Skip to content

Configure cloud from keyvault uri#20530

Merged
yiliuTo merged 10 commits into
Azure:masterfrom
yiliuTo:support-cloud-configuration-jca
Apr 19, 2021
Merged

Configure cloud from keyvault uri#20530
yiliuTo merged 10 commits into
Azure:masterfrom
yiliuTo:support-cloud-configuration-jca

Conversation

@yiliuTo

@yiliuTo yiliuTo commented Apr 12, 2021

Copy link
Copy Markdown
Member

To support keyvault jca in different Azure cloud environments, this pr configures keyvault resource uri and aad authentication automatically according to the property of azure.keyvault.uri provided by customers

@ghost ghost added KeyVault azure-spring All azure-spring related issues labels Apr 12, 2021
@chenrujun chenrujun added this to the [2021] May milestone Apr 13, 2021
@check-enforcer

Copy link
Copy Markdown

This pull request is protected by Check Enforcer.

What is Check Enforcer?

Check Enforcer helps ensure all pull requests are covered by at least one check-run (typically an Azure Pipeline). When all check-runs associated with this pull request pass then Check Enforcer itself will pass.

Why am I getting this message?

You are getting this message because Check Enforcer did not detect any check-runs being associated with this pull request within five minutes. This may indicate that your pull request is not covered by any pipelines and so Check Enforcer is correctly blocking the pull request being merged.

What should I do now?

If the check-enforcer check-run is not passing and all other check-runs associated with this PR are passing (excluding license-cla) then you could try telling Check Enforcer to evaluate your pull request again. You can do this by adding a comment to this pull request as follows:
/check-enforcer evaluate
Typically evaulation only takes a few seconds. If you know that your pull request is not covered by a pipeline and this is expected you can override Check Enforcer using the following command:
/check-enforcer override
Note that using the override command triggers alerts so that follow-up investigations can occur (PRs still need to be approved as normal).

What if I am onboarding a new service?

Often, new services do not have validation pipelines associated with them, in order to bootstrap pipelines for a new service, you can issue the following command as a pull request comment:
/azp run prepare-pipelines
This will run a pipeline that analyzes the source tree and creates the pipelines necessary to build and validate your pull request. Once the pipeline has been created you can trigger the pipeline using the following comment:
/azp run java - [service] - ci

@chenrujun

Copy link
Copy Markdown

Hi, @yiliuTo .
Please fix the pipeline failure. 🙏

break;
default:
throw new IllegalArgumentException("Property of azure.keyvault.uri is illegal.");
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. Write a method in Constants: getAADLoginURIByKeyVaultBaseUri.
  2. And rename Constants to UriUtil.
  3. Write unit test for the getAADLoginURIByKeyVaultBaseUri.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done with point 1&2.
Do we still need a unit test for getAADLoginURIByKeyVaultBaseUri given it's just a switch statement? Does the current ut in KeyVaultClientTest meet the requirements?

@yiliuTo yiliuTo changed the title identity and configure cloud from keyvault uri Configure cloud from keyvault uri Apr 15, 2021
@chenrujun chenrujun linked an issue Apr 16, 2021 that may be closed by this pull request

@backwind1233 backwind1233 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@chenrujun chenrujun left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@yiliuTo yiliuTo merged commit 98b7105 into Azure:master Apr 19, 2021
benbp pushed a commit that referenced this pull request Apr 28, 2021
* identify and configure cloud environment from keyvault uri

* add unit test to check url initialization

* remove slash in base uri

* refactor contructors

* add changelog
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

azure-spring All azure-spring related issues KeyVault

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Finish all todos in keyvault-jca's first PR.

3 participants