(camel) branch main updated: CAMEL-21061 - Google Secrets Manager Properties function: Add documentation about creating required infra (#15196)

Mon, 19 Aug 2024 02:04:39 -0700 

This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git


The following commit(s) were added to refs/heads/main by this push:
     new dfd543adff7 CAMEL-21061 - Google Secrets Manager Properties function: 
Add documentation about creating required infra (#15196)
dfd543adff7 is described below

commit dfd543adff79e6e8f16f856c87723575a0bf72c8
Author: Andrea Cosentino <[email protected]>
AuthorDate: Mon Aug 19 11:04:24 2024 +0200

    CAMEL-21061 - Google Secrets Manager Properties function: Add documentation 
about creating required infra (#15196)
    
    Signed-off-by: Andrea Cosentino <[email protected]>
---
 .../main/docs/google-secret-manager-component.adoc | 92 ++++++++++++++++++++++
 1 file changed, 92 insertions(+)

diff --git 
a/components/camel-google/camel-google-secret-manager/src/main/docs/google-secret-manager-component.adoc
 
b/components/camel-google/camel-google-secret-manager/src/main/docs/google-secret-manager-component.adoc
index c1404c201e6..1e5c6416dcd 100644
--- 
a/components/camel-google/camel-google-secret-manager/src/main/docs/google-secret-manager-component.adoc
+++ 
b/components/camel-google/camel-google-secret-manager/src/main/docs/google-secret-manager-component.adoc
@@ -282,6 +282,98 @@ There are only two requirements:
 - Adding `camel-google-secret-manager` JAR to your Camel application.
 - Give the service account used permissions to do operation at secret 
management level, (for example, accessing the secret payload, or being admin of 
secret manager service and also have permission over the Pubsub service)
 
+=== Automatic `CamelContext` reloading on Secret Refresh - Required 
infrastructure's creation
+
+You’ll need to install the gcloud cli from 
https://cloud.google.com/sdk/docs/install
+
+Once the Cli has been installed we can proceed to log in and to set up the 
project with the following commands:
+
+```
+gcloud auth login
+```
+
+and
+
+```
+gcloud projects create <projectId> --name="GCP Secret Manager Refresh"
+```
+
+The project will need a service identity for using secret manager service and 
we’ll be able to have that through the command:
+
+```
+gcloud beta services identity create --service "secretmanager.googleapis.com" 
--project <project_id>
+```
+
+The latter command will provide a service account name that we need to export
+
+```
+export SM_SERVICE_ACCOUNT="service-...."
+```
+
+Since we want to have notifications about events related to a specific secret 
through a Google Pubsub topic we’ll need to create a topic for this purpose 
with the following command:
+
+```
+gcloud pubsub topics create 
"projects/<project_id>/topics/pubsub-gcp-sec-refresh"
+```
+
+The service account will need Secret Manager authorization to publish messages 
on the topic just created, so we’ll need to add an iam policy binding with the 
following command:
+
+```
+gcloud pubsub topics add-iam-policy-binding pubsub-gcp-sec-refresh --member 
"serviceAccount:${SM_SERVICE_ACCOUNT}" --role "roles/pubsub.publisher" 
--project <project_id>
+```
+
+We now need to create a subscription to the pubsub-gcp-sec-refresh just 
created and we’re going to call it sub-gcp-sec-refresh with the following 
command:
+
+```
+gcloud pubsub subscriptions create 
"projects/<project_id>/subscriptions/sub-gcp-sec-refresh" --topic 
"projects/<project_id>/topics/pubsub-gcp-sec-refresh"
+```
+
+Now we need to create a service account for running our application:
+
+```
+gcloud iam service-accounts create gcp-sec-refresh-sa --description="GCP Sec 
Refresh SA" --project <project_id>
+```
+
+Let’s give the SA an owner role:
+
+```
+gcloud projects add-iam-policy-binding <project_id> 
--member="serviceAccount:gcp-sec-refresh-sa@<project_id>.iam.gserviceaccount.com"
 --role="roles/owner"
+```
+
+Now we should create a Service account key file for the just create SA:
+
+```
+gcloud iam service-accounts keys create <project_id>.json 
--iam-account=gcp-sec-refresh-sa@<project_id>.iam.gserviceaccount.com
+```
+
+Let’s enable the Secret Manager API for our project
+
+```
+gcloud services enable secretmanager.googleapis.com --project <project_id>
+```
+
+Also the PubSub API needs to be enabled
+
+```
+gcloud services enable pubsub.googleapis.com --project <project_id>
+```
+
+If needed enable also the Billing API.
+
+Now it’s time to create our secret, with topic notification:
+
+```
+gcloud secrets create <secret_name> 
--topics=projects/<project_id>/topics/pubsub-gcp-sec-refresh 
--project=<project_id>
+```
+
+And let’s add the value
+
+```
+gcloud secrets versions add <secret_name> --data-file=<json_secret> 
--project=<project_id>
+```
+
+You could now use the projectId and the service account json file to recover 
the secret.
+
 === Google Secret Manager Producer operations
 
 Google Functions component provides the following operation on the producer 
side:

Reply via email to