This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 9c35b9e5494 CAMEL-20220 - Camel Azure Key Vault: Support Azure
Identity in the component and secrets function (#12422)
9c35b9e5494 is described below
commit 9c35b9e549490cc2c58dc176867255da1d922c50
Author: Andrea Cosentino <[email protected]>
AuthorDate: Tue Dec 12 12:58:47 2023 +0100
CAMEL-20220 - Camel Azure Key Vault: Support Azure Identity in the
component and secrets function (#12422)
Signed-off-by: Andrea Cosentino <[email protected]>
---
.../camel/catalog/components/azure-key-vault.json | 13 ++++----
.../main/camel-main-configuration-metadata.json | 1 +
.../key/vault/KeyVaultEndpointConfigurer.java | 6 ++++
.../key/vault/KeyVaultEndpointUriFactory.java | 3 +-
.../component/azure/key/vault/azure-key-vault.json | 13 ++++----
.../component/azure/key/vault/CredentialType.java | 35 ++++++++++++++++++++++
.../azure/key/vault/KeyVaultConfiguration.java | 18 +++++++++++
.../azure/key/vault/KeyVaultEndpoint.java | 17 +++++++----
.../key/vault/KeyVaultPropertiesFunction.java | 25 ++++++++++++++--
.../camel/vault/AzureVaultConfiguration.java | 13 ++++++++
.../main/AzureVaultConfigurationConfigurer.java | 6 ++++
...zureVaultConfigurationPropertiesConfigurer.java | 6 ++++
.../camel-main-configuration-metadata.json | 1 +
core/camel-main/src/main/docs/main.adoc | 3 +-
.../main/AzureVaultConfigurationProperties.java | 8 +++++
.../java/org/apache/camel/main/MainVaultTest.java | 2 ++
16 files changed, 148 insertions(+), 22 deletions(-)
diff --git
a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/azure-key-vault.json
b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/azure-key-vault.json
index f7cb32df0fa..6acab7018d6 100644
---
a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/azure-key-vault.json
+++
b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/azure-key-vault.json
@@ -31,11 +31,12 @@
},
"properties": {
"vaultName": { "index": 0, "kind": "path", "displayName": "Vault Name",
"group": "producer", "label": "", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": false, "configurationClass":
"org.apache.camel.component.azure.key.vault.KeyVaultConfiguration",
"configurationField": "configuration", "description": "Vault Name to be used" },
- "operation": { "index": 1, "kind": "parameter", "displayName":
"Operation", "group": "producer", "label": "producer", "required": false,
"type": "object", "javaType":
"org.apache.camel.component.azure.key.vault.KeyVaultOperation", "enum": [
"createSecret", "getSecret", "deleteSecret", "purgeDeletedSecret" ],
"deprecated": false, "autowired": false, "secret": false, "configurationClass":
"org.apache.camel.component.azure.key.vault.KeyVaultConfiguration",
"configurationField": "configu [...]
- "secretClient": { "index": 2, "kind": "parameter", "displayName": "Secret
Client", "group": "producer", "label": "", "required": false, "type": "object",
"javaType": "com.azure.security.keyvault.secrets.SecretClient", "deprecated":
false, "deprecationNote": "", "autowired": true, "secret": false,
"configurationClass":
"org.apache.camel.component.azure.key.vault.KeyVaultConfiguration",
"configurationField": "configuration", "description": "Instance of Secret
client" },
- "lazyStartProducer": { "index": 3, "kind": "parameter", "displayName":
"Lazy Start Producer", "group": "producer (advanced)", "label":
"producer,advanced", "required": false, "type": "boolean", "javaType":
"boolean", "deprecated": false, "autowired": false, "secret": false,
"defaultValue": false, "description": "Whether the producer should be started
lazy (on the first message). By starting lazy you can use this to allow
CamelContext and routes to startup in situations where a produc [...]
- "clientId": { "index": 4, "kind": "parameter", "displayName": "Client Id",
"group": "security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "configurationClass":
"org.apache.camel.component.azure.key.vault.KeyVaultConfiguration",
"configurationField": "configuration", "description": "Client Id to be used" },
- "clientSecret": { "index": 5, "kind": "parameter", "displayName": "Client
Secret", "group": "security", "label": "security", "required": false, "type":
"string", "javaType": "java.lang.String", "deprecated": false, "autowired":
false, "secret": true, "configurationClass":
"org.apache.camel.component.azure.key.vault.KeyVaultConfiguration",
"configurationField": "configuration", "description": "Client Secret to be
used" },
- "tenantId": { "index": 6, "kind": "parameter", "displayName": "Tenant Id",
"group": "security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "configurationClass":
"org.apache.camel.component.azure.key.vault.KeyVaultConfiguration",
"configurationField": "configuration", "description": "Tenant Id to be used" }
+ "credentialType": { "index": 1, "kind": "parameter", "displayName":
"Credential Type", "group": "common", "label": "common", "required": false,
"type": "object", "javaType":
"org.apache.camel.component.azure.key.vault.CredentialType", "enum": [
"CLIENT_SECRET", "AZURE_IDENTITY" ], "deprecated": false, "autowired": false,
"secret": false, "defaultValue": "CLIENT_SECRET", "configurationClass":
"org.apache.camel.component.azure.key.vault.KeyVaultConfiguration",
"configurationField": "co [...]
+ "operation": { "index": 2, "kind": "parameter", "displayName":
"Operation", "group": "producer", "label": "producer", "required": false,
"type": "object", "javaType":
"org.apache.camel.component.azure.key.vault.KeyVaultOperation", "enum": [
"createSecret", "getSecret", "deleteSecret", "purgeDeletedSecret" ],
"deprecated": false, "autowired": false, "secret": false, "configurationClass":
"org.apache.camel.component.azure.key.vault.KeyVaultConfiguration",
"configurationField": "configu [...]
+ "secretClient": { "index": 3, "kind": "parameter", "displayName": "Secret
Client", "group": "producer", "label": "", "required": false, "type": "object",
"javaType": "com.azure.security.keyvault.secrets.SecretClient", "deprecated":
false, "deprecationNote": "", "autowired": true, "secret": false,
"configurationClass":
"org.apache.camel.component.azure.key.vault.KeyVaultConfiguration",
"configurationField": "configuration", "description": "Instance of Secret
client" },
+ "lazyStartProducer": { "index": 4, "kind": "parameter", "displayName":
"Lazy Start Producer", "group": "producer (advanced)", "label":
"producer,advanced", "required": false, "type": "boolean", "javaType":
"boolean", "deprecated": false, "autowired": false, "secret": false,
"defaultValue": false, "description": "Whether the producer should be started
lazy (on the first message). By starting lazy you can use this to allow
CamelContext and routes to startup in situations where a produc [...]
+ "clientId": { "index": 5, "kind": "parameter", "displayName": "Client Id",
"group": "security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "configurationClass":
"org.apache.camel.component.azure.key.vault.KeyVaultConfiguration",
"configurationField": "configuration", "description": "Client Id to be used" },
+ "clientSecret": { "index": 6, "kind": "parameter", "displayName": "Client
Secret", "group": "security", "label": "security", "required": false, "type":
"string", "javaType": "java.lang.String", "deprecated": false, "autowired":
false, "secret": true, "configurationClass":
"org.apache.camel.component.azure.key.vault.KeyVaultConfiguration",
"configurationField": "configuration", "description": "Client Secret to be
used" },
+ "tenantId": { "index": 7, "kind": "parameter", "displayName": "Tenant Id",
"group": "security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "configurationClass":
"org.apache.camel.component.azure.key.vault.KeyVaultConfiguration",
"configurationField": "configuration", "description": "Tenant Id to be used" }
}
}
diff --git
a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/main/camel-main-configuration-metadata.json
b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/main/camel-main-configuration-metadata.json
index 72f4180cad8..5577ce62cb1 100644
---
a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/main/camel-main-configuration-metadata.json
+++
b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/main/camel-main-configuration-metadata.json
@@ -276,6 +276,7 @@
{ "name": "camel.vault.aws.region", "description": "The AWS region",
"sourceType": "org.apache.camel.vault.AwsVaultConfiguration", "type": "string",
"javaType": "java.lang.String" },
{ "name": "camel.vault.aws.secretKey", "description": "The AWS secret
key", "sourceType": "org.apache.camel.vault.AwsVaultConfiguration", "type":
"string", "javaType": "java.lang.String" },
{ "name": "camel.vault.aws.secrets", "description": "Specify the secret
names (or pattern) to check for updates. Multiple secrets can be separated by
comma.", "sourceType": "org.apache.camel.vault.AwsVaultConfiguration", "type":
"string", "javaType": "java.lang.String" },
+ { "name": "camel.vault.azure.azureIdentityEnabled", "description":
"Whether the Azure Identity Authentication should be used or not.",
"sourceType": "org.apache.camel.vault.AzureVaultConfiguration", "type":
"boolean", "javaType": "boolean", "defaultValue": "false" },
{ "name": "camel.vault.azure.blobAccessKey", "description": "The Eventhubs
Blob Access Key for CheckpointStore purpose", "sourceType":
"org.apache.camel.vault.AzureVaultConfiguration", "type": "string", "javaType":
"java.lang.String" },
{ "name": "camel.vault.azure.blobAccountName", "description": "The
Eventhubs Blob Account Name for CheckpointStore purpose", "sourceType":
"org.apache.camel.vault.AzureVaultConfiguration", "type": "string", "javaType":
"java.lang.String" },
{ "name": "camel.vault.azure.blobContainerName", "description": "The
Eventhubs Blob Container Name for CheckpointStore purpose", "sourceType":
"org.apache.camel.vault.AzureVaultConfiguration", "type": "string", "javaType":
"java.lang.String" },
diff --git
a/components/camel-azure/camel-azure-key-vault/src/generated/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpointConfigurer.java
b/components/camel-azure/camel-azure-key-vault/src/generated/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpointConfigurer.java
index a36c1210bd5..372ecd3a4fb 100644
---
a/components/camel-azure/camel-azure-key-vault/src/generated/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpointConfigurer.java
+++
b/components/camel-azure/camel-azure-key-vault/src/generated/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpointConfigurer.java
@@ -25,6 +25,8 @@ public class KeyVaultEndpointConfigurer extends
PropertyConfigurerSupport implem
case "clientId":
target.getConfiguration().setClientId(property(camelContext,
java.lang.String.class, value)); return true;
case "clientsecret":
case "clientSecret":
target.getConfiguration().setClientSecret(property(camelContext,
java.lang.String.class, value)); return true;
+ case "credentialtype":
+ case "credentialType":
target.getConfiguration().setCredentialType(property(camelContext,
org.apache.camel.component.azure.key.vault.CredentialType.class, value));
return true;
case "lazystartproducer":
case "lazyStartProducer":
target.setLazyStartProducer(property(camelContext, boolean.class, value));
return true;
case "operation":
target.getConfiguration().setOperation(property(camelContext,
org.apache.camel.component.azure.key.vault.KeyVaultOperation.class, value));
return true;
@@ -48,6 +50,8 @@ public class KeyVaultEndpointConfigurer extends
PropertyConfigurerSupport implem
case "clientId": return java.lang.String.class;
case "clientsecret":
case "clientSecret": return java.lang.String.class;
+ case "credentialtype":
+ case "credentialType": return
org.apache.camel.component.azure.key.vault.CredentialType.class;
case "lazystartproducer":
case "lazyStartProducer": return boolean.class;
case "operation": return
org.apache.camel.component.azure.key.vault.KeyVaultOperation.class;
@@ -67,6 +71,8 @@ public class KeyVaultEndpointConfigurer extends
PropertyConfigurerSupport implem
case "clientId": return target.getConfiguration().getClientId();
case "clientsecret":
case "clientSecret": return
target.getConfiguration().getClientSecret();
+ case "credentialtype":
+ case "credentialType": return
target.getConfiguration().getCredentialType();
case "lazystartproducer":
case "lazyStartProducer": return target.isLazyStartProducer();
case "operation": return target.getConfiguration().getOperation();
diff --git
a/components/camel-azure/camel-azure-key-vault/src/generated/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpointUriFactory.java
b/components/camel-azure/camel-azure-key-vault/src/generated/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpointUriFactory.java
index af6be600796..bc03fdbffa0 100644
---
a/components/camel-azure/camel-azure-key-vault/src/generated/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpointUriFactory.java
+++
b/components/camel-azure/camel-azure-key-vault/src/generated/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpointUriFactory.java
@@ -21,9 +21,10 @@ public class KeyVaultEndpointUriFactory extends
org.apache.camel.support.compone
private static final Set<String> SECRET_PROPERTY_NAMES;
private static final Set<String> MULTI_VALUE_PREFIXES;
static {
- Set<String> props = new HashSet<>(7);
+ Set<String> props = new HashSet<>(8);
props.add("clientId");
props.add("clientSecret");
+ props.add("credentialType");
props.add("lazyStartProducer");
props.add("operation");
props.add("secretClient");
diff --git
a/components/camel-azure/camel-azure-key-vault/src/generated/resources/org/apache/camel/component/azure/key/vault/azure-key-vault.json
b/components/camel-azure/camel-azure-key-vault/src/generated/resources/org/apache/camel/component/azure/key/vault/azure-key-vault.json
index f7cb32df0fa..6acab7018d6 100644
---
a/components/camel-azure/camel-azure-key-vault/src/generated/resources/org/apache/camel/component/azure/key/vault/azure-key-vault.json
+++
b/components/camel-azure/camel-azure-key-vault/src/generated/resources/org/apache/camel/component/azure/key/vault/azure-key-vault.json
@@ -31,11 +31,12 @@
},
"properties": {
"vaultName": { "index": 0, "kind": "path", "displayName": "Vault Name",
"group": "producer", "label": "", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": false, "configurationClass":
"org.apache.camel.component.azure.key.vault.KeyVaultConfiguration",
"configurationField": "configuration", "description": "Vault Name to be used" },
- "operation": { "index": 1, "kind": "parameter", "displayName":
"Operation", "group": "producer", "label": "producer", "required": false,
"type": "object", "javaType":
"org.apache.camel.component.azure.key.vault.KeyVaultOperation", "enum": [
"createSecret", "getSecret", "deleteSecret", "purgeDeletedSecret" ],
"deprecated": false, "autowired": false, "secret": false, "configurationClass":
"org.apache.camel.component.azure.key.vault.KeyVaultConfiguration",
"configurationField": "configu [...]
- "secretClient": { "index": 2, "kind": "parameter", "displayName": "Secret
Client", "group": "producer", "label": "", "required": false, "type": "object",
"javaType": "com.azure.security.keyvault.secrets.SecretClient", "deprecated":
false, "deprecationNote": "", "autowired": true, "secret": false,
"configurationClass":
"org.apache.camel.component.azure.key.vault.KeyVaultConfiguration",
"configurationField": "configuration", "description": "Instance of Secret
client" },
- "lazyStartProducer": { "index": 3, "kind": "parameter", "displayName":
"Lazy Start Producer", "group": "producer (advanced)", "label":
"producer,advanced", "required": false, "type": "boolean", "javaType":
"boolean", "deprecated": false, "autowired": false, "secret": false,
"defaultValue": false, "description": "Whether the producer should be started
lazy (on the first message). By starting lazy you can use this to allow
CamelContext and routes to startup in situations where a produc [...]
- "clientId": { "index": 4, "kind": "parameter", "displayName": "Client Id",
"group": "security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "configurationClass":
"org.apache.camel.component.azure.key.vault.KeyVaultConfiguration",
"configurationField": "configuration", "description": "Client Id to be used" },
- "clientSecret": { "index": 5, "kind": "parameter", "displayName": "Client
Secret", "group": "security", "label": "security", "required": false, "type":
"string", "javaType": "java.lang.String", "deprecated": false, "autowired":
false, "secret": true, "configurationClass":
"org.apache.camel.component.azure.key.vault.KeyVaultConfiguration",
"configurationField": "configuration", "description": "Client Secret to be
used" },
- "tenantId": { "index": 6, "kind": "parameter", "displayName": "Tenant Id",
"group": "security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "configurationClass":
"org.apache.camel.component.azure.key.vault.KeyVaultConfiguration",
"configurationField": "configuration", "description": "Tenant Id to be used" }
+ "credentialType": { "index": 1, "kind": "parameter", "displayName":
"Credential Type", "group": "common", "label": "common", "required": false,
"type": "object", "javaType":
"org.apache.camel.component.azure.key.vault.CredentialType", "enum": [
"CLIENT_SECRET", "AZURE_IDENTITY" ], "deprecated": false, "autowired": false,
"secret": false, "defaultValue": "CLIENT_SECRET", "configurationClass":
"org.apache.camel.component.azure.key.vault.KeyVaultConfiguration",
"configurationField": "co [...]
+ "operation": { "index": 2, "kind": "parameter", "displayName":
"Operation", "group": "producer", "label": "producer", "required": false,
"type": "object", "javaType":
"org.apache.camel.component.azure.key.vault.KeyVaultOperation", "enum": [
"createSecret", "getSecret", "deleteSecret", "purgeDeletedSecret" ],
"deprecated": false, "autowired": false, "secret": false, "configurationClass":
"org.apache.camel.component.azure.key.vault.KeyVaultConfiguration",
"configurationField": "configu [...]
+ "secretClient": { "index": 3, "kind": "parameter", "displayName": "Secret
Client", "group": "producer", "label": "", "required": false, "type": "object",
"javaType": "com.azure.security.keyvault.secrets.SecretClient", "deprecated":
false, "deprecationNote": "", "autowired": true, "secret": false,
"configurationClass":
"org.apache.camel.component.azure.key.vault.KeyVaultConfiguration",
"configurationField": "configuration", "description": "Instance of Secret
client" },
+ "lazyStartProducer": { "index": 4, "kind": "parameter", "displayName":
"Lazy Start Producer", "group": "producer (advanced)", "label":
"producer,advanced", "required": false, "type": "boolean", "javaType":
"boolean", "deprecated": false, "autowired": false, "secret": false,
"defaultValue": false, "description": "Whether the producer should be started
lazy (on the first message). By starting lazy you can use this to allow
CamelContext and routes to startup in situations where a produc [...]
+ "clientId": { "index": 5, "kind": "parameter", "displayName": "Client Id",
"group": "security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "configurationClass":
"org.apache.camel.component.azure.key.vault.KeyVaultConfiguration",
"configurationField": "configuration", "description": "Client Id to be used" },
+ "clientSecret": { "index": 6, "kind": "parameter", "displayName": "Client
Secret", "group": "security", "label": "security", "required": false, "type":
"string", "javaType": "java.lang.String", "deprecated": false, "autowired":
false, "secret": true, "configurationClass":
"org.apache.camel.component.azure.key.vault.KeyVaultConfiguration",
"configurationField": "configuration", "description": "Client Secret to be
used" },
+ "tenantId": { "index": 7, "kind": "parameter", "displayName": "Tenant Id",
"group": "security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "configurationClass":
"org.apache.camel.component.azure.key.vault.KeyVaultConfiguration",
"configurationField": "configuration", "description": "Tenant Id to be used" }
}
}
diff --git
a/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/CredentialType.java
b/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/CredentialType.java
new file mode 100644
index 00000000000..8c8b294a98a
--- /dev/null
+++
b/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/CredentialType.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.azure.key.vault;
+
+public enum CredentialType {
+ /**
+ * Client Secret Credential
+ */
+ CLIENT_SECRET,
+ /**
+ * Includes:
+ * <uL>
+ * <li>Service principal with secret</li>
+ * <li>Service principal with certificate</li>
+ * <li>username and password</li>
+ * </uL>
+ *
+ * @see com.azure.identity.DefaultAzureCredentialBuilder
+ */
+ AZURE_IDENTITY
+}
diff --git
a/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultConfiguration.java
b/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultConfiguration.java
index a92ef9e767f..2e3fb12b957 100644
---
a/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultConfiguration.java
+++
b/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultConfiguration.java
@@ -23,6 +23,9 @@ import org.apache.camel.spi.UriParam;
import org.apache.camel.spi.UriParams;
import org.apache.camel.spi.UriPath;
+import static
org.apache.camel.component.azure.key.vault.CredentialType.AZURE_IDENTITY;
+import static
org.apache.camel.component.azure.key.vault.CredentialType.CLIENT_SECRET;
+
@UriParams
public class KeyVaultConfiguration implements Cloneable {
@@ -39,6 +42,9 @@ public class KeyVaultConfiguration implements Cloneable {
private String tenantId;
@UriParam(label = "producer")
private KeyVaultOperation operation = KeyVaultOperation.createSecret;
+ @UriParam(label = "common", enums = "CLIENT_SECRET,AZURE_IDENTITY",
+ defaultValue = "CLIENT_SECRET")
+ private CredentialType credentialType = CLIENT_SECRET;
/**
* Instance of Secret client
@@ -106,6 +112,18 @@ public class KeyVaultConfiguration implements Cloneable {
this.operation = operation;
}
+
+ public CredentialType getCredentialType() {
+ return credentialType;
+ }
+
+ /**
+ * Determines the credential strategy to adopt
+ */
+ public void setCredentialType(CredentialType credentialType) {
+ this.credentialType = credentialType;
+ }
+
// *************************************************
//
// *************************************************
diff --git
a/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpoint.java
b/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpoint.java
index 0840244dc4c..17bdcbca647 100644
---
a/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpoint.java
+++
b/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpoint.java
@@ -16,8 +16,10 @@
*/
package org.apache.camel.component.azure.key.vault;
+import com.azure.core.credential.TokenCredential;
import com.azure.identity.ClientSecretCredential;
import com.azure.identity.ClientSecretCredentialBuilder;
+import com.azure.identity.DefaultAzureCredentialBuilder;
import com.azure.security.keyvault.secrets.SecretClient;
import com.azure.security.keyvault.secrets.SecretClientBuilder;
import org.apache.camel.Category;
@@ -61,12 +63,17 @@ public class KeyVaultEndpoint extends DefaultEndpoint {
// Build key vault URI
String keyVaultUri = "https://"; + getConfiguration().getVaultName() +
".vault.azure.net";
+ TokenCredential credential = null;
// Credential
- ClientSecretCredential credential = new ClientSecretCredentialBuilder()
- .tenantId(getConfiguration().getTenantId())
- .clientId(getConfiguration().getClientId())
- .clientSecret(getConfiguration().getClientSecret())
- .build();
+ if
(configuration.getCredentialType().equals(CredentialType.CLIENT_SECRET)) {
+ credential = new ClientSecretCredentialBuilder()
+ .tenantId(getConfiguration().getTenantId())
+ .clientId(getConfiguration().getClientId())
+ .clientSecret(getConfiguration().getClientSecret())
+ .build();
+ } else if
(configuration.getCredentialType().equals(CredentialType.AZURE_IDENTITY)) {
+ credential = new DefaultAzureCredentialBuilder().build();
+ }
// Build Client
localClient = new SecretClientBuilder()
diff --git
a/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultPropertiesFunction.java
b/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultPropertiesFunction.java
index 35f71cd6ad1..ad758c560a2 100644
---
a/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultPropertiesFunction.java
+++
b/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultPropertiesFunction.java
@@ -19,9 +19,11 @@ package org.apache.camel.component.azure.key.vault;
import java.util.HashSet;
import java.util.Set;
+import com.azure.core.credential.TokenCredential;
import com.azure.core.exception.ResourceNotFoundException;
import com.azure.identity.ClientSecretCredential;
import com.azure.identity.ClientSecretCredentialBuilder;
+import com.azure.identity.DefaultAzureCredentialBuilder;
import com.azure.security.keyvault.secrets.SecretClient;
import com.azure.security.keyvault.secrets.SecretClientBuilder;
import com.azure.security.keyvault.secrets.models.KeyVaultSecret;
@@ -46,6 +48,7 @@ import org.apache.camel.vault.AzureVaultConfiguration;
* <li><tt>CAMEL_VAULT_AZURE_CLIENT_ID</tt></li>
* <li><tt>CAMEL_VAULT_AZURE_CLIENT_SECRET</tt></li>
* <li><tt>CAMEL_VAULT_AZURE_TENANT_ID</tt></li>
+ * <li><tt>CAMEL_VAULT_AZURE_IDENTITY_ENABLED</tt></li>
* </ul>
* <p/>
*
@@ -56,12 +59,13 @@ import org.apache.camel.vault.AzureVaultConfiguration;
* <li><tt>camel.vault.azure.clientId</tt></li>
* <li><tt>camel.vault.azure.clientSecret</tt></li>
* <li><tt>camel.vault.azure.tenantId</tt></li>
+ * <li><tt>camel.vault.azure.azureIdentityEnabled</tt></li>
* </ul>
* <p/>
*
* This implementation is to return the secret value associated with a key.
The properties related to this kind of
* Properties Function are all prefixed with <tt>azure:</tt>. For example
asking for <tt>azure:token</tt>, will return
- * the secret value associated to the secret named token on AWS Secrets
Manager.
+ * the secret value associated to the secret named token on Azure Key Vault.
*
* Another way of retrieving a secret value is using the following notation
<tt>azure:database/username</tt>: in this
* case the field username of the secret database will be returned. As a
fallback, the user could provide a default
@@ -78,6 +82,8 @@ public class KeyVaultPropertiesFunction extends
ServiceSupport implements Proper
private static final String CAMEL_VAULT_AZURE_CLIENT_ID =
"CAMEL_VAULT_AZURE_CLIENT_ID";
private static final String CAMEL_VAULT_AZURE_CLIENT_SECRET =
"CAMEL_VAULT_AZURE_CLIENT_SECRET";
private static final String CAMEL_VAULT_AZURE_TENANT_ID =
"CAMEL_VAULT_AZURE_TENANT_ID";
+
+ private static final String CAMEL_VAULT_AZURE_IDENTITY_ENABLED =
"CAMEL_VAULT_AZURE_IDENTITY_ENABLED";
private CamelContext camelContext;
private SecretClient client;
private final Set<String> secrets = new HashSet<>();
@@ -89,6 +95,7 @@ public class KeyVaultPropertiesFunction extends
ServiceSupport implements Proper
String clientId = System.getenv(CAMEL_VAULT_AZURE_CLIENT_ID);
String clientSecret = System.getenv(CAMEL_VAULT_AZURE_CLIENT_SECRET);
String tenantId = System.getenv(CAMEL_VAULT_AZURE_TENANT_ID);
+ boolean azureIdentityEnabled =
Boolean.parseBoolean(System.getenv(CAMEL_VAULT_AZURE_IDENTITY_ENABLED));
if (ObjectHelper.isEmpty(vaultName) && ObjectHelper.isEmpty(clientId)
&& ObjectHelper.isEmpty(clientSecret)
&& ObjectHelper.isEmpty(tenantId)) {
AzureVaultConfiguration azureVaultConfiguration =
getCamelContext().getVaultConfiguration().azure();
@@ -97,10 +104,11 @@ public class KeyVaultPropertiesFunction extends
ServiceSupport implements Proper
clientId = azureVaultConfiguration.getClientId();
clientSecret = azureVaultConfiguration.getClientSecret();
tenantId = azureVaultConfiguration.getTenantId();
+ azureIdentityEnabled =
azureVaultConfiguration.isAzureIdentityEnabled();
}
}
if (ObjectHelper.isNotEmpty(vaultName) &&
ObjectHelper.isNotEmpty(clientId) && ObjectHelper.isNotEmpty(clientSecret)
- && ObjectHelper.isNotEmpty(tenantId)) {
+ && ObjectHelper.isNotEmpty(tenantId) && !azureIdentityEnabled)
{
String keyVaultUri = "https://"; + vaultName + ".vault.azure.net";
// Credential
@@ -110,6 +118,17 @@ public class KeyVaultPropertiesFunction extends
ServiceSupport implements Proper
.clientSecret(clientSecret)
.build();
+ // Build Client
+ client = new SecretClientBuilder()
+ .vaultUrl(keyVaultUri)
+ .credential(credential)
+ .buildClient();
+ } else if (ObjectHelper.isNotEmpty(vaultName) && azureIdentityEnabled)
{
+ String keyVaultUri = "https://"; + vaultName + ".vault.azure.net";
+
+ // Credential
+ TokenCredential credential = new
DefaultAzureCredentialBuilder().build();
+
// Build Client
client = new SecretClientBuilder()
.vaultUrl(keyVaultUri)
@@ -117,7 +136,7 @@ public class KeyVaultPropertiesFunction extends
ServiceSupport implements Proper
.buildClient();
} else {
throw new RuntimeCamelException(
- "Using the Azure Key Vault Properties Function requires
setting Azure credentials as application properties or environment variables");
+ "Using the Azure Key Vault Properties Function requires
setting Azure credentials as application properties or environment variables or
enable the Azure Identity Authentication mechanism");
}
}
diff --git
a/core/camel-api/src/main/java/org/apache/camel/vault/AzureVaultConfiguration.java
b/core/camel-api/src/main/java/org/apache/camel/vault/AzureVaultConfiguration.java
index 5e1804c661b..64e70878154 100644
---
a/core/camel-api/src/main/java/org/apache/camel/vault/AzureVaultConfiguration.java
+++
b/core/camel-api/src/main/java/org/apache/camel/vault/AzureVaultConfiguration.java
@@ -32,6 +32,8 @@ public class AzureVaultConfiguration extends
VaultConfiguration {
@Metadata(secret = true)
private String tenantId;
@Metadata
+ private boolean azureIdentityEnabled;
+ @Metadata
private boolean refreshEnabled;
@Metadata(defaultValue = "30000")
private long refreshPeriod = 30000;
@@ -90,6 +92,17 @@ public class AzureVaultConfiguration extends
VaultConfiguration {
this.tenantId = tenantId;
}
+ public boolean isAzureIdentityEnabled() {
+ return azureIdentityEnabled;
+ }
+
+ /**
+ * Whether the Azure Identity Authentication should be used or not.
+ */
+ public void setAzureIdentityEnabled(boolean azureIdentityEnabled) {
+ this.azureIdentityEnabled = azureIdentityEnabled;
+ }
+
public boolean isRefreshEnabled() {
return refreshEnabled;
}
diff --git
a/core/camel-main/src/generated/java/org/apache/camel/main/AzureVaultConfigurationConfigurer.java
b/core/camel-main/src/generated/java/org/apache/camel/main/AzureVaultConfigurationConfigurer.java
index 9560719e584..ea4798b7450 100644
---
a/core/camel-main/src/generated/java/org/apache/camel/main/AzureVaultConfigurationConfigurer.java
+++
b/core/camel-main/src/generated/java/org/apache/camel/main/AzureVaultConfigurationConfigurer.java
@@ -23,6 +23,8 @@ public class AzureVaultConfigurationConfigurer extends
org.apache.camel.support.
switch (ignoreCase ? name.toLowerCase() : name) {
case "awsvaultconfiguration":
case "AwsVaultConfiguration":
target.setAwsVaultConfiguration(property(camelContext,
org.apache.camel.vault.AwsVaultConfiguration.class, value)); return true;
+ case "azureidentityenabled":
+ case "AzureIdentityEnabled":
target.setAzureIdentityEnabled(property(camelContext, boolean.class, value));
return true;
case "azurevaultconfiguration":
case "AzureVaultConfiguration":
target.setAzureVaultConfiguration(property(camelContext,
org.apache.camel.vault.AzureVaultConfiguration.class, value)); return true;
case "blobaccesskey":
@@ -60,6 +62,8 @@ public class AzureVaultConfigurationConfigurer extends
org.apache.camel.support.
switch (ignoreCase ? name.toLowerCase() : name) {
case "awsvaultconfiguration":
case "AwsVaultConfiguration": return
org.apache.camel.vault.AwsVaultConfiguration.class;
+ case "azureidentityenabled":
+ case "AzureIdentityEnabled": return boolean.class;
case "azurevaultconfiguration":
case "AzureVaultConfiguration": return
org.apache.camel.vault.AzureVaultConfiguration.class;
case "blobaccesskey":
@@ -98,6 +102,8 @@ public class AzureVaultConfigurationConfigurer extends
org.apache.camel.support.
switch (ignoreCase ? name.toLowerCase() : name) {
case "awsvaultconfiguration":
case "AwsVaultConfiguration": return target.getAwsVaultConfiguration();
+ case "azureidentityenabled":
+ case "AzureIdentityEnabled": return target.isAzureIdentityEnabled();
case "azurevaultconfiguration":
case "AzureVaultConfiguration": return
target.getAzureVaultConfiguration();
case "blobaccesskey":
diff --git
a/core/camel-main/src/generated/java/org/apache/camel/main/AzureVaultConfigurationPropertiesConfigurer.java
b/core/camel-main/src/generated/java/org/apache/camel/main/AzureVaultConfigurationPropertiesConfigurer.java
index cafee650316..65616f5136c 100644
---
a/core/camel-main/src/generated/java/org/apache/camel/main/AzureVaultConfigurationPropertiesConfigurer.java
+++
b/core/camel-main/src/generated/java/org/apache/camel/main/AzureVaultConfigurationPropertiesConfigurer.java
@@ -23,6 +23,8 @@ public class AzureVaultConfigurationPropertiesConfigurer
extends org.apache.came
switch (ignoreCase ? name.toLowerCase() : name) {
case "awsvaultconfiguration":
case "AwsVaultConfiguration":
target.setAwsVaultConfiguration(property(camelContext,
org.apache.camel.vault.AwsVaultConfiguration.class, value)); return true;
+ case "azureidentityenabled":
+ case "AzureIdentityEnabled":
target.setAzureIdentityEnabled(property(camelContext, boolean.class, value));
return true;
case "azurevaultconfiguration":
case "AzureVaultConfiguration":
target.setAzureVaultConfiguration(property(camelContext,
org.apache.camel.vault.AzureVaultConfiguration.class, value)); return true;
case "blobaccesskey":
@@ -60,6 +62,8 @@ public class AzureVaultConfigurationPropertiesConfigurer
extends org.apache.came
switch (ignoreCase ? name.toLowerCase() : name) {
case "awsvaultconfiguration":
case "AwsVaultConfiguration": return
org.apache.camel.vault.AwsVaultConfiguration.class;
+ case "azureidentityenabled":
+ case "AzureIdentityEnabled": return boolean.class;
case "azurevaultconfiguration":
case "AzureVaultConfiguration": return
org.apache.camel.vault.AzureVaultConfiguration.class;
case "blobaccesskey":
@@ -98,6 +102,8 @@ public class AzureVaultConfigurationPropertiesConfigurer
extends org.apache.came
switch (ignoreCase ? name.toLowerCase() : name) {
case "awsvaultconfiguration":
case "AwsVaultConfiguration": return target.getAwsVaultConfiguration();
+ case "azureidentityenabled":
+ case "AzureIdentityEnabled": return target.isAzureIdentityEnabled();
case "azurevaultconfiguration":
case "AzureVaultConfiguration": return
target.getAzureVaultConfiguration();
case "blobaccesskey":
diff --git
a/core/camel-main/src/generated/resources/META-INF/camel-main-configuration-metadata.json
b/core/camel-main/src/generated/resources/META-INF/camel-main-configuration-metadata.json
index 72f4180cad8..5577ce62cb1 100644
---
a/core/camel-main/src/generated/resources/META-INF/camel-main-configuration-metadata.json
+++
b/core/camel-main/src/generated/resources/META-INF/camel-main-configuration-metadata.json
@@ -276,6 +276,7 @@
{ "name": "camel.vault.aws.region", "description": "The AWS region",
"sourceType": "org.apache.camel.vault.AwsVaultConfiguration", "type": "string",
"javaType": "java.lang.String" },
{ "name": "camel.vault.aws.secretKey", "description": "The AWS secret
key", "sourceType": "org.apache.camel.vault.AwsVaultConfiguration", "type":
"string", "javaType": "java.lang.String" },
{ "name": "camel.vault.aws.secrets", "description": "Specify the secret
names (or pattern) to check for updates. Multiple secrets can be separated by
comma.", "sourceType": "org.apache.camel.vault.AwsVaultConfiguration", "type":
"string", "javaType": "java.lang.String" },
+ { "name": "camel.vault.azure.azureIdentityEnabled", "description":
"Whether the Azure Identity Authentication should be used or not.",
"sourceType": "org.apache.camel.vault.AzureVaultConfiguration", "type":
"boolean", "javaType": "boolean", "defaultValue": "false" },
{ "name": "camel.vault.azure.blobAccessKey", "description": "The Eventhubs
Blob Access Key for CheckpointStore purpose", "sourceType":
"org.apache.camel.vault.AzureVaultConfiguration", "type": "string", "javaType":
"java.lang.String" },
{ "name": "camel.vault.azure.blobAccountName", "description": "The
Eventhubs Blob Account Name for CheckpointStore purpose", "sourceType":
"org.apache.camel.vault.AzureVaultConfiguration", "type": "string", "javaType":
"java.lang.String" },
{ "name": "camel.vault.azure.blobContainerName", "description": "The
Eventhubs Blob Container Name for CheckpointStore purpose", "sourceType":
"org.apache.camel.vault.AzureVaultConfiguration", "type": "string", "javaType":
"java.lang.String" },
diff --git a/core/camel-main/src/main/docs/main.adoc
b/core/camel-main/src/main/docs/main.adoc
index cf27329b981..b4bbd92d60a 100644
--- a/core/camel-main/src/main/docs/main.adoc
+++ b/core/camel-main/src/main/docs/main.adoc
@@ -316,11 +316,12 @@ The camel.vault.gcp supports 7 options, which are listed
below.
=== Camel Azure Key Vault configurations
-The camel.vault.azure supports 11 options, which are listed below.
+The camel.vault.azure supports 12 options, which are listed below.
[width="100%",cols="2,5,^1,2",options="header"]
|===
| Name | Description | Default | Type
+| *camel.vault.azure.azure{zwsp}IdentityEnabled* | Whether the Azure Identity
Authentication should be used or not. | false | boolean
| *camel.vault.azure.blobAccess{zwsp}Key* | The Eventhubs Blob Access Key for
CheckpointStore purpose | | String
| *camel.vault.azure.blobAccount{zwsp}Name* | The Eventhubs Blob Account Name
for CheckpointStore purpose | | String
| *camel.vault.azure.blob{zwsp}ContainerName* | The Eventhubs Blob Container
Name for CheckpointStore purpose | | String
diff --git
a/core/camel-main/src/main/java/org/apache/camel/main/AzureVaultConfigurationProperties.java
b/core/camel-main/src/main/java/org/apache/camel/main/AzureVaultConfigurationProperties.java
index 57f786cb978..4a15b5168b2 100644
---
a/core/camel-main/src/main/java/org/apache/camel/main/AzureVaultConfigurationProperties.java
+++
b/core/camel-main/src/main/java/org/apache/camel/main/AzureVaultConfigurationProperties.java
@@ -81,6 +81,14 @@ public class AzureVaultConfigurationProperties extends
AzureVaultConfiguration i
return this;
}
+ /**
+ * Whether the Azure Identity Authentication should be used or not.
+ */
+ public AzureVaultConfigurationProperties withAzureIdentityEnabled(boolean
azureIdentityEnabled) {
+ setAzureIdentityEnabled(azureIdentityEnabled);
+ return this;
+ }
+
/**
* Whether to automatically reload Camel upon secrets being updated in
Azure.
*/
diff --git
a/core/camel-main/src/test/java/org/apache/camel/main/MainVaultTest.java
b/core/camel-main/src/test/java/org/apache/camel/main/MainVaultTest.java
index ca7ca42b3d8..18fcbe55a8e 100644
--- a/core/camel-main/src/test/java/org/apache/camel/main/MainVaultTest.java
+++ b/core/camel-main/src/test/java/org/apache/camel/main/MainVaultTest.java
@@ -201,6 +201,7 @@ public class MainVaultTest {
Assertions.assertEquals("id1", cfg.getClientId());
Assertions.assertEquals("secret1", cfg.getClientSecret());
Assertions.assertEquals("tenant1", cfg.getTenantId());
+ Assertions.assertEquals(false, cfg.isAzureIdentityEnabled());
main.stop();
}
@@ -226,6 +227,7 @@ public class MainVaultTest {
Assertions.assertEquals("id1", cfg.getClientId());
Assertions.assertEquals("secret1", cfg.getClientSecret());
Assertions.assertEquals("tenant1", cfg.getTenantId());
+ Assertions.assertEquals(false, cfg.isAzureIdentityEnabled());
main.stop();
}
