This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch release-1.10.x
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit fb1ce5486a9fa8646149c2490cf80c5dd5fe85c8
Author: Andrea Cosentino <anco...@gmail.com>
AuthorDate: Fri Sep 30 13:36:55 2022 +0200
Added Support for Azure Key Vault addon
---
addons/register_azure_key_vault.go | 27 ++++++++
addons/vault/azure/azure_key_vault.go | 91 ++++++++++++++++++++++++++
addons/vault/azure/azure_key_vault_test.go | 76 +++++++++++++++++++++
addons/vault/azure/zz_desc_generated.go | 1 +
addons/vault/azure/zz_generated_doc.go | 1 +
docs/modules/ROOT/nav.adoc | 1 +
docs/modules/traits/pages/azure-key-vault.adoc | 58 ++++++++++++++++
pkg/apis/camel/v1/common_types.go | 2 +
pkg/resources/resources.go | 4 +-
resources/traits.yaml | 38 ++++++++++-
script/gen_doc.sh | 3 +-
11 files changed, 297 insertions(+), 5 deletions(-)
diff --git a/addons/register_azure_key_vault.go
b/addons/register_azure_key_vault.go
new file mode 100644
index 000000000..ab0ccca8c
--- /dev/null
+++ b/addons/register_azure_key_vault.go
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package addons
+
+import (
+ "github.com/apache/camel-k/addons/vault/azure"
+ "github.com/apache/camel-k/pkg/trait"
+)
+
+func init() {
+ trait.AddToTraits(azure.NewAzureKeyVaultTrait)
+}
diff --git a/addons/vault/azure/azure_key_vault.go
b/addons/vault/azure/azure_key_vault.go
new file mode 100644
index 000000000..337ab1df6
--- /dev/null
+++ b/addons/vault/azure/azure_key_vault.go
@@ -0,0 +1,91 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package azure
+
+import (
+ v1 "github.com/apache/camel-k/pkg/apis/camel/v1"
+ traitv1 "github.com/apache/camel-k/pkg/apis/camel/v1/trait"
+ "github.com/apache/camel-k/pkg/trait"
+ "github.com/apache/camel-k/pkg/util"
+ "k8s.io/utils/pointer"
+)
+
+// The Azure Key Vault trait can be used to use secrets from Azure Key Vault
service
+//
+// The Azure Key Vault trait is disabled by default.
+//
+// For more information about how to use secrets from Azure Key Vault
component take a look at the components docs:
xref:components::azure-key-vault-component.adoc[Azure Key Vault component]
+//
+// A sample execution of this trait, would require
+// the following trait options:
+// -t azure-key-vault.enabled=true -t azure-key-vault.tenant-id="tenant-id" -t
azure-key-vault.client-id="client-id" -t
azure-key-vault.client-secret="client-secret" -t
azure-key-vault.vault-name="vault-name"
+//
+// +camel-k:trait=azure-key-vault
+type Trait struct {
+ traitv1.Trait `property:",squash"`
+ // Enables automatic configuration of the trait.
+ Auto *bool `property:"auto" json:"auto,omitempty"`
+ // The Azure Tenant Id for accessing Key Vault
+ TenantID string `property:"tenant-id,omitempty"`
+ // The Azure Client Id for accessing Key Vault
+ ClientID string `property:"client-id,omitempty"`
+ // The Azure Client Secret for accessing Key Vault
+ ClientSecret string `property:"client-secret,omitempty"`
+ // The Azure Vault Name for accessing Key Vault
+ VaultName string `property:"vault-name,omitempty"`
+}
+
+type azureKeyVaultTrait struct {
+ trait.BaseTrait
+ Trait `property:",squash"`
+}
+
+func NewAzureKeyVaultTrait() trait.Trait {
+ return &azureKeyVaultTrait{
+ BaseTrait: trait.NewBaseTrait("azure-key-vault",
trait.TraitOrderBeforeControllerCreation),
+ }
+}
+
+func (t *azureKeyVaultTrait) Configure(environment *trait.Environment) (bool,
error) {
+ if !pointer.BoolDeref(t.Enabled, false) {
+ return false, nil
+ }
+
+ if !environment.IntegrationInPhase(v1.IntegrationPhaseInitialization)
&& !environment.IntegrationInRunningPhases() {
+ return false, nil
+ }
+
+ return true, nil
+}
+
+func (t *azureKeyVaultTrait) Apply(environment *trait.Environment) error {
+ if environment.IntegrationInPhase(v1.IntegrationPhaseInitialization) {
+
util.StringSliceUniqueAdd(&environment.Integration.Status.Capabilities,
v1.CapabilityAzureKeyVault)
+ // Add the Camel Quarkus Azure Key Vault dependency
+
util.StringSliceUniqueAdd(&environment.Integration.Status.Dependencies,
"mvn:org.apache.camel.quarkus:camel-quarkus-azure-key-vault")
+ }
+
+ if environment.IntegrationInRunningPhases() {
+ environment.ApplicationProperties["camel.vault.azure.tenantId"]
= t.TenantID
+ environment.ApplicationProperties["camel.vault.azure.clientId"]
= t.ClientID
+
environment.ApplicationProperties["camel.vault.azure.clientSecret"] =
t.ClientSecret
+
environment.ApplicationProperties["camel.vault.azure.vaultName"] = t.VaultName
+ }
+
+ return nil
+}
diff --git a/addons/vault/azure/azure_key_vault_test.go
b/addons/vault/azure/azure_key_vault_test.go
new file mode 100644
index 000000000..b074d5589
--- /dev/null
+++ b/addons/vault/azure/azure_key_vault_test.go
@@ -0,0 +1,76 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package azure
+
+import (
+ "testing"
+
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/utils/pointer"
+
+ v1 "github.com/apache/camel-k/pkg/apis/camel/v1"
+ "github.com/apache/camel-k/pkg/trait"
+ "github.com/apache/camel-k/pkg/util/camel"
+
+ "github.com/stretchr/testify/assert"
+)
+
+func TestAzureKeyVaultTraitApply(t *testing.T) {
+ e := createEnvironment(t, camel.QuarkusCatalog)
+ azure := NewAzureKeyVaultTrait()
+ secrets, _ := azure.(*azureKeyVaultTrait)
+ secrets.Enabled = pointer.Bool(true)
+ secrets.TenantID = "tenant-id"
+ secrets.ClientID = "client-id"
+ secrets.ClientSecret = "secret"
+ secrets.VaultName = "my-vault"
+ ok, err := secrets.Configure(e)
+ assert.Nil(t, err)
+ assert.True(t, ok)
+
+ err = secrets.Apply(e)
+ assert.Nil(t, err)
+
+ assert.Equal(t, "client-id",
e.ApplicationProperties["camel.vault.azure.clientId"])
+ assert.Equal(t, "secret",
e.ApplicationProperties["camel.vault.azure.clientSecret"])
+ assert.Equal(t, "tenant-id",
e.ApplicationProperties["camel.vault.azure.tenantId"])
+ assert.Equal(t, "my-vault",
e.ApplicationProperties["camel.vault.azure.vaultName"])
+}
+
+func createEnvironment(t *testing.T, catalogGen func() (*camel.RuntimeCatalog,
error)) *trait.Environment {
+ t.Helper()
+
+ catalog, err := catalogGen()
+ assert.Nil(t, err)
+
+ e := trait.Environment{
+ CamelCatalog: catalog,
+ ApplicationProperties: make(map[string]string),
+ }
+
+ it := v1.Integration{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "test",
+ },
+ Status: v1.IntegrationStatus{
+ Phase: v1.IntegrationPhaseDeploying,
+ },
+ }
+ e.Integration = &it
+ return &e
+}
diff --git a/addons/vault/azure/zz_desc_generated.go
b/addons/vault/azure/zz_desc_generated.go
new file mode 100644
index 000000000..6512f735e
--- /dev/null
+++ b/addons/vault/azure/zz_desc_generated.go
@@ -0,0 +1 @@
+package azure
diff --git a/addons/vault/azure/zz_generated_doc.go
b/addons/vault/azure/zz_generated_doc.go
new file mode 100644
index 000000000..6512f735e
--- /dev/null
+++ b/addons/vault/azure/zz_generated_doc.go
@@ -0,0 +1 @@
+package azure
diff --git a/docs/modules/ROOT/nav.adoc b/docs/modules/ROOT/nav.adoc
index 51c8c2987..aaca319ec 100644
--- a/docs/modules/ROOT/nav.adoc
+++ b/docs/modules/ROOT/nav.adoc
@@ -53,6 +53,7 @@
** xref:traits:3scale.adoc[3scale]
** xref:traits:affinity.adoc[Affinity]
** xref:traits:aws-secrets-manager.adoc[Aws Secrets Manager]
+** xref:traits:azure-key-vault.adoc[Azure Key Vault]
** xref:traits:builder.adoc[Builder]
** xref:traits:camel.adoc[Camel]
** xref:traits:container.adoc[Container]
diff --git a/docs/modules/traits/pages/azure-key-vault.adoc
b/docs/modules/traits/pages/azure-key-vault.adoc
new file mode 100644
index 000000000..cef504219
--- /dev/null
+++ b/docs/modules/traits/pages/azure-key-vault.adoc
@@ -0,0 +1,58 @@
+= Azure Key Vault Trait
+
+// Start of autogenerated code - DO NOT EDIT! (description)
+The Azure Key Vault trait can be used to use secrets from Azure Key Vault
service
+
+The Azure Key Vault trait is disabled by default.
+
+For more information about how to use secrets from Azure Key Vault component
take a look at the components docs:
xref:components::azure-key-vault-component.adoc[Azure Key Vault component]
+
+A sample execution of this trait, would require
+the following trait options:
+-t azure-key-vault.enabled=true -t azure-key-vault.tenant-id="tenant-id" -t
azure-key-vault.client-id="client-id" -t
azure-key-vault.client-secret="client-secret" -t
azure-key-vault.vault-name="vault-name"
+
+
+This trait is available in the following profiles: **Kubernetes, Knative,
OpenShift**.
+
+// End of autogenerated code - DO NOT EDIT! (description)
+// Start of autogenerated code - DO NOT EDIT! (configuration)
+== Configuration
+
+Trait properties can be specified when running any integration with the CLI:
+[source,console]
+----
+$ kamel run --trait azure-key-vault.[key]=[value] --trait
azure-key-vault.[key2]=[value2] integration.groovy
+----
+The following configuration options are available:
+
+[cols="2m,1m,5a"]
+|===
+|Property | Type | Description
+
+| azure-key-vault.enabled
+| bool
+| Can be used to enable or disable a trait. All traits share this common
property.
+
+| azure-key-vault.auto
+| bool
+| Enables automatic configuration of the trait.
+
+| azure-key-vault.tenant-id,omitempty
+| string
+| The Azure Tenant Id for accessing Key Vault
+
+| azure-key-vault.client-id,omitempty
+| string
+| The Azure Client Id for accessing Key Vault
+
+| azure-key-vault.client-secret,omitempty
+| string
+| The Azure Client Secret for accessing Key Vault
+
+| azure-key-vault.vault-name,omitempty
+| string
+| The Azure Vault Name for accessing Key Vault
+
+|===
+
+// End of autogenerated code - DO NOT EDIT! (configuration)
diff --git a/pkg/apis/camel/v1/common_types.go
b/pkg/apis/camel/v1/common_types.go
index 6b141a221..d24d8c45f 100644
--- a/pkg/apis/camel/v1/common_types.go
+++ b/pkg/apis/camel/v1/common_types.go
@@ -310,6 +310,8 @@ const (
CapabilityAwsSecretsManager = "aws-secrets-manager"
// CapabilityGcpSecretManager defines the gcp secret manager capability
CapabilityGcpSecretManager = "gcp-secret-manager"
+ // CapabilityGcpSecretManager defines the azure key vault capability
+ CapabilityAzureKeyVault = "azure-key-vault"
)
// +kubebuilder:object:generate=false
diff --git a/pkg/resources/resources.go b/pkg/resources/resources.go
index c938b7362..2a9937a0b 100644
--- a/pkg/resources/resources.go
+++ b/pkg/resources/resources.go
@@ -611,9 +611,9 @@ var assets = func() http.FileSystem {
"/traits.yaml": &vfsgen۰CompressedFileInfo{
name: "traits.yaml",
modTime: time.Time{},
- uncompressedSize: 55879,
+ uncompressedSize: 57316,
- compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xec\xbd\x7b\x73\x1c\x37\x92\x20\xfe\xbf\x3f\x05\x82\xfb\xdb\x20\xa9\xe8\x6e\xd2\x9e\xf5\xac\x7f\xbc\xd3\xce\xd1\x92\xec\xa1\xad\x07\x4f\xa4\x3d\x3b\xa1\x53\x4c\xa3\xab\xd0\xdd\x50\x57\x01\x35\x00\x8a\x54\xfb\xf6\xbe\xfb\x05\x32\x13\x8f\xaa\xae\x66\x37\x25\xd1\x37\xbc\xbd\x9d\x88\xb5\x48\x16\x80\x44\x22\x91\xc8\x77\x3a\xc3\xa5\xb3\x67\x5f\x8d\x99\xe2\xb5\x38\x63\x7f\xb0\x05\xaf\xc4\x57\x8c\x35\x15\x77\x73\x6d\xea\x33\x
[...]
+ compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xec\x7d\xfd\x73\x1b\xb9\xb1\xe0\xef\xfb\x57\xa0\xf4\xee\x95\x24\x17\x49\xc9\x9b\x6c\xb2\x4f\x77\x7e\x39\xad\xed\xdd\x68\xd7\x1f\x3a\x4b\xbb\x79\x29\x9f\x2b\x04\x67\x40\x12\xe6\x10\x98\x00\x18\xca\xdc\x7b\xf7\xbf\x5f\xa1\xbb\xf1\x31\xc3\xa1\x48\xc9\xd6\x5e\x74\xb9\x6c\x55\x2c\x92\x33\x40\xa3\xd1\x68\xf4\x77\x3b\xc3\xa5\xb3\x67\x5f\x0d\x99\xe2\x4b\x71\xc6\x7e\x67\x0b\x5e\x89\xaf\x18\xab\x2b\xee\xa6\xda\x2c\xcf\xd8\x94\x
[...]
},
}
fs["/"].(*vfsgen۰DirInfo).entries = []os.FileInfo{
diff --git a/resources/traits.yaml b/resources/traits.yaml
index 812ff3475..b72bb0a3e 100755
--- a/resources/traits.yaml
+++ b/resources/traits.yaml
@@ -97,8 +97,42 @@ traits:
description: The AWS Region to use
- name: use-default-credentials-provider,omitempty
type: bool
- description: 'The adapter-specific policy to use when filling the cache
(use:
- minimizing / maximizing). Check the component documentation if unsure'
+ description: Define if we want to use the Default Credentials Provider
chain as
+ authentication method
+- name: azure-key-vault
+ platform: false
+ profiles:
+ - Kubernetes
+ - Knative
+ - OpenShift
+ description: 'The Azure Key Vault trait can be used to use secrets from
Azure Key
+ Vault service The Azure Key Vault trait is disabled by default. For more
information
+ about how to use secrets from Azure Key Vault component take a look at the
components
+ docs: xref:components::azure-key-vault-component.adoc[Azure Key Vault
component]
+ A sample execution of this trait, would require the following trait
options: -t
+ azure-key-vault.enabled=true -t azure-key-vault.tenant-id="tenant-id" -t
azure-key-vault.client-id="client-id"
+ -t azure-key-vault.client-secret="client-secret" -t
azure-key-vault.vault-name="vault-name"'
+ properties:
+ - name: enabled
+ type: bool
+ description: Can be used to enable or disable a trait. All traits share
this common
+ property.
+ - name: auto
+ type: bool
+ description: Enables automatic configuration of the trait.
+ - name: tenant-id,omitempty
+ type: string
+ description: The Azure Tenant Id for accessing Key Vault
+ - name: client-id,omitempty
+ type: string
+ description: The Azure Client Id for accessing Key Vault
+ - name: client-secret,omitempty
+ type: string
+ description: The Azure Client Secret for accessing Key Vault
+ - name: vault-name,omitempty
+ type: string
+ description: The Azure Vault Name for accessing Key Vault
+>>>>>>> 19075447 (Added Support for Azure Key Vault addon)
- name: builder
platform: true
profiles:
diff --git a/script/gen_doc.sh b/script/gen_doc.sh
index 319b37046..af5550546 100755
--- a/script/gen_doc.sh
+++ b/script/gen_doc.sh
@@ -31,5 +31,6 @@ go run ./cmd/util/doc-gen \
--input-dirs github.com/apache/camel-k/addons/threescale \
--input-dirs github.com/apache/camel-k/addons/tracing \
--input-dirs github.com/apache/camel-k/addons/vault/aws \
- --input-dirs github.com/apache/camel-k/addons/vault/gcp
+ --input-dirs github.com/apache/camel-k/addons/vault/gcp \
+ --input-dirs github.com/apache/camel-k/addons/vault/azure
echo "Generating traits documentation... done!"
