Skip to content

Commit

Permalink
chore: use KEYVAULT_URL instead of KEYVAULT_NAME in quick start a…
Browse files Browse the repository at this point in the history 
…nd tests (#638)

* chore: remove KEYVAULT_NAME requirement in msal samples

Signed-off-by: Anish Ramasekar <[email protected]>

* docs: remove setting KEYVAULT_NAME in quick start

Signed-off-by: Anish Ramasekar <[email protected]>

* test: use KEYVAULT_URL instead of KEYVAULT_NAME for e2e

Signed-off-by: Anish Ramasekar <[email protected]>

Signed-off-by: Anish Ramasekar <[email protected]>
  • Loading branch information
@aramase
aramase committed Nov 21, 2022
1 parent 8835cf4 commit f7755df
Show file tree
Hide file tree
Showing 10 changed files with 51 additions and 32 deletions.
8 changes: 4 additions & 4 deletions .pipelines/nightly.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ jobs:
# contains the following environment variables:
# - APPLICATION_CLIENT_ID
# - AZURE_TENANT_ID
# - KEYVAULT_NAME
# - KEYVAULT_URL
# - KEYVAULT_SECRET_NAME
- group: e2e-environment-variables
- name: REGISTRY
Expand Down Expand Up @@ -99,7 +99,7 @@ jobs:
env:
APPLICATION_CLIENT_ID: $(APPLICATION_CLIENT_ID)
AZURE_TENANT_ID: $(AZURE_TENANT_ID)
KEYVAULT_NAME: $(KEYVAULT_NAME)
KEYVAULT_URL: $(KEYVAULT_URL)
KEYVAULT_SECRET_NAME: $(KEYVAULT_SECRET_NAME)
- template: templates/publish-logs.yaml
- template: templates/upgrade.yaml
Expand Down Expand Up @@ -131,7 +131,7 @@ jobs:
# contains the following environment variables:
# - APPLICATION_CLIENT_ID
# - AZURE_TENANT_ID
# - KEYVAULT_NAME
# - KEYVAULT_URL
# - KEYVAULT_SECRET_NAME
# - SERVICE_ACCOUNT_ISSUER
# - SERVICE_ACCOUNT_KEYVAULT_NAME
Expand All @@ -154,7 +154,7 @@ jobs:
env:
APPLICATION_CLIENT_ID: $(APPLICATION_CLIENT_ID)
AZURE_TENANT_ID: $(AZURE_TENANT_ID)
KEYVAULT_NAME: $(KEYVAULT_NAME)
KEYVAULT_URL: $(KEYVAULT_URL)
KEYVAULT_SECRET_NAME: $(KEYVAULT_SECRET_NAME)
SERVICE_ACCOUNT_ISSUER: $(SERVICE_ACCOUNT_ISSUER)
SERVICE_ACCOUNT_KEYVAULT_NAME: $(SERVICE_ACCOUNT_KEYVAULT_NAME)
Expand Down
4 changes: 2 additions & 2 deletions .pipelines/pr.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ jobs:
# contains the following environment variables:
# - APPLICATION_CLIENT_ID
# - AZURE_TENANT_ID
# - KEYVAULT_NAME
# - KEYVAULT_URL
# - KEYVAULT_SECRET_NAME
# - SERVICE_ACCOUNT_ISSUER
# - SERVICE_ACCOUNT_KEYVAULT_NAME
Expand Down Expand Up @@ -112,7 +112,7 @@ jobs:
env:
APPLICATION_CLIENT_ID: $(APPLICATION_CLIENT_ID)
AZURE_TENANT_ID: $(AZURE_TENANT_ID)
KEYVAULT_NAME: $(KEYVAULT_NAME)
KEYVAULT_URL: $(KEYVAULT_URL)
KEYVAULT_SECRET_NAME: $(KEYVAULT_SECRET_NAME)
SERVICE_ACCOUNT_ISSUER: $(SERVICE_ACCOUNT_ISSUER)
SERVICE_ACCOUNT_KEYVAULT_NAME: $(SERVICE_ACCOUNT_KEYVAULT_NAME)
Expand Down
6 changes: 3 additions & 3 deletions .pipelines/templates/upgrade.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
# contains the following environment variables:
# - APPLICATION_CLIENT_ID
# - AZURE_TENANT_ID
# - KEYVAULT_NAME
# - KEYVAULT_URL
# - KEYVAULT_SECRET_NAME
- group: e2e-environment-variables
- name: REGISTRY
Expand All @@ -30,7 +30,7 @@ jobs:
SKIP_CLEANUP: "true"
APPLICATION_CLIENT_ID: $(APPLICATION_CLIENT_ID)
AZURE_TENANT_ID: $(AZURE_TENANT_ID)
KEYVAULT_NAME: $(KEYVAULT_NAME)
KEYVAULT_URL: $(KEYVAULT_URL)
KEYVAULT_SECRET_NAME: $(KEYVAULT_SECRET_NAME)
- script: |
# xref: https://github.com/Azure/secrets-store-csi-driver-provider-azure/blob/512316adc9daa2216de10a6288f6c1df8a122654/.pipelines/templates/aks-upgrade.yaml#L3-L8
Expand Down Expand Up @@ -58,7 +58,7 @@ jobs:
env:
APPLICATION_CLIENT_ID: $(APPLICATION_CLIENT_ID)
AZURE_TENANT_ID: $(AZURE_TENANT_ID)
KEYVAULT_NAME: $(KEYVAULT_NAME)
KEYVAULT_URL: $(KEYVAULT_URL)
KEYVAULT_SECRET_NAME: $(KEYVAULT_SECRET_NAME)
- script: az group delete --name "${CLUSTER_NAME}" --yes --no-wait || true
displayName: Cleanup
Expand Down
4 changes: 1 addition & 3 deletions docs/book/src/quick-start.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -281,8 +281,6 @@ spec:
- image: ghcr.io/azure/azure-workload-identity/msal-go
name: oidc
env:
- name: KEYVAULT_NAME
value: ${KEYVAULT_NAME}
- name: KEYVAULT_URL
value: ${KEYVAULT_URL}
- name: SECRET_NAME
Expand Down Expand Up @@ -349,7 +347,7 @@ Containers:
Ready: True
Restart Count: 0
Environment:
KEYVAULT_NAME: ${KEYVAULT_NAME}
KEYVAULT_URL: ${KEYVAULT_URL}
SECRET_NAME: ${KEYVAULT_SECRET_NAME}
AZURE_AUTHORITY_HOST: (Injected by the webhook)
AZURE_CLIENT_ID: (Injected by the webhook)
Expand Down
14 changes: 7 additions & 7 deletions examples/msal-go/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ package main

import (
"context"
"fmt"
"os"
"time"

Expand All @@ -13,12 +12,13 @@ import (

func main() {
keyvaultURL := os.Getenv("KEYVAULT_URL")
if keyvaultURL == "" {
keyvaultName := os.Getenv("KEYVAULT_NAME")
// fallback to use global cloud
keyvaultURL = fmt.Sprintf("https://%s.vault.azure.net/", keyvaultName)
}
secretName := os.Getenv("SECRET_NAME")
if keyvaultURL == "" {
klog.Fatal("KEYVAULT_URL environment variable is not set")
}
secretName := os.Getenv("SECRET_NAME")
if secretName == "" {
klog.Fatal("SECRET_NAME environment variable is not set")
}

// initialize keyvault client with custom authorizer
kvClient := keyvault.New()
Expand Down
12 changes: 10 additions & 2 deletions examples/msal-java/src/main/java/com/example/msal/java/App.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,19 @@
public class App {
public static void main(String[] args) {
Map<String, String> env = System.getenv();
String keyvaultName = env.get("KEYVAULT_NAME");
String keyvaultURL = env.get("KEYVAULT_URL");
if (keyvaultURL == null) {
System.out.println("KEYVAULT_URL environment variable not set");
return;
}
String secretName = env.get("SECRET_NAME");
if (secretName == null) {
System.out.println("SECRET_NAME environment variable not set");
return;
}

SecretClient secretClient = new SecretClientBuilder()
.vaultUrl(String.format("https://%s.vault.azure.net", keyvaultName))
.vaultUrl(keyvaultURL)
.credential(new CustomTokenCredential())
.buildClient();
KeyVaultSecret secret = secretClient.getSecret(secretName);
Expand Down
8 changes: 6 additions & 2 deletions examples/msal-net/akvdotnet/Program.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,15 @@ static void Main(string[] args)
Program P = new Program();
string keyvaultURL = Environment.GetEnvironmentVariable("KEYVAULT_URL");
if (string.IsNullOrEmpty(keyvaultURL)) {
string keyvaultName = Environment.GetEnvironmentVariable("KEYVAULT_NAME");
keyvaultURL = "https://" + keyvaultName + ".vault.azure.net/";
Console.WriteLine("KEYVAULT_URL environment variable not set");
return;
}

string secretName = Environment.GetEnvironmentVariable("SECRET_NAME");
if (string.IsNullOrEmpty(secretName)) {
Console.WriteLine("SECRET_NAME environment variable not set");
return;
}

SecretClient client = new SecretClient(
new Uri(keyvaultURL),
Expand Down
14 changes: 11 additions & 3 deletions examples/msal-node/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,10 +40,18 @@ const main = async () => {
// create a token credential object, which has a getToken method that returns a token
const tokenCredential = new MyClientAssertionCredential()

const keyvaultURL = process.env.KEYVAULT_URL
if (!keyvaultURL) {
throw new Error("KEYVAULT_URL environment variable not set")
}
const secretName = process.env.SECRET_NAME
if (!secretName) {
throw new Error("SECRET_NAME environment variable not set")
}

// create a secret client with the token credential
const url = `https://${process.env.KEYVAULT_NAME}.vault.azure.net`
const keyvault = new SecretClient(url, tokenCredential)
const secret = await keyvault.getSecret(process.env.SECRET_NAME).catch(error => console.log(error))
const keyvault = new SecretClient(keyvaultURL, tokenCredential)
const secret = await keyvault.getSecret(secretName).catch(error => console.log(error))
console.log(`successfully got secret, secret=${secret.value}`)
}

Expand Down
5 changes: 3 additions & 2 deletions examples/msal-python/main.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,10 @@ def main():

keyvault_url = os.getenv('KEYVAULT_URL', '')
if not keyvault_url:
keyvault_name = os.getenv('KEYVAULT_NAME', '')
keyvault_url='https://{}.vault.azure.net'.format(keyvault_name)
raise Exception('KEYVAULT_URL environment variable is not set')
secret_name = os.getenv('SECRET_NAME', '')
if not secret_name:
raise Exception('SECRET_NAME environment variable is not set')

# create a secret client with the token credential
keyvault = SecretClient(vault_url=keyvault_url, credential=token_credential)
Expand Down
8 changes: 4 additions & 4 deletions test/e2e/token_exchange.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,8 @@ var _ = ginkgo.Describe("TokenExchange [AKSSoakOnly] [Exclude:Arc]", func() {
ginkgo.It("should exchange the service account token for a valid AAD token", func() {
clientID, ok := os.LookupEnv("APPLICATION_CLIENT_ID")
gomega.Expect(ok).To(gomega.BeTrue(), "APPLICATION_CLIENT_ID must be set")
keyvaultName, ok := os.LookupEnv("KEYVAULT_NAME")
gomega.Expect(ok).To(gomega.BeTrue(), "KEYVAULT_NAME must be set")
keyvaultURL, ok := os.LookupEnv("KEYVAULT_URL")
gomega.Expect(ok).To(gomega.BeTrue(), "KEYVAULT_URL must be set")
keyvaultSecretName, ok := os.LookupEnv("KEYVAULT_SECRET_NAME")
gomega.Expect(ok).To(gomega.BeTrue(), "KEYVAULT_SECRET_NAME must be set")

Expand All @@ -47,8 +47,8 @@ var _ = ginkgo.Describe("TokenExchange [AKSSoakOnly] [Exclude:Arc]", func() {
nil,
nil,
[]corev1.EnvVar{{
Name: "KEYVAULT_NAME",
Value: keyvaultName,
Name: "KEYVAULT_URL",
Value: keyvaultURL,
}, {
Name: "SECRET_NAME",
Value: keyvaultSecretName,
Expand Down

0 comments on commit f7755df

Please sign in to comment.