Refactor samples with terraform and defaultCredential for keyvault samples

keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/README.md

@@ -1,20 +1,125 @@
+# Spring Cloud Azure Starter Key Vault Secrets Sample 
 
-# Spring Cloud Azure Starter Key Vault Secrets Sample
+This sample illustrates the usage of `spring-cloud-azure-starter-keyvault-secrets`. To learn all features, please refer to [reference doc](https://microsoft.github.io/spring-cloud-azure/docs/4.0.0-beta.2/reference/html/index.html).
 
-This sample illustrates the simplest usage of `spring-cloud-azure-starter-keyvault-secrets`. To learn all features, please refer to [reference doc](https://microsoft.github.io/spring-cloud-azure/docs/4.0.0-beta.1/reference/html/index.html).
+## What You Will Build
 
-## Create Azure resources
+You will build an application that use `spring-cloud-azure-starter-keyvault-secrets` to retrieve multiple secrets from multiple [Azure Key Vault](https://azure.microsoft.com/services/key-vault/).
 
-1. Read [document about register an application](https://docs.microsoft.com/azure/active-directory/develop/quickstart-register-app), register an application. get the `Application (client) ID`: **${AZURE_CLIENT_ID_1}**, and create a secret, get the `Client Secret Value`: **${AZURE_CLIENT_SECRET_1}**.
-2. Read [document about create key vault](https://docs.microsoft.com/en-us/azure/key-vault/general/quick-create-portal), get the `Directory ID`: **${AZURE_TENANT_ID_1}** and `Vault URI` **${ENDPOINT_1}**.
-3. Read [document about assign Key Vault access policy](https://docs.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-portal), assign `Secret Management` template to the client(or principal) we created in step 1.
-4. Same to previous steps, get **${AZURE_CLIENT_ID_2}**, **${AZURE_CLIENT_SECRET_2}**, **${AZURE_TENANT_ID_2}** and **${ENDPOINT_1}**. assign `Secret Management` template to the **${AZURE_CLIENT_ID_2}. 
+## What You Need
 
-## Fill the values in application.yml
-Fill these values in application.yml: **${AZURE_TENANT_ID_1}**, **${AZURE_CLIENT_ID_1}**, **${AZURE_CLIENT_SECRET_1}**, **${ENDPOINT_1}**, **${AZURE_TENANT_ID_2}**, **${AZURE_CLIENT_ID_2}**, **${AZURE_CLIENT_SECRET_2}**, **${ENDPOINT_2}**.
+- [An Azure subscription](https://azure.microsoft.com/free/)
+- [Terraform](https://www.terraform.io/)
+- [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli)
+- [JDK8](https://www.oracle.com/java/technologies/downloads/) or later
+- Maven
+- You can also import the code straight into your IDE:
+    - [IntelliJ IDEA](https://www.jetbrains.com/idea/download)
 
-## Start application
-Start the application, you will see a log like this:
+## Provision Azure Resources Required to Run This Sample
+
+### Authenticate Using the Azure CLI
+Terraform must authenticate to Azure to create infrastructure.
+
+In your terminal, use the Azure CLI tool to setup your account permissions locally.
+
+```shell
+az login
+```
+
+Your browser window will open and you will be prompted to enter your Azure login credentials. After successful authentication, your terminal will display your subscription information. You do not need to save this output as it is saved in your system for Terraform to use.
+
+```shell
+You have logged in. Now let us find all the subscriptions to which you have access...
+
+[
+  {
+    "cloudName": "AzureCloud",
+    "homeTenantId": "home-Tenant-Id",
+    "id": "subscription-id",
+    "isDefault": true,
+    "managedByTenants": [],
+    "name": "Subscription-Name",
+    "state": "Enabled",
+    "tenantId": "0envbwi39-TenantId",
+    "user": {
+      "name": "[email protected]",
+      "type": "user"
+    }
+  }
+]
+```
+
+If you have more than one subscription, specify the subscription-id you want to use with command below: 
+```shell
+az account set --subscription <your-subscription-id>
+```
+
+### Provision the Resources
+After login Azure CLI with your account, now you can use the terraform script to create Azure Resources.
+
+```shell
+# In the root directory of the sample
+# Initialize your Terraform configuration
+terraform -chdir=./terraform init
+
+# Apply your Terraform Configuration
+# Type `yes` at the confirmation prompt to proceed.
+terraform -chdir=./terraform apply
+
+```
+
+It may take a few minutes to run the script. After successful running, you will see prompt information like below:
+
+```shell
+...
+azurecaf_name.azurecaf_name_kv_02: Creating...
+azurecaf_name.azurecaf_name_kv_01: Creating...
+azurecaf_name.resource_group: Creating...
+azurecaf_name.azurecaf_name_kv_01: Creation complete after 0s ...
+azurecaf_name.resource_group: Creation complete after 0s ...
+azurecaf_name.azurecaf_name_kv_02: Creation complete after 0s ...
+azurerm_resource_group.main: Creating...
+azurerm_resource_group.main: Creation complete after 3s ...
+azurerm_key_vault.kv_account_02: Creating...
+azurerm_key_vault.kv_account_01: Creating...
+azurerm_key_vault.kv_account_02: Still creating... 
+...
+azurerm_key_vault_secret.kv_01: Creation complete ...
+azurerm_key_vault_secret.kv_both_01: Creation complete ...
+azurerm_key_vault.kv_account_02: Creation complete after ...
+azurerm_key_vault_secret.kv_02_both: Creating...
+azurerm_key_vault_secret.kv_02: Creating...
+azurerm_key_vault_secret.kv_02_both: Creation complete ...
+azurerm_key_vault_secret.kv_02: Creation complete ...
+
+Apply complete! Resources: 10 added, 0 changed, 0 destroyed.
+
+Outputs:
+
+...
+
+```
+
+You can go to [Azure portal](https://ms.portal.azure.com/) in your web browser to check the resources you created.
+
+### Export Output to Your Local Environment
+Running the command below to export environment values:
+
+```shell
+ source ./terraform/setup_env.sh
+```
+
+## Run Locally
+In your terminal, run `mvn clean spring-boot:run`.
+
+```shell
+mvn clean spring-boot:run
+```
+
+## Verify This Sample
+
+Start the application, you will see logs like this:
 ```text
 secretNameInKeyVault1: secret-value-1
 secretNameInKeyVault2: secret-name-in-key-vault-2-value-2
@@ -23,3 +128,12 @@ secretNameInKeyVaultBoth: secret-value-1
 
 We can see that property-source-1 have higher priority.
 
+## Clean Up Resources
+After running the sample, if you don't want to run the sample, remember to destroy the Azure resources you created to avoid unnecessary billing.
+
+The terraform destroy command terminates resources managed by your Terraform project.   
+To destroy the resources you created.
+
+```shell
+terraform -chdir=./terraform destroy
+```

keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/src/main/resources/application.yml

@@ -8,16 +8,6 @@ spring:
             -
               name: key-vault-1
               endpoint: ${ENDPOINT_1}
-              profile:
-                tenant-id: ${AZURE_TENANT_ID_1}
-              credential:
-                client-id: ${AZURE_CLIENT_ID_1}
-                client-secret: ${AZURE_CLIENT_SECRET_1}
             -
               name: key-vault-2
               endpoint: ${ENDPOINT_2}
-              profile:
-                tenant-id: ${AZURE_TENANT_ID_2}
-              credential:
-                client-id: ${AZURE_CLIENT_ID_2}
-                client-secret: ${AZURE_CLIENT_SECRET_2}

keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/terraform/main.tf

@@ -0,0 +1,139 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">= 2.75"
+    }
+    azurecaf = {
+      source  = "aztfmod/azurecaf"
+      version = "1.2.10"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}
+
+// ===========resource_group===========
+resource "azurecaf_name" "resource_group" {
+  name          = var.application_name
+  resource_type = "azurerm_resource_group"
+  random_length = 5
+  clean_input   = true
+}
+
+resource "azurerm_resource_group" "main" {
+  name     = azurecaf_name.resource_group.result
+  location = var.location
+
+  tags = {
+    "terraform"                 = "true"
+    "application-name"          = var.application_name
+    "spring-cloud-azure-sample" = var.sample_tag_value
+  }
+}
+
+data "azurerm_client_config" "current" {
+}
+
+// ===========azurerm_key_vault_01===========
+resource "azurecaf_name" "azurecaf_name_kv_01" {
+  name          = var.application_name
+  resource_type = "azurerm_key_vault"
+  random_length = 5
+  clean_input   = true
+}
+
+resource "azurerm_key_vault" "kv_account_01" {
+  name                        = azurecaf_name.azurecaf_name_kv_01.result
+  location                    = azurerm_resource_group.main.location
+  resource_group_name         = azurerm_resource_group.main.name
+  enabled_for_disk_encryption = true
+  tenant_id                   = data.azurerm_client_config.current.tenant_id
+  soft_delete_retention_days  = 7
+  purge_protection_enabled    = false
+
+  sku_name = "standard"
+
+  access_policy {
+    tenant_id = data.azurerm_client_config.current.tenant_id
+    object_id = data.azurerm_client_config.current.object_id
+
+    secret_permissions = [
+      "Get",
+      "List",
+      "Set",
+      "Purge",
+      "Delete"
+    ]
+  }
+
+  tags = {
+    "terraform"                 = "true"
+    "spring-cloud-azure-sample" = var.sample_tag_value
+  }
+}
+
+resource "azurerm_key_vault_secret" "key_vault_secret_01" {
+  name         = "secret-name-in-key-vault-1"
+  value        = "key_vault_secret_01: secret-name-in-key-vault-1: value"
+  key_vault_id = azurerm_key_vault.kv_account_01.id
+}
+
+resource "azurerm_key_vault_secret" "key_vault_secret_common_01" {
+  name         = "secret-name-in-key-vault-both"
+  value        = "key_vault_secret_common_01: secret-name-in-key-vault-both: value"
+  key_vault_id = azurerm_key_vault.kv_account_01.id
+}
+
+
+// ===========azurerm_key_vault_02===========
+resource "azurecaf_name" "azurecaf_name_kv_02" {
+  name          = var.application_name
+  resource_type = "azurerm_key_vault"
+  random_length = 5
+  clean_input   = true
+}
+
+resource "azurerm_key_vault" "kv_account_02" {
+  name                        = azurecaf_name.azurecaf_name_kv_02.result
+  location                    = azurerm_resource_group.main.location
+  resource_group_name         = azurerm_resource_group.main.name
+  enabled_for_disk_encryption = true
+  tenant_id                   = data.azurerm_client_config.current.tenant_id
+  soft_delete_retention_days  = 7
+  purge_protection_enabled    = false
+
+  sku_name = "standard"
+
+  access_policy {
+    tenant_id = data.azurerm_client_config.current.tenant_id
+    object_id = data.azurerm_client_config.current.object_id
+
+    secret_permissions = [
+      "Get",
+      "List",
+      "Set",
+      "Purge",
+      "Delete"
+    ]
+  }
+
+  tags = {
+    "terraform"                 = "true"
+    "spring-cloud-azure-sample" = var.sample_tag_value
+  }
+}
+
+resource "azurerm_key_vault_secret" "key_vault_secret_02" {
+  name         = "secret-name-in-key-vault-2"
+  value        = "key_vault_secret_02: secret-name-in-key-vault-2: value"
+  key_vault_id = azurerm_key_vault.kv_account_02.id
+}
+
+resource "azurerm_key_vault_secret" "key_vault_secret_common_02" {
+  name         = "secret-name-in-key-vault-both"
+  value        = "key_vault_secret_common_02: secret-name-in-key-vault-both: value"
+  key_vault_id = azurerm_key_vault.kv_account_02.id
+}

keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/terraform/outputs.tf

@@ -0,0 +1,9 @@
+output "KEYVAULT_URI_01" {
+  value       = azurerm_key_vault.kv_account_01.vault_uri
+  description = "The key vault uri 01."
+}
+
+output "KEYVAULT_URI_02" {
+  value       = azurerm_key_vault.kv_account_02.vault_uri
+  description = "The key vault uri 02."
+}

keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/terraform/setup_env.sh

@@ -0,0 +1,2 @@
+export ENDPOINT_1=$(terraform -chdir=./terraform output -raw KEYVAULT_URI_01)
+export ENDPOINT_2=$(terraform -chdir=./terraform output -raw KEYVAULT_URI_02)

keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/terraform/variables.tf

@@ -0,0 +1,17 @@
+variable "application_name" {
+  type        = string
+  description = "The name of your application."
+  default     = "mul-keyvault"
+}
+
+variable "location" {
+  type        = string
+  description = "The Azure region where all resources in this example should be created."
+  default     = "eastus"
+}
+
+variable "sample_tag_value" {
+  type        = string
+  description = "The value of spring-cloud-azure-sample tag."
+  default     = "true"
+}

keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/README.md

@@ -18,10 +18,6 @@ You will build an application that use `spring-cloud-azure-starter-keyvault-secr
     - [IntelliJ IDEA](https://www.jetbrains.com/idea/download)
 
 ## Provision Azure Resources Required to Run This Sample
-This sample will create Azure resources using Terraform. If you choose to run it without using Terraform to provision resources, please pay attention to:
-> [!IMPORTANT]  
-> If you choose to use a security principal to authenticate and authorize with Azure Active Directory for accessing an Azure resource
-> please refer to [Authorize access with Azure AD](https://microsoft.github.io/spring-cloud-azure/docs/current/reference/html/index.html#authorize-access-with-azure-active-directory) to make sure the security principal has been granted the sufficient permission to access the Azure resource.
 
 ### Authenticate Using the Azure CLI
 Terraform must authenticate to Azure to create infrastructure.
@@ -75,11 +71,10 @@ terraform -chdir=./terraform apply
 
 ```
 
-
 It may take a few minutes to run the script. After successful running, you will see prompt information like below:
 
 ```shell
-
+...
 azurecaf_name.kv: Creating...
 azurecaf_name.resource_group: Creating...
 azurecaf_name.resource_group: Creation complete after ...
@@ -98,8 +93,6 @@ Apply complete! Resources: 5 added, 0 changed, 0 destroyed.
 Outputs:
 
 ...
-
-
 ```
 
 You can go to [Azure portal](https://ms.portal.azure.com/) in your web browser to check the resources you created.
@@ -115,7 +108,6 @@ Running the command below to export environment values:
 
 In your terminal, run `mvn clean spring-boot:run`.
 
-
 ```shell
 mvn clean spring-boot:run
 ```
@@ -128,7 +120,6 @@ Start the application, you will see a log like this:
 property springDataSourceUrl in Azure Key Vault: this is a test value
 ```
 
-
 ## Clean Up Resources
 After running the sample, if you don't want to run the sample, remember to destroy the Azure resources you created to avoid unnecessary billing.