CAMEL-20220 - Camel Azure Key Vault: Support Azure Identity in the component and secrets function
Signed-off-by: Andrea Cosentino <ancosen@gmail.com>
diff --git a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/azure-key-vault.json b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/azure-key-vault.json
index f7cb32d..6acab70 100644
--- a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/azure-key-vault.json
+++ b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/azure-key-vault.json
@@ -31,11 +31,12 @@
},
"properties": {
"vaultName": { "index": 0, "kind": "path", "displayName": "Vault Name", "group": "producer", "label": "", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Vault Name to be used" },
- "operation": { "index": 1, "kind": "parameter", "displayName": "Operation", "group": "producer", "label": "producer", "required": false, "type": "object", "javaType": "org.apache.camel.component.azure.key.vault.KeyVaultOperation", "enum": [ "createSecret", "getSecret", "deleteSecret", "purgeDeletedSecret" ], "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Operation to be performed" },
- "secretClient": { "index": 2, "kind": "parameter", "displayName": "Secret Client", "group": "producer", "label": "", "required": false, "type": "object", "javaType": "com.azure.security.keyvault.secrets.SecretClient", "deprecated": false, "deprecationNote": "", "autowired": true, "secret": false, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Instance of Secret client" },
- "lazyStartProducer": { "index": 3, "kind": "parameter", "displayName": "Lazy Start Producer", "group": "producer (advanced)", "label": "producer,advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the route to fail being started. By deferring this startup to be lazy then the startup failure can be handled during routing messages via Camel's routing error handlers. Beware that when the first message is processed then creating and starting the producer may take a little time and prolong the total processing time of the processing." },
- "clientId": { "index": 4, "kind": "parameter", "displayName": "Client Id", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Client Id to be used" },
- "clientSecret": { "index": 5, "kind": "parameter", "displayName": "Client Secret", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Client Secret to be used" },
- "tenantId": { "index": 6, "kind": "parameter", "displayName": "Tenant Id", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Tenant Id to be used" }
+ "credentialType": { "index": 1, "kind": "parameter", "displayName": "Credential Type", "group": "common", "label": "common", "required": false, "type": "object", "javaType": "org.apache.camel.component.azure.key.vault.CredentialType", "enum": [ "CLIENT_SECRET", "AZURE_IDENTITY" ], "deprecated": false, "autowired": false, "secret": false, "defaultValue": "CLIENT_SECRET", "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Determines the credential strategy to adopt" },
+ "operation": { "index": 2, "kind": "parameter", "displayName": "Operation", "group": "producer", "label": "producer", "required": false, "type": "object", "javaType": "org.apache.camel.component.azure.key.vault.KeyVaultOperation", "enum": [ "createSecret", "getSecret", "deleteSecret", "purgeDeletedSecret" ], "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Operation to be performed" },
+ "secretClient": { "index": 3, "kind": "parameter", "displayName": "Secret Client", "group": "producer", "label": "", "required": false, "type": "object", "javaType": "com.azure.security.keyvault.secrets.SecretClient", "deprecated": false, "deprecationNote": "", "autowired": true, "secret": false, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Instance of Secret client" },
+ "lazyStartProducer": { "index": 4, "kind": "parameter", "displayName": "Lazy Start Producer", "group": "producer (advanced)", "label": "producer,advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the route to fail being started. By deferring this startup to be lazy then the startup failure can be handled during routing messages via Camel's routing error handlers. Beware that when the first message is processed then creating and starting the producer may take a little time and prolong the total processing time of the processing." },
+ "clientId": { "index": 5, "kind": "parameter", "displayName": "Client Id", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Client Id to be used" },
+ "clientSecret": { "index": 6, "kind": "parameter", "displayName": "Client Secret", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Client Secret to be used" },
+ "tenantId": { "index": 7, "kind": "parameter", "displayName": "Tenant Id", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Tenant Id to be used" }
}
}
diff --git a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/main/camel-main-configuration-metadata.json b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/main/camel-main-configuration-metadata.json
index 72f4180..5577ce6 100644
--- a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/main/camel-main-configuration-metadata.json
+++ b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/main/camel-main-configuration-metadata.json
@@ -276,6 +276,7 @@
{ "name": "camel.vault.aws.region", "description": "The AWS region", "sourceType": "org.apache.camel.vault.AwsVaultConfiguration", "type": "string", "javaType": "java.lang.String" },
{ "name": "camel.vault.aws.secretKey", "description": "The AWS secret key", "sourceType": "org.apache.camel.vault.AwsVaultConfiguration", "type": "string", "javaType": "java.lang.String" },
{ "name": "camel.vault.aws.secrets", "description": "Specify the secret names (or pattern) to check for updates. Multiple secrets can be separated by comma.", "sourceType": "org.apache.camel.vault.AwsVaultConfiguration", "type": "string", "javaType": "java.lang.String" },
+ { "name": "camel.vault.azure.azureIdentityEnabled", "description": "Whether the Azure Identity Authentication should be used or not.", "sourceType": "org.apache.camel.vault.AzureVaultConfiguration", "type": "boolean", "javaType": "boolean", "defaultValue": "false" },
{ "name": "camel.vault.azure.blobAccessKey", "description": "The Eventhubs Blob Access Key for CheckpointStore purpose", "sourceType": "org.apache.camel.vault.AzureVaultConfiguration", "type": "string", "javaType": "java.lang.String" },
{ "name": "camel.vault.azure.blobAccountName", "description": "The Eventhubs Blob Account Name for CheckpointStore purpose", "sourceType": "org.apache.camel.vault.AzureVaultConfiguration", "type": "string", "javaType": "java.lang.String" },
{ "name": "camel.vault.azure.blobContainerName", "description": "The Eventhubs Blob Container Name for CheckpointStore purpose", "sourceType": "org.apache.camel.vault.AzureVaultConfiguration", "type": "string", "javaType": "java.lang.String" },
diff --git a/components/camel-azure/camel-azure-key-vault/src/generated/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpointConfigurer.java b/components/camel-azure/camel-azure-key-vault/src/generated/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpointConfigurer.java
index a36c121..372ecd3 100644
--- a/components/camel-azure/camel-azure-key-vault/src/generated/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpointConfigurer.java
+++ b/components/camel-azure/camel-azure-key-vault/src/generated/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpointConfigurer.java
@@ -25,6 +25,8 @@
case "clientId": target.getConfiguration().setClientId(property(camelContext, java.lang.String.class, value)); return true;
case "clientsecret":
case "clientSecret": target.getConfiguration().setClientSecret(property(camelContext, java.lang.String.class, value)); return true;
+ case "credentialtype":
+ case "credentialType": target.getConfiguration().setCredentialType(property(camelContext, org.apache.camel.component.azure.key.vault.CredentialType.class, value)); return true;
case "lazystartproducer":
case "lazyStartProducer": target.setLazyStartProducer(property(camelContext, boolean.class, value)); return true;
case "operation": target.getConfiguration().setOperation(property(camelContext, org.apache.camel.component.azure.key.vault.KeyVaultOperation.class, value)); return true;
@@ -48,6 +50,8 @@
case "clientId": return java.lang.String.class;
case "clientsecret":
case "clientSecret": return java.lang.String.class;
+ case "credentialtype":
+ case "credentialType": return org.apache.camel.component.azure.key.vault.CredentialType.class;
case "lazystartproducer":
case "lazyStartProducer": return boolean.class;
case "operation": return org.apache.camel.component.azure.key.vault.KeyVaultOperation.class;
@@ -67,6 +71,8 @@
case "clientId": return target.getConfiguration().getClientId();
case "clientsecret":
case "clientSecret": return target.getConfiguration().getClientSecret();
+ case "credentialtype":
+ case "credentialType": return target.getConfiguration().getCredentialType();
case "lazystartproducer":
case "lazyStartProducer": return target.isLazyStartProducer();
case "operation": return target.getConfiguration().getOperation();
diff --git a/components/camel-azure/camel-azure-key-vault/src/generated/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpointUriFactory.java b/components/camel-azure/camel-azure-key-vault/src/generated/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpointUriFactory.java
index af6be60..bc03fdb 100644
--- a/components/camel-azure/camel-azure-key-vault/src/generated/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpointUriFactory.java
+++ b/components/camel-azure/camel-azure-key-vault/src/generated/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpointUriFactory.java
@@ -21,9 +21,10 @@
private static final Set<String> SECRET_PROPERTY_NAMES;
private static final Set<String> MULTI_VALUE_PREFIXES;
static {
- Set<String> props = new HashSet<>(7);
+ Set<String> props = new HashSet<>(8);
props.add("clientId");
props.add("clientSecret");
+ props.add("credentialType");
props.add("lazyStartProducer");
props.add("operation");
props.add("secretClient");
diff --git a/components/camel-azure/camel-azure-key-vault/src/generated/resources/org/apache/camel/component/azure/key/vault/azure-key-vault.json b/components/camel-azure/camel-azure-key-vault/src/generated/resources/org/apache/camel/component/azure/key/vault/azure-key-vault.json
index f7cb32d..6acab70 100644
--- a/components/camel-azure/camel-azure-key-vault/src/generated/resources/org/apache/camel/component/azure/key/vault/azure-key-vault.json
+++ b/components/camel-azure/camel-azure-key-vault/src/generated/resources/org/apache/camel/component/azure/key/vault/azure-key-vault.json
@@ -31,11 +31,12 @@
},
"properties": {
"vaultName": { "index": 0, "kind": "path", "displayName": "Vault Name", "group": "producer", "label": "", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Vault Name to be used" },
- "operation": { "index": 1, "kind": "parameter", "displayName": "Operation", "group": "producer", "label": "producer", "required": false, "type": "object", "javaType": "org.apache.camel.component.azure.key.vault.KeyVaultOperation", "enum": [ "createSecret", "getSecret", "deleteSecret", "purgeDeletedSecret" ], "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Operation to be performed" },
- "secretClient": { "index": 2, "kind": "parameter", "displayName": "Secret Client", "group": "producer", "label": "", "required": false, "type": "object", "javaType": "com.azure.security.keyvault.secrets.SecretClient", "deprecated": false, "deprecationNote": "", "autowired": true, "secret": false, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Instance of Secret client" },
- "lazyStartProducer": { "index": 3, "kind": "parameter", "displayName": "Lazy Start Producer", "group": "producer (advanced)", "label": "producer,advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the route to fail being started. By deferring this startup to be lazy then the startup failure can be handled during routing messages via Camel's routing error handlers. Beware that when the first message is processed then creating and starting the producer may take a little time and prolong the total processing time of the processing." },
- "clientId": { "index": 4, "kind": "parameter", "displayName": "Client Id", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Client Id to be used" },
- "clientSecret": { "index": 5, "kind": "parameter", "displayName": "Client Secret", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Client Secret to be used" },
- "tenantId": { "index": 6, "kind": "parameter", "displayName": "Tenant Id", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Tenant Id to be used" }
+ "credentialType": { "index": 1, "kind": "parameter", "displayName": "Credential Type", "group": "common", "label": "common", "required": false, "type": "object", "javaType": "org.apache.camel.component.azure.key.vault.CredentialType", "enum": [ "CLIENT_SECRET", "AZURE_IDENTITY" ], "deprecated": false, "autowired": false, "secret": false, "defaultValue": "CLIENT_SECRET", "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Determines the credential strategy to adopt" },
+ "operation": { "index": 2, "kind": "parameter", "displayName": "Operation", "group": "producer", "label": "producer", "required": false, "type": "object", "javaType": "org.apache.camel.component.azure.key.vault.KeyVaultOperation", "enum": [ "createSecret", "getSecret", "deleteSecret", "purgeDeletedSecret" ], "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Operation to be performed" },
+ "secretClient": { "index": 3, "kind": "parameter", "displayName": "Secret Client", "group": "producer", "label": "", "required": false, "type": "object", "javaType": "com.azure.security.keyvault.secrets.SecretClient", "deprecated": false, "deprecationNote": "", "autowired": true, "secret": false, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Instance of Secret client" },
+ "lazyStartProducer": { "index": 4, "kind": "parameter", "displayName": "Lazy Start Producer", "group": "producer (advanced)", "label": "producer,advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the route to fail being started. By deferring this startup to be lazy then the startup failure can be handled during routing messages via Camel's routing error handlers. Beware that when the first message is processed then creating and starting the producer may take a little time and prolong the total processing time of the processing." },
+ "clientId": { "index": 5, "kind": "parameter", "displayName": "Client Id", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Client Id to be used" },
+ "clientSecret": { "index": 6, "kind": "parameter", "displayName": "Client Secret", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Client Secret to be used" },
+ "tenantId": { "index": 7, "kind": "parameter", "displayName": "Tenant Id", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "configurationClass": "org.apache.camel.component.azure.key.vault.KeyVaultConfiguration", "configurationField": "configuration", "description": "Tenant Id to be used" }
}
}
diff --git a/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/CredentialType.java b/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/CredentialType.java
new file mode 100644
index 0000000..8c8b294
--- /dev/null
+++ b/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/CredentialType.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.azure.key.vault;
+
+public enum CredentialType {
+ /**
+ * Client Secret Credential
+ */
+ CLIENT_SECRET,
+ /**
+ * Includes:
+ * <uL>
+ * <li>Service principal with secret</li>
+ * <li>Service principal with certificate</li>
+ * <li>username and password</li>
+ * </uL>
+ *
+ * @see com.azure.identity.DefaultAzureCredentialBuilder
+ */
+ AZURE_IDENTITY
+}
diff --git a/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultConfiguration.java b/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultConfiguration.java
index a92ef9e..2e3fb12 100644
--- a/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultConfiguration.java
+++ b/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultConfiguration.java
@@ -23,6 +23,9 @@
import org.apache.camel.spi.UriParams;
import org.apache.camel.spi.UriPath;
+import static org.apache.camel.component.azure.key.vault.CredentialType.AZURE_IDENTITY;
+import static org.apache.camel.component.azure.key.vault.CredentialType.CLIENT_SECRET;
+
@UriParams
public class KeyVaultConfiguration implements Cloneable {
@@ -39,6 +42,9 @@
private String tenantId;
@UriParam(label = "producer")
private KeyVaultOperation operation = KeyVaultOperation.createSecret;
+ @UriParam(label = "common", enums = "CLIENT_SECRET,AZURE_IDENTITY",
+ defaultValue = "CLIENT_SECRET")
+ private CredentialType credentialType = CLIENT_SECRET;
/**
* Instance of Secret client
@@ -106,6 +112,18 @@
this.operation = operation;
}
+
+ public CredentialType getCredentialType() {
+ return credentialType;
+ }
+
+ /**
+ * Determines the credential strategy to adopt
+ */
+ public void setCredentialType(CredentialType credentialType) {
+ this.credentialType = credentialType;
+ }
+
// *************************************************
//
// *************************************************
diff --git a/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpoint.java b/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpoint.java
index 0840244..17bdcbc 100644
--- a/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpoint.java
+++ b/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultEndpoint.java
@@ -16,8 +16,10 @@
*/
package org.apache.camel.component.azure.key.vault;
+import com.azure.core.credential.TokenCredential;
import com.azure.identity.ClientSecretCredential;
import com.azure.identity.ClientSecretCredentialBuilder;
+import com.azure.identity.DefaultAzureCredentialBuilder;
import com.azure.security.keyvault.secrets.SecretClient;
import com.azure.security.keyvault.secrets.SecretClientBuilder;
import org.apache.camel.Category;
@@ -61,12 +63,17 @@
// Build key vault URI
String keyVaultUri = "https://" + getConfiguration().getVaultName() + ".vault.azure.net";
+ TokenCredential credential = null;
// Credential
- ClientSecretCredential credential = new ClientSecretCredentialBuilder()
- .tenantId(getConfiguration().getTenantId())
- .clientId(getConfiguration().getClientId())
- .clientSecret(getConfiguration().getClientSecret())
- .build();
+ if (configuration.getCredentialType().equals(CredentialType.CLIENT_SECRET)) {
+ credential = new ClientSecretCredentialBuilder()
+ .tenantId(getConfiguration().getTenantId())
+ .clientId(getConfiguration().getClientId())
+ .clientSecret(getConfiguration().getClientSecret())
+ .build();
+ } else if (configuration.getCredentialType().equals(CredentialType.AZURE_IDENTITY)) {
+ credential = new DefaultAzureCredentialBuilder().build();
+ }
// Build Client
localClient = new SecretClientBuilder()
diff --git a/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultPropertiesFunction.java b/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultPropertiesFunction.java
index 35f71cd..ad758c5 100644
--- a/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultPropertiesFunction.java
+++ b/components/camel-azure/camel-azure-key-vault/src/main/java/org/apache/camel/component/azure/key/vault/KeyVaultPropertiesFunction.java
@@ -19,9 +19,11 @@
import java.util.HashSet;
import java.util.Set;
+import com.azure.core.credential.TokenCredential;
import com.azure.core.exception.ResourceNotFoundException;
import com.azure.identity.ClientSecretCredential;
import com.azure.identity.ClientSecretCredentialBuilder;
+import com.azure.identity.DefaultAzureCredentialBuilder;
import com.azure.security.keyvault.secrets.SecretClient;
import com.azure.security.keyvault.secrets.SecretClientBuilder;
import com.azure.security.keyvault.secrets.models.KeyVaultSecret;
@@ -46,6 +48,7 @@
* <li><tt>CAMEL_VAULT_AZURE_CLIENT_ID</tt></li>
* <li><tt>CAMEL_VAULT_AZURE_CLIENT_SECRET</tt></li>
* <li><tt>CAMEL_VAULT_AZURE_TENANT_ID</tt></li>
+ * <li><tt>CAMEL_VAULT_AZURE_IDENTITY_ENABLED</tt></li>
* </ul>
* <p/>
*
@@ -56,12 +59,13 @@
* <li><tt>camel.vault.azure.clientId</tt></li>
* <li><tt>camel.vault.azure.clientSecret</tt></li>
* <li><tt>camel.vault.azure.tenantId</tt></li>
+ * <li><tt>camel.vault.azure.azureIdentityEnabled</tt></li>
* </ul>
* <p/>
*
* This implementation is to return the secret value associated with a key. The properties related to this kind of
* Properties Function are all prefixed with <tt>azure:</tt>. For example asking for <tt>azure:token</tt>, will return
- * the secret value associated to the secret named token on AWS Secrets Manager.
+ * the secret value associated to the secret named token on Azure Key Vault.
*
* Another way of retrieving a secret value is using the following notation <tt>azure:database/username</tt>: in this
* case the field username of the secret database will be returned. As a fallback, the user could provide a default
@@ -78,6 +82,8 @@
private static final String CAMEL_VAULT_AZURE_CLIENT_ID = "CAMEL_VAULT_AZURE_CLIENT_ID";
private static final String CAMEL_VAULT_AZURE_CLIENT_SECRET = "CAMEL_VAULT_AZURE_CLIENT_SECRET";
private static final String CAMEL_VAULT_AZURE_TENANT_ID = "CAMEL_VAULT_AZURE_TENANT_ID";
+
+ private static final String CAMEL_VAULT_AZURE_IDENTITY_ENABLED = "CAMEL_VAULT_AZURE_IDENTITY_ENABLED";
private CamelContext camelContext;
private SecretClient client;
private final Set<String> secrets = new HashSet<>();
@@ -89,6 +95,7 @@
String clientId = System.getenv(CAMEL_VAULT_AZURE_CLIENT_ID);
String clientSecret = System.getenv(CAMEL_VAULT_AZURE_CLIENT_SECRET);
String tenantId = System.getenv(CAMEL_VAULT_AZURE_TENANT_ID);
+ boolean azureIdentityEnabled = Boolean.parseBoolean(System.getenv(CAMEL_VAULT_AZURE_IDENTITY_ENABLED));
if (ObjectHelper.isEmpty(vaultName) && ObjectHelper.isEmpty(clientId) && ObjectHelper.isEmpty(clientSecret)
&& ObjectHelper.isEmpty(tenantId)) {
AzureVaultConfiguration azureVaultConfiguration = getCamelContext().getVaultConfiguration().azure();
@@ -97,10 +104,11 @@
clientId = azureVaultConfiguration.getClientId();
clientSecret = azureVaultConfiguration.getClientSecret();
tenantId = azureVaultConfiguration.getTenantId();
+ azureIdentityEnabled = azureVaultConfiguration.isAzureIdentityEnabled();
}
}
if (ObjectHelper.isNotEmpty(vaultName) && ObjectHelper.isNotEmpty(clientId) && ObjectHelper.isNotEmpty(clientSecret)
- && ObjectHelper.isNotEmpty(tenantId)) {
+ && ObjectHelper.isNotEmpty(tenantId) && !azureIdentityEnabled) {
String keyVaultUri = "https://" + vaultName + ".vault.azure.net";
// Credential
@@ -115,9 +123,20 @@
.vaultUrl(keyVaultUri)
.credential(credential)
.buildClient();
+ } else if (ObjectHelper.isNotEmpty(vaultName) && azureIdentityEnabled) {
+ String keyVaultUri = "https://" + vaultName + ".vault.azure.net";
+
+ // Credential
+ TokenCredential credential = new DefaultAzureCredentialBuilder().build();
+
+ // Build Client
+ client = new SecretClientBuilder()
+ .vaultUrl(keyVaultUri)
+ .credential(credential)
+ .buildClient();
} else {
throw new RuntimeCamelException(
- "Using the Azure Key Vault Properties Function requires setting Azure credentials as application properties or environment variables");
+ "Using the Azure Key Vault Properties Function requires setting Azure credentials as application properties or environment variables or enable the Azure Identity Authentication mechanism");
}
}
diff --git a/core/camel-api/src/main/java/org/apache/camel/vault/AzureVaultConfiguration.java b/core/camel-api/src/main/java/org/apache/camel/vault/AzureVaultConfiguration.java
index 5e1804c..64e7087 100644
--- a/core/camel-api/src/main/java/org/apache/camel/vault/AzureVaultConfiguration.java
+++ b/core/camel-api/src/main/java/org/apache/camel/vault/AzureVaultConfiguration.java
@@ -32,6 +32,8 @@
@Metadata(secret = true)
private String tenantId;
@Metadata
+ private boolean azureIdentityEnabled;
+ @Metadata
private boolean refreshEnabled;
@Metadata(defaultValue = "30000")
private long refreshPeriod = 30000;
@@ -90,6 +92,17 @@
this.tenantId = tenantId;
}
+ public boolean isAzureIdentityEnabled() {
+ return azureIdentityEnabled;
+ }
+
+ /**
+ * Whether the Azure Identity Authentication should be used or not.
+ */
+ public void setAzureIdentityEnabled(boolean azureIdentityEnabled) {
+ this.azureIdentityEnabled = azureIdentityEnabled;
+ }
+
public boolean isRefreshEnabled() {
return refreshEnabled;
}
diff --git a/core/camel-main/src/generated/java/org/apache/camel/main/AzureVaultConfigurationConfigurer.java b/core/camel-main/src/generated/java/org/apache/camel/main/AzureVaultConfigurationConfigurer.java
index 9560719..ea4798b7 100644
--- a/core/camel-main/src/generated/java/org/apache/camel/main/AzureVaultConfigurationConfigurer.java
+++ b/core/camel-main/src/generated/java/org/apache/camel/main/AzureVaultConfigurationConfigurer.java
@@ -23,6 +23,8 @@
switch (ignoreCase ? name.toLowerCase() : name) {
case "awsvaultconfiguration":
case "AwsVaultConfiguration": target.setAwsVaultConfiguration(property(camelContext, org.apache.camel.vault.AwsVaultConfiguration.class, value)); return true;
+ case "azureidentityenabled":
+ case "AzureIdentityEnabled": target.setAzureIdentityEnabled(property(camelContext, boolean.class, value)); return true;
case "azurevaultconfiguration":
case "AzureVaultConfiguration": target.setAzureVaultConfiguration(property(camelContext, org.apache.camel.vault.AzureVaultConfiguration.class, value)); return true;
case "blobaccesskey":
@@ -60,6 +62,8 @@
switch (ignoreCase ? name.toLowerCase() : name) {
case "awsvaultconfiguration":
case "AwsVaultConfiguration": return org.apache.camel.vault.AwsVaultConfiguration.class;
+ case "azureidentityenabled":
+ case "AzureIdentityEnabled": return boolean.class;
case "azurevaultconfiguration":
case "AzureVaultConfiguration": return org.apache.camel.vault.AzureVaultConfiguration.class;
case "blobaccesskey":
@@ -98,6 +102,8 @@
switch (ignoreCase ? name.toLowerCase() : name) {
case "awsvaultconfiguration":
case "AwsVaultConfiguration": return target.getAwsVaultConfiguration();
+ case "azureidentityenabled":
+ case "AzureIdentityEnabled": return target.isAzureIdentityEnabled();
case "azurevaultconfiguration":
case "AzureVaultConfiguration": return target.getAzureVaultConfiguration();
case "blobaccesskey":
diff --git a/core/camel-main/src/generated/java/org/apache/camel/main/AzureVaultConfigurationPropertiesConfigurer.java b/core/camel-main/src/generated/java/org/apache/camel/main/AzureVaultConfigurationPropertiesConfigurer.java
index cafee65..65616f5 100644
--- a/core/camel-main/src/generated/java/org/apache/camel/main/AzureVaultConfigurationPropertiesConfigurer.java
+++ b/core/camel-main/src/generated/java/org/apache/camel/main/AzureVaultConfigurationPropertiesConfigurer.java
@@ -23,6 +23,8 @@
switch (ignoreCase ? name.toLowerCase() : name) {
case "awsvaultconfiguration":
case "AwsVaultConfiguration": target.setAwsVaultConfiguration(property(camelContext, org.apache.camel.vault.AwsVaultConfiguration.class, value)); return true;
+ case "azureidentityenabled":
+ case "AzureIdentityEnabled": target.setAzureIdentityEnabled(property(camelContext, boolean.class, value)); return true;
case "azurevaultconfiguration":
case "AzureVaultConfiguration": target.setAzureVaultConfiguration(property(camelContext, org.apache.camel.vault.AzureVaultConfiguration.class, value)); return true;
case "blobaccesskey":
@@ -60,6 +62,8 @@
switch (ignoreCase ? name.toLowerCase() : name) {
case "awsvaultconfiguration":
case "AwsVaultConfiguration": return org.apache.camel.vault.AwsVaultConfiguration.class;
+ case "azureidentityenabled":
+ case "AzureIdentityEnabled": return boolean.class;
case "azurevaultconfiguration":
case "AzureVaultConfiguration": return org.apache.camel.vault.AzureVaultConfiguration.class;
case "blobaccesskey":
@@ -98,6 +102,8 @@
switch (ignoreCase ? name.toLowerCase() : name) {
case "awsvaultconfiguration":
case "AwsVaultConfiguration": return target.getAwsVaultConfiguration();
+ case "azureidentityenabled":
+ case "AzureIdentityEnabled": return target.isAzureIdentityEnabled();
case "azurevaultconfiguration":
case "AzureVaultConfiguration": return target.getAzureVaultConfiguration();
case "blobaccesskey":
diff --git a/core/camel-main/src/generated/resources/META-INF/camel-main-configuration-metadata.json b/core/camel-main/src/generated/resources/META-INF/camel-main-configuration-metadata.json
index 72f4180..5577ce6 100644
--- a/core/camel-main/src/generated/resources/META-INF/camel-main-configuration-metadata.json
+++ b/core/camel-main/src/generated/resources/META-INF/camel-main-configuration-metadata.json
@@ -276,6 +276,7 @@
{ "name": "camel.vault.aws.region", "description": "The AWS region", "sourceType": "org.apache.camel.vault.AwsVaultConfiguration", "type": "string", "javaType": "java.lang.String" },
{ "name": "camel.vault.aws.secretKey", "description": "The AWS secret key", "sourceType": "org.apache.camel.vault.AwsVaultConfiguration", "type": "string", "javaType": "java.lang.String" },
{ "name": "camel.vault.aws.secrets", "description": "Specify the secret names (or pattern) to check for updates. Multiple secrets can be separated by comma.", "sourceType": "org.apache.camel.vault.AwsVaultConfiguration", "type": "string", "javaType": "java.lang.String" },
+ { "name": "camel.vault.azure.azureIdentityEnabled", "description": "Whether the Azure Identity Authentication should be used or not.", "sourceType": "org.apache.camel.vault.AzureVaultConfiguration", "type": "boolean", "javaType": "boolean", "defaultValue": "false" },
{ "name": "camel.vault.azure.blobAccessKey", "description": "The Eventhubs Blob Access Key for CheckpointStore purpose", "sourceType": "org.apache.camel.vault.AzureVaultConfiguration", "type": "string", "javaType": "java.lang.String" },
{ "name": "camel.vault.azure.blobAccountName", "description": "The Eventhubs Blob Account Name for CheckpointStore purpose", "sourceType": "org.apache.camel.vault.AzureVaultConfiguration", "type": "string", "javaType": "java.lang.String" },
{ "name": "camel.vault.azure.blobContainerName", "description": "The Eventhubs Blob Container Name for CheckpointStore purpose", "sourceType": "org.apache.camel.vault.AzureVaultConfiguration", "type": "string", "javaType": "java.lang.String" },
diff --git a/core/camel-main/src/main/docs/main.adoc b/core/camel-main/src/main/docs/main.adoc
index cf27329..b4bbd92 100644
--- a/core/camel-main/src/main/docs/main.adoc
+++ b/core/camel-main/src/main/docs/main.adoc
@@ -316,11 +316,12 @@
=== Camel Azure Key Vault configurations
-The camel.vault.azure supports 11 options, which are listed below.
+The camel.vault.azure supports 12 options, which are listed below.
[width="100%",cols="2,5,^1,2",options="header"]
|===
| Name | Description | Default | Type
+| *camel.vault.azure.azure{zwsp}IdentityEnabled* | Whether the Azure Identity Authentication should be used or not. | false | boolean
| *camel.vault.azure.blobAccess{zwsp}Key* | The Eventhubs Blob Access Key for CheckpointStore purpose | | String
| *camel.vault.azure.blobAccount{zwsp}Name* | The Eventhubs Blob Account Name for CheckpointStore purpose | | String
| *camel.vault.azure.blob{zwsp}ContainerName* | The Eventhubs Blob Container Name for CheckpointStore purpose | | String
diff --git a/core/camel-main/src/main/java/org/apache/camel/main/AzureVaultConfigurationProperties.java b/core/camel-main/src/main/java/org/apache/camel/main/AzureVaultConfigurationProperties.java
index 57f786c..4a15b51 100644
--- a/core/camel-main/src/main/java/org/apache/camel/main/AzureVaultConfigurationProperties.java
+++ b/core/camel-main/src/main/java/org/apache/camel/main/AzureVaultConfigurationProperties.java
@@ -82,6 +82,14 @@
}
/**
+ * Whether the Azure Identity Authentication should be used or not.
+ */
+ public AzureVaultConfigurationProperties withAzureIdentityEnabled(boolean azureIdentityEnabled) {
+ setAzureIdentityEnabled(azureIdentityEnabled);
+ return this;
+ }
+
+ /**
* Whether to automatically reload Camel upon secrets being updated in Azure.
*/
public AzureVaultConfigurationProperties withRefreshEnabled(boolean refreshEnabled) {
diff --git a/core/camel-main/src/test/java/org/apache/camel/main/MainVaultTest.java b/core/camel-main/src/test/java/org/apache/camel/main/MainVaultTest.java
index ca7ca42..18fcbe5 100644
--- a/core/camel-main/src/test/java/org/apache/camel/main/MainVaultTest.java
+++ b/core/camel-main/src/test/java/org/apache/camel/main/MainVaultTest.java
@@ -201,6 +201,7 @@
Assertions.assertEquals("id1", cfg.getClientId());
Assertions.assertEquals("secret1", cfg.getClientSecret());
Assertions.assertEquals("tenant1", cfg.getTenantId());
+ Assertions.assertEquals(false, cfg.isAzureIdentityEnabled());
main.stop();
}
@@ -226,6 +227,7 @@
Assertions.assertEquals("id1", cfg.getClientId());
Assertions.assertEquals("secret1", cfg.getClientSecret());
Assertions.assertEquals("tenant1", cfg.getTenantId());
+ Assertions.assertEquals(false, cfg.isAzureIdentityEnabled());
main.stop();
}
