Add Azure Key Vault Extension #218

galiacheng · 2024-04-25T07:27:23Z

This PR is related to #63, including:

Support to automatically configure SecretClient and SecretAsyncClient bean with property quarkus.azure.keyvault.secret.endpoint.
Support native build.
Enable building/testing/releasing Key Vault Extension in workflow pipelines.
Add unit tests.
Add integration tests.
Add doc.
Update README.

Test: https://github.com/galiacheng/quarkus-azure-services/actions/runs/8829692524

…t found error.

…ension requires real service for testing.

edburns · 2024-04-30T02:27:37Z

...eployment/src/main/java/io/quarkiverse/azure/identity/deployment/AzureIdentityProcessor.java

+        String dir = "QMETA-INF/services";
+        String hotspotLibName = "jdk.vm.ci.hotspot.HotSpotJVMCIBackendFactory";


Add a comment explaining what the QMETA-INF/services thing is.

See 37c8dc9.

edburns · 2024-04-30T02:38:12Z

...t/src/main/java/io/quarkiverse/azure/keyvault/secret/deployment/KeyVaultSecretProcessor.java

+                .filter(n -> n.startsWith("com.azure.security.keyvault.secrets.models."))
+                .sorted()


By loading the classes in this way, we are creating an implicit contract: All of the classes that start with this package are "safe" to load in this way. Do we know this will always be true?

The safest approach is to load the exact classes, see 5fce42c.

edburns · 2024-04-30T02:40:01Z

...t/src/main/java/io/quarkiverse/azure/keyvault/secret/deployment/KeyVaultSecretProcessor.java

+                .filter(s -> s.startsWith("com.azure.security.keyvault.secrets.implementation.models."))
+                .forEach(e -> {


This is safe to use a startsWith approach here because we are pre-filtering with the getAllKnownImplementors.

edburns · 2024-04-30T02:47:32Z

integration-tests/README.md

+### Creating Azure Key Vault
+
+Run the following commands to create an Azure Key Vault, set permission and export its connection string as an environment
+variable.
+


Mention that the steps listed here are also performed by the GitHub Actions workflows via the build-with-native.sh file.

Good catch, see 5fce42c.

edburns · 2024-04-30T02:48:23Z

.github/build-with-maven-native.sh

+az keyvault create \
+    --name ${KEY_VAULT_NAME} \
+    --resource-group ${RESOURCE_GROUP_NAME} \
+    --location eastus


Mention this duplicates code in integration-tests/README.md.

See 5fce42c.

edburns · 2024-04-30T02:49:29Z

integration-tests/azure-keyvault/README.md

+```
+KEY_VAULT_NAME=<unique-key-vault-name>
+az keyvault create --name ${KEY_VAULT_NAME} \
+    --resource-group ${RESOURCE_GROUP_NAME} \
+    --location eastus


Mention the GitHub Actions workflow.

See 5fce42c.

majguo · 2024-04-30T03:30:14Z

LGTM now, approved.

galiacheng added 21 commits April 25, 2024 02:51

Initialize file structure for keyvault extension.

8740472

use quarkus cli application for testing.

c38313e

add internal extension for azure identity

99cf94e

add dynamic-proxy.

5e2aca5

add reflectiveHierarchyClass

ee81987

complete integration test.

ccf8b97

remove unused dependency.

cb93ba0

rename test sample.

552ebed

procude SecretAsyncClient.

4e6a06e

add ut.

1ebbdbf

complete integration test

ea03ef6

create doc for key vault extension.

8dd8879

add ci for key vault extension.

ea7b823

code clean up

c2f3b72

clean up import

50cb09a

update integration test.

1c5b5d0

update top README.

53b12c7

Update README of integration-test for keyvault

6ada004

add KeyVaultSecretResourceIT.

e993ce7

fix com.microsoft.aad.msal4j.AbstractClientApplicationBase$Builder no…

010b51b

…t found error.

update azure-identity denpendency versions.

bf46fce

galiacheng had a problem deploying to ci April 25, 2024 07:27 — with GitHub Actions Failure

galiacheng requested review from majguo, agoncal and edburns April 25, 2024 07:27

clean up.

6d2f6dc

galiacheng had a problem deploying to ci April 25, 2024 07:35 — with GitHub Actions Failure

build.yaml: specify -DskipTests before az login, as the key vault ext…

690a3d7

…ension requires real service for testing.

galiacheng temporarily deployed to ci April 25, 2024 07:54 — with GitHub Actions Inactive

add script to delete keyvault resource.

9f0c28f

galiacheng had a problem deploying to ci April 30, 2024 01:36 — with GitHub Actions Failure

as we disscussed, move otherkeyvault API test to the next PR.

af62cb7

galiacheng had a problem deploying to ci April 30, 2024 01:56 — with GitHub Actions Failure

fix build failure

d895ebe

galiacheng had a problem deploying to ci April 30, 2024 02:10 — with GitHub Actions Failure

sort imports used in Key Vault Extension.

06eb3f8

galiacheng temporarily deployed to ci April 30, 2024 02:16 — with GitHub Actions Inactive

galiacheng mentioned this pull request Apr 30, 2024

Test KeyVault Secret APIs thoroughly in the integration-test. #223

Open

edburns reviewed Apr 30, 2024

View reviewed changes

edburns approved these changes Apr 30, 2024

View reviewed changes

majguo approved these changes Apr 30, 2024

View reviewed changes

apply Ed's comments.

5fce42c

galiacheng had a problem deploying to ci April 30, 2024 04:28 — with GitHub Actions Error

add identitifier to track key vault secret clients.

a605c5b

galiacheng had a problem deploying to ci April 30, 2024 04:34 — with GitHub Actions Failure

format AzureQuarkusIdentifier.

24cdcdb

galiacheng had a problem deploying to ci April 30, 2024 04:36 — with GitHub Actions Failure

format KeyVaultSecretClientProducer.java

52a3125

galiacheng had a problem deploying to ci April 30, 2024 04:40 — with GitHub Actions Failure

add comment for azure-identity native resources.

37c8dc9

galiacheng had a problem deploying to ci April 30, 2024 04:45 — with GitHub Actions Failure

fix length of application id cannot be greater than 24

02eff46

galiacheng temporarily deployed to ci April 30, 2024 04:50 — with GitHub Actions Inactive

majguo merged commit adf8af9 into quarkiverse:main Apr 30, 2024
1 check passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add Azure Key Vault Extension #218

Add Azure Key Vault Extension #218

galiacheng commented Apr 25, 2024 •

edited

Loading

edburns Apr 30, 2024

galiacheng Apr 30, 2024

edburns Apr 30, 2024

galiacheng Apr 30, 2024 •

edited

Loading

edburns Apr 30, 2024

edburns Apr 30, 2024

galiacheng Apr 30, 2024

edburns Apr 30, 2024

galiacheng Apr 30, 2024

edburns Apr 30, 2024

galiacheng Apr 30, 2024

majguo commented Apr 30, 2024

		String dir = "QMETA-INF/services";
		String hotspotLibName = "jdk.vm.ci.hotspot.HotSpotJVMCIBackendFactory";

		.filter(n -> n.startsWith("com.azure.security.keyvault.secrets.models."))
		.sorted()

		.filter(s -> s.startsWith("com.azure.security.keyvault.secrets.implementation.models."))
		.forEach(e -> {

Add Azure Key Vault Extension #218

Add Azure Key Vault Extension #218

Conversation

galiacheng commented Apr 25, 2024 • edited Loading

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

galiacheng Apr 30, 2024 • edited Loading

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

majguo commented Apr 30, 2024

galiacheng commented Apr 25, 2024 •

edited

Loading

galiacheng Apr 30, 2024 •

edited

Loading