(camel) branch main updated: CAMEL-21062 - Azure Key Vault Properties function: Add documentation about creating required infra (#15197)

Mon, 19 Aug 2024 02:14:07 -0700 

This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git


The following commit(s) were added to refs/heads/main by this push:
     new 938fd403f45 CAMEL-21062 - Azure Key Vault Properties function: Add 
documentation about creating required infra (#15197)
938fd403f45 is described below

commit 938fd403f453f685ee0e2fa24ce64209a459ba49
Author: Andrea Cosentino <[email protected]>
AuthorDate: Mon Aug 19 11:13:57 2024 +0200

    CAMEL-21062 - Azure Key Vault Properties function: Add documentation about 
creating required infra (#15197)
    
    Signed-off-by: Andrea Cosentino <[email protected]>
---
 .../src/main/docs/azure-key-vault-component.adoc   | 97 ++++++++++++++++++++++
 1 file changed, 97 insertions(+)

diff --git 
a/components/camel-azure/camel-azure-key-vault/src/main/docs/azure-key-vault-component.adoc
 
b/components/camel-azure/camel-azure-key-vault/src/main/docs/azure-key-vault-component.adoc
index b475ec6bbd4..4795348b4de 100644
--- 
a/components/camel-azure/camel-azure-key-vault/src/main/docs/azure-key-vault-component.adoc
+++ 
b/components/camel-azure/camel-azure-key-vault/src/main/docs/azure-key-vault-component.adoc
@@ -263,6 +263,103 @@ Note that `camel.vault.azure.secrets` is not mandatory: 
if not specified the tas
 
 The only requirement is adding the camel-azure-key-vault jar to your Camel 
application.
 
+=== Automatic Camel context reloading on Secret Refresh - Required 
Infrastructure's creation
+
+First of all we need to create an application
+
+```
+az ad app create --display-name test-app-key-vault
+```
+
+Then we need to obtain credentials
+
+```
+az ad app credential reset --id <appId> --append --display-name 'Description: 
Key Vault app client' --end-date '2024-12-31'
+```
+
+This will return a result like this
+
+
+```
+{
+  "appId": "appId",
+  "password": "pwd",
+  "tenant": "tenantId"
+}
+```
+
+You should take note of the password and use it as clientSecret parameter, 
together with the clientId and tenantId.
+
+Now create the key vault
+
+```
+az keyvault create --name <vaultName> --resource-group <resourceGroup>
+```
+
+Create a service principal associated with the application Id
+
+```
+az ad sp create --id <appId>
+```
+
+At this point we need to add a role to the application with role assignment
+
+```
+az role assignment create --assignee <appId> --role "Key Vault Administrator" 
--scope 
/subscriptions/<subscriptionId>/resourceGroups/<resourceGroup>/providers/Microsoft.KeyVault/vaults/<vaultName>
+```
+
+Last step is to create policy on what can be or cannot be done with the 
application. In this case we just want to read the secret value. So This should 
be enough.
+
+```
+az keyvault set-policy --name <vaultName> --spn <appId> --secret-permissions 
get
+```
+
+You can create a secret through Azure CLI with the following command:
+
+```
+az keyvault secret set --name <secret_name> --vault-name <vaultName> -f 
<json-secret>
+```
+
+Now we need to setup the Eventhub/EventGrid notification for being informed 
about secrets updates.
+
+First of all we'll need a Blob account and Blob container, to track Eventhub 
consuming activities.
+
+```
+az storage account create --name <blobAccountName> --resource-group 
<resourceGroup>
+```
+
+Then create a container
+
+```
+az storage container create --account-name <blobAccountName> --name 
<blobContainerName>
+```
+
+Then recover the access key for this purpose
+
+```
+az storage account keys list -g <resourceGroup> -n <blobAccountName>
+```
+
+Take note of the blob Account name, blob Container name and Blob Access Key to 
be used for setting up the vault.
+
+Let's now create the Eventhub side
+
+Create the namespace first
+
+```
+az eventhubs namespace create --resource-group <resourceGroup> --name 
<eventhub-namespace> --location westus --sku Standard --enable-auto-inflate 
--maximum-throughput-units 20
+```
+
+Now create the resource
+
+```
+az eventhubs eventhub create --resource-group <resourceGroup> --namespace-name 
<eventhub-namespace> --name <eventhub-name> --cleanup-policy Delete 
--partition-count 15
+```
+
+In the Azure portal create a shared policy for the just created eventhub 
resource with "MANAGE" permissions and copy the connection string.
+
+You now have all the required parameters to set up the vault.
+
 // component headers: START
 include::partial$component-endpoint-headers.adoc[]
 // component headers: END

Reply via email to