrets-manager" // CapabilityGcpSecretManager defines the gcp secret manager capability CapabilityGcpSecretManager = "gcp-secret-manager" + // CapabilityGcpSecretManager defines the azure key vault capability + CapabilityAzureKeyVault = "azure-key-vault" ) // +kubebuilder:object:generate=false diff --git a/pkg/resources/resources.go b/pkg/resources/resources.go index f02f8f056..ba6a2c379 100644 --- a/pkg/resources/resources.go +++ b/pkg/resources/resources.go @@ -611,9 +611,9 @@ var assets = func() http.FileSystem { "/traits.yaml": &vfsgen۰CompressedFileInfo{ name: "traits.yaml", modTime: time.Time{}, - uncompressedSize: 56535, + uncompressedSize: 57922, - compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xec\x7d\xfd\x73\x1b\x37\xb2\xe0\xef\xf9\x2b\x50\x7a\xf7\x4a\x92\x8b\xa4\x94\xec\xcb\xbe\x3c\xdd\xf9\xed\x29\xb6\xb3\xab\xc4\x1f\x3a\x4b\xc9\xbe\x2d\x9f\x6b\x09\xce\x80\x24\xcc\x19\x60\x02\x60\x24\x33\xf7\xee\x7f\xbf\x42\x77\xe3\x63\x86\x43\x91\xb2\xad\xdc\xea\xea\x36\x55\x6b\x91\x9c\x01\x1a\x8d\x46\xa3\xbf\xdb\x19\x2e\x9d\x3d\xfb\x6a\xcc\x14\xaf\xc5\x19\xfb\x83\x2d\x78\x25\xbe\x62\xac\xa9\xb8\x9b\x6b\x53\x9f\xb1\x39\x [...] + compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xec\x7d\xfd\x77\x1b\xb9\x91\xe0\xef\xfe\x2b\xf0\xb4\xb7\x4f\x92\x1f\x49\x69\x26\x9b\xec\xac\xee\xbc\x39\x8d\xed\x49\x34\xe3\x0f\x9d\xa5\x99\x6c\x9e\xcf\x2f\x04\xbb\x41\x12\x66\x37\xd0\x01\xd0\x92\x99\xdb\xfb\xdf\xef\xa1\xaa\xf0\xd1\xcd\xa6\x48\xd9\xd6\x5c\x74\xb9\xcc\x7b\xb1\x48\x76\x17\x0a\x85\x42\xa1\x50\x9f\xce\x70\xe9\xec\xd9\x93\x31\x53\xbc\x16\x67\xec\x37\xb6\xe0\x95\x78\xc2\x58\x53\x71\x37\xd7\xa6\x3e\x63\x73\x [...] }, } fs["/"].(*vfsgen۰DirInfo).entries = []os.FileInfo{ diff --git a/resources/traits.yaml b/resources/traits.yaml index 3b54c2f9a..940c7c7c1 100755 --- a/resources/traits.yaml +++ b/resources/traits.yaml @@ -99,6 +99,39 @@ traits: type: bool description: Define if we want to use the Default Credentials Provider chain as authentication method +- name: azure-key-vault + platform: false + profiles: + - Kubernetes + - Knative + - OpenShift + description: 'The Azure Key Vault trait can be used to use secrets from Azure Key + Vault service The Azure Key Vault trait is disabled by default. For more information + about how to use secrets from Azure Key Vault component take a look at the components + docs: xref:components::azure-key-vault-component.adoc[Azure Key Vault component] + A sample execution of this trait, would require the following trait options: -t + azure-key-vault.enabled=true -t azure-key-vault.tenant-id="tenant-id" -t azure-key-vault.client-id="client-id" + -t azure-key-vault.client-secret="client-secret" -t azure-key-vault.vault-name="vault-name"' + properties: + - name: enabled + type: bool + description: Can be used to enable or disable a trait. All traits share this common + property. + - name: auto + type: bool + description: Enables automatic configuration of the trait. + - name: tenant-id,omitempty + type: string + description: The Azure Tenant Id for accessing Key Vault + - name: client-id,omitempty + type: string + description: The Azure Client Id for accessing Key Vault + - name: client-secret,omitempty + type: string + description: The Azure Client Secret for accessing Key Vault + - name: vault-name,omitempty + type: string + description: The Azure Vault Name for accessing Key Vault - name: builder platform: true profiles: diff --git a/script/gen_doc.sh b/script/gen_doc.sh index ef0679000..523d0cdc7 100755 --- a/script/gen_doc.sh +++ b/script/gen_doc.sh @@ -32,5 +32,6 @@ go run ./cmd/util/doc-gen \ --input-dirs github.com/apache/camel-k/addons/threescale \ --input-dirs github.com/apache/camel-k/addons/tracing \ --input-dirs github.com/apache/camel-k/addons/vault/aws \ - --input-dirs github.com/apache/camel-k/addons/vault/gcp + --input-dirs github.com/apache/camel-k/addons/vault/gcp \ + --input-dirs github.com/apache/camel-k/addons/vault/azure echo "Generating traits documentation... done!"
