This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch backport-aws-sec-manager-vault-1.10.x
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit b725b65f24de2f017587055bacf2c2030da02f66
Author: Andrea Cosentino <anco...@gmail.com>
AuthorDate: Tue Sep 27 12:31:16 2022 +0200
Added Support AWS Secrets Manager Vault from Camel
---
addons/register_aws_secrets.go | 27 +++++++++
addons/vault/aws_secrets_manager.go | 97 +++++++++++++++++++++++++++++++
addons/vault/aws_secrets_manager_test.go | 99 ++++++++++++++++++++++++++++++++
pkg/apis/camel/v1/common_types.go | 2 +
4 files changed, 225 insertions(+)
diff --git a/addons/register_aws_secrets.go b/addons/register_aws_secrets.go
new file mode 100644
index 000000000..ee5463903
--- /dev/null
+++ b/addons/register_aws_secrets.go
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package addons
+
+import (
+ "github.com/apache/camel-k/addons/vault"
+ "github.com/apache/camel-k/pkg/trait"
+)
+
+func init() {
+ trait.AddToTraits(vault.NewAwsSecretsManagerTrait)
+}
diff --git a/addons/vault/aws_secrets_manager.go
b/addons/vault/aws_secrets_manager.go
new file mode 100644
index 000000000..63841bd85
--- /dev/null
+++ b/addons/vault/aws_secrets_manager.go
@@ -0,0 +1,97 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package vault
+
+import (
+ "strconv"
+
+ v1 "github.com/apache/camel-k/pkg/apis/camel/v1"
+ traitv1 "github.com/apache/camel-k/pkg/apis/camel/v1/trait"
+ "github.com/apache/camel-k/pkg/trait"
+ "github.com/apache/camel-k/pkg/util"
+ "k8s.io/utils/pointer"
+)
+
+// The Secrets Manager trait can be used to use secrets from AWS Secrets
Manager
+//
+// The AWS Secrets Manager trait is disabled by default.
+//
+// A sample execution of this trait, would require
+// the following trait options:
+// -t aws-secrets-manager.enabled=true -t
aws-secrets-manager.access-key="aws-access-key" -t
aws-secrets-manager.secret-key="aws-secret-key" -t
aws-secrets-manager.region="aws-region"
+//
+// +camel-k:trait=aws-secrets-manager.
+
+type Trait struct {
+ traitv1.Trait `property:",squash"`
+ // Enables automatic configuration of the trait.
+ Auto *bool `property:"auto" json:"auto,omitempty"`
+ // The AWS Access Key to use
+ AccessKey string `property:"access-key,omitempty"`
+ // The AWS Secret Key to use
+ SecretKey string `property:"secret-key,omitempty"`
+ // The AWS Region to use
+ Region string `property:"region,omitempty"`
+ // The adapter-specific policy to use when filling the cache (use:
minimizing / maximizing). Check
+ // the component documentation if unsure
+ UseDefaultCredentialsProvider *bool
`property:"use-default-credentials-provider,omitempty"`
+}
+
+type awsSecretsManagerTrait struct {
+ trait.BaseTrait
+ Trait `property:",squash"`
+}
+
+func NewAwsSecretsManagerTrait() trait.Trait {
+ return &awsSecretsManagerTrait{
+ BaseTrait: trait.NewBaseTrait("aws-secrets-manager",
trait.TraitOrderBeforeControllerCreation),
+ }
+}
+
+func (t *awsSecretsManagerTrait) Configure(environment *trait.Environment)
(bool, error) {
+ if !pointer.BoolDeref(t.Enabled, false) {
+ return false, nil
+ }
+
+ if !environment.IntegrationInPhase(v1.IntegrationPhaseInitialization)
&& !environment.IntegrationInRunningPhases() {
+ return false, nil
+ }
+
+ if t.UseDefaultCredentialsProvider == nil {
+ t.UseDefaultCredentialsProvider = pointer.Bool(false)
+ }
+
+ return true, nil
+}
+
+func (t *awsSecretsManagerTrait) Apply(environment *trait.Environment) error {
+ if environment.IntegrationInPhase(v1.IntegrationPhaseInitialization) {
+
util.StringSliceUniqueAdd(&environment.Integration.Status.Capabilities,
v1.CapabilityAwsSecretsManager)
+ // Add the Camel Quarkus AWS Secrets Manager
+
util.StringSliceUniqueAdd(&environment.Integration.Status.Dependencies,
"mvn:org.apache.camel.quarkus:camel-quarkus-aws-secrets-manager")
+ }
+
+ if environment.IntegrationInRunningPhases() {
+ environment.ApplicationProperties["camel.vault.aws.accessKey"]
= t.AccessKey
+ environment.ApplicationProperties["camel.vault.aws.secretKey"]
= t.SecretKey
+ environment.ApplicationProperties["camel.vault.aws.region"] =
t.Region
+
environment.ApplicationProperties["camel.vault.aws.defaultCredentialsProvider"]
= strconv.FormatBool(*t.UseDefaultCredentialsProvider)
+ }
+
+ return nil
+}
diff --git a/addons/vault/aws_secrets_manager_test.go
b/addons/vault/aws_secrets_manager_test.go
new file mode 100644
index 000000000..dce61d807
--- /dev/null
+++ b/addons/vault/aws_secrets_manager_test.go
@@ -0,0 +1,99 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package vault
+
+import (
+ "testing"
+
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/utils/pointer"
+
+ v1 "github.com/apache/camel-k/pkg/apis/camel/v1"
+ "github.com/apache/camel-k/pkg/trait"
+ "github.com/apache/camel-k/pkg/util/camel"
+
+ "github.com/stretchr/testify/assert"
+)
+
+func TestAwsSecretsManagerTraitApply(t *testing.T) {
+ e := createEnvironment(t, camel.QuarkusCatalog)
+ aws := NewAwsSecretsManagerTrait()
+ secrets, _ := aws.(*awsSecretsManagerTrait)
+ secrets.Enabled = pointer.Bool(true)
+ secrets.UseDefaultCredentialsProvider = pointer.Bool(false)
+ secrets.Region = "eu-west-1"
+ secrets.AccessKey = "access-key"
+ secrets.SecretKey = "secret-key"
+ ok, err := secrets.Configure(e)
+ assert.Nil(t, err)
+ assert.True(t, ok)
+
+ err = secrets.Apply(e)
+ assert.Nil(t, err)
+
+ assert.Empty(t, e.ApplicationProperties["quarkus.jaeger.enabled"])
+ assert.Equal(t, "eu-west-1",
e.ApplicationProperties["camel.vault.aws.region"])
+ assert.Equal(t, "access-key",
e.ApplicationProperties["camel.vault.aws.accessKey"])
+ assert.Equal(t, "secret-key",
e.ApplicationProperties["camel.vault.aws.secretKey"])
+ assert.Equal(t, "false",
e.ApplicationProperties["camel.vault.aws.defaultCredentialsProvider"])
+}
+
+func TestAwsSecretsManagerTraitNoDefaultCreds(t *testing.T) {
+ e := createEnvironment(t, camel.QuarkusCatalog)
+ aws := NewAwsSecretsManagerTrait()
+ secrets, _ := aws.(*awsSecretsManagerTrait)
+ secrets.Enabled = pointer.Bool(true)
+ secrets.Region = "eu-west-1"
+ secrets.AccessKey = "access-key"
+ secrets.SecretKey = "secret-key"
+ ok, err := secrets.Configure(e)
+ assert.Nil(t, err)
+ assert.True(t, ok)
+
+ err = secrets.Apply(e)
+ assert.Nil(t, err)
+
+ assert.Empty(t, e.ApplicationProperties["quarkus.jaeger.enabled"])
+ assert.Equal(t, "eu-west-1",
e.ApplicationProperties["camel.vault.aws.region"])
+ assert.Equal(t, "access-key",
e.ApplicationProperties["camel.vault.aws.accessKey"])
+ assert.Equal(t, "secret-key",
e.ApplicationProperties["camel.vault.aws.secretKey"])
+ assert.Equal(t, "false",
e.ApplicationProperties["camel.vault.aws.defaultCredentialsProvider"])
+}
+
+func createEnvironment(t *testing.T, catalogGen func() (*camel.RuntimeCatalog,
error)) *trait.Environment {
+ t.Helper()
+
+ catalog, err := catalogGen()
+ assert.Nil(t, err)
+
+ e := trait.Environment{
+ CamelCatalog: catalog,
+ ApplicationProperties: make(map[string]string),
+ }
+
+ it := v1.Integration{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "test",
+ },
+ Status: v1.IntegrationStatus{
+ Phase: v1.IntegrationPhaseDeploying,
+ },
+ }
+ e.Integration = &it
+ return &e
+}
diff --git a/pkg/apis/camel/v1/common_types.go
b/pkg/apis/camel/v1/common_types.go
index 4a585256c..2e7e485a4 100644
--- a/pkg/apis/camel/v1/common_types.go
+++ b/pkg/apis/camel/v1/common_types.go
@@ -306,6 +306,8 @@ const (
CapabilityMaster = "master"
// CapabilityResumeKafka defines the resume capability
CapabilityResumeKafka = "resume-kafka"
+ // CapabilityAwsSecretsManager defines the aws secrets manager
capability
+ CapabilityAwsSecretsManager = "aws-secrets-manager"
)
// +kubebuilder:object:generate=false
