Added secrets management examples with the workflow (#653)

* Added secrets management examples with the workflow Signed-off-by: Amulya Varote <amulyavarote@microsoft.com> * Fixed syntax error for validation Signed-off-by: Amulya Varote <amulyavarote@microsoft.com> * Increased time of the rollouts - distributed calc eg using k8s Signed-off-by: Amulya Varote <amulyavarote@microsoft.com> * Changed hello-kubernetes readme Signed-off-by: Amulya Varote <amulyavarote@microsoft.com> * Changes based on the review comments Signed-off-by: Amulya Varote <amulyavarote@microsoft.com> * Resolved merge conflicts Signed-off-by: Amulya Varote <amulyavarote@microsoft.com> * Removed k8s installation from secrets mgnt Signed-off-by: Amulya Varote <amulyavarote@microsoft.com> * Removed dapr k8s installation from secrets mgnt Signed-off-by: Amulya Varote <amulyavarote@microsoft.com>
dapr · Apr 29, 2022 · cf3054f · cf3054f
1 parent 017da7d
commit cf3054f
Show file tree

Hide file tree

Showing 38 changed files with 3,503 additions and 1 deletion.
diff --git a/.github/workflows/validate_new_quickstarts_secrets_management.yaml b/.github/workflows/validate_new_quickstarts_secrets_management.yaml
@@ -0,0 +1,106 @@
+#
+# Copyright 2021 The Dapr Authors
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#     http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name: Validate Secrets Management
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - feature/new_quickstarts
+      - release-*
+    tags:
+      - v*
+  pull_request:
+    branches:
+      - master
+      - feature/new_quickstarts
+      - release-*
+jobs:
+  deploy:
+    name: Validate quickstarts on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    env:
+      DAPR_INSTALL_URL: https://raw.githubusercontent.com/dapr/cli/master/install
+      GOVER: 1.17
+      KUBERNETES_VERSION: v1.21.1
+      KIND_VERSION: v0.11.0
+      KIND_IMAGE_SHA: sha256:69860bda5563ac81e3c0057d654b5253219618a22ec3a346306239bba8cfa1a6
+    strategy:
+      matrix: 
+        os: [ubuntu-latest, macos-latest]
+    steps:
+      - name: Install docker - MacOS
+        if: matrix.os == 'macos-latest'
+        uses: docker-practice/actions-setup-docker@1.0.8
+        with:
+          docker_buildx: false
+          docker_version: 20.10
+      - name: Set up Go ${{ env.GOVER }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ env.GOVER }}
+      - name: Determine latest Dapr Runtime version including Pre-releases
+        run: |
+          helm repo add dapr https://dapr.github.io/helm-charts/ && helm repo update && export RUNTIME_VERSION=$(helm search repo dapr/dapr --devel --versions | awk '/dapr\/dapr/ {print $3; exit}' )
+          echo "DAPR_RUNTIME_VERSION=$RUNTIME_VERSION" >> $GITHUB_ENV
+          echo "Found $RUNTIME_VERSION"
+        shell: bash
+      - name: Determine latest Dapr Cli version including Pre-releases
+        run: |
+          export CLI_VERSION=$(curl "https://api.github.com/repos/dapr/cli/releases?per_page=1&page=1" --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' | jq '.[0].tag_name'| tr -d '",v')
+          echo "DAPR_CLI_VERSION=$CLI_VERSION" >> $GITHUB_ENV
+          echo "Found $CLI_VERSION"
+        shell: bash
+      - name: Set up Dapr CLI - Mac/Linux
+        if: matrix.os != 'windows-latest'
+        run: wget -q ${{ env.DAPR_INSTALL_URL }}/install.sh -O - | /bin/bash -s ${{ env.DAPR_CLI_VERSION }}
+      - name: Set up Dapr CLI - Windows
+        if: matrix.os == 'windows-latest'
+        run: powershell -Command "\$$script=iwr -useb ${{ env.DAPR_INSTALL_URL }}/install.ps1; \$$block=[ScriptBlock]::Create(\$$script); invoke-command -ScriptBlock \$$block -ArgumentList ${{ env.DAPR_CLI_VERSION }}"     
+      - name: Install Dapr
+        run: |
+          export GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
+          dapr init --runtime-version=${{ env.DAPR_RUNTIME_VERSION }}
+          dapr --version
+      - name: Check out code 
+        uses: actions/checkout@v2
+      - name: Install utilities dependencies
+        run: |
+          echo "PATH=$PATH:$HOME/.local/bin" >> $GITHUB_ENV
+          pip3 install setuptools wheel
+          pip3 install mechanical-markdown
+      - name: Validate Python http Secrets Management
+        run: |
+          pushd secrets_management/python/http
+          make validate
+          popd
+      - name: Validate Python sdk Secrets Management
+        run: |
+          pushd secrets_management/python/sdk
+          make validate
+          popd
+      - name: Validate Javascript http Secrets Management
+        run: |
+          pushd secrets_management/javascript/http
+          make validate
+          popd
+      - name: Validate Javascript sdk Secrets Management
+        run: |
+          pushd secrets_management/javascript/sdk
+          make validate
+          popd
+      - name: Linkcheck README.md
+        run: |
+          make validate        
diff --git a/secrets_management/components/local-secret-store.yaml b/secrets_management/components/local-secret-store.yaml
@@ -0,0 +1,13 @@
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: localsecretstore
+  namespace: default
+spec:
+  type: secretstores.local.file
+  version: v1
+  metadata:
+  - name: secretsFile
+    value: secrets.json
+  - name: nestedSeparator
+    value: ":"
diff --git a/secrets_management/csharp/http/README.md b/secrets_management/csharp/http/README.md
@@ -0,0 +1,48 @@
+# Dapr secrets management (HTTP Client)
+
+In this quickstart, you'll create a microservice to demonstrate Dapr's secrets management API. The service fetches secret from a secret store. See [Why secrets management](#why-secrets-management) to understand when to use this API.
+
+Visit [this](https://docs.dapr.io/developing-applications/building-blocks/secrets/) link for more information about Dapr and Secrets Management.
+
+> **Note:** This example leverages HTTP `requests` only.  If you are looking for the example using the Dapr Client SDK (recommended) [click here](../sdk/).
+
+This quickstart includes one service:
+
+- Dotnet client service `order-processor` 
+
+### Run Dotnet service with Dapr
+
+1. Open a new terminal window and navigate to `order-processor` directory: 
+
+<!-- STEP
+name: Install Dotnet dependencies
+-->
+
+```bash
+cd ./order-processor
+dotnet restore
+dotnet build
+```
+
+<!-- END_STEP -->
+2. Run the Dotnet service app with Dapr: 
+
+<!-- STEP
+name: Run order-processor service
+expected_stdout_lines:
+  - '== APP == Fetched Secret: {"secret":"YourPasskeyHere"}'
+  - "Exited App successfully"
+expected_stderr_lines:
+output_match_mode: substring
+-->
+
+```bash
+cd ./order-processor
+dapr run --app-id order-processor --components-path ../../../components/ -- dotnet run
+```
+
+<!-- END_STEP -->
+
+```bash
+dapr stop --app-id order-processor
+```
diff --git a/secrets_management/csharp/http/makefile b/secrets_management/csharp/http/makefile
@@ -0,0 +1,5 @@
+DOCKER_IMAGE_PREFIX ?=dotnet-http-
+APPS                ?=order-processor
+
+include ../../../docker.mk
+include ../../../validate.mk
diff --git a/secrets_management/csharp/http/order-processor/Program.cs b/secrets_management/csharp/http/order-processor/Program.cs
@@ -0,0 +1,15 @@
+using System.Text;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+
+var baseURL = (Environment.GetEnvironmentVariable("BASE_URL") ?? "http://localhost") + ":" 
++ (Environment.GetEnvironmentVariable("DAPR_HTTP_PORT") ?? "3500");
+const string DAPR_SECRET_STORE = "localsecretstore";
+const string SECRET_NAME = "secret";
+
+var httpClient = new HttpClient();
+httpClient.DefaultRequestHeaders.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));
+
+// Get secret from a local secret store
+var secret = await httpClient.GetStringAsync($"{baseURL}/v1.0/secrets/{DAPR_SECRET_STORE}/{SECRET_NAME}");
+Console.WriteLine("Fetched Secret: " + secret);
diff --git a/secrets_management/csharp/http/order-processor/Program.csproj b/secrets_management/csharp/http/order-processor/Program.csproj
@@ -0,0 +1,10 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>net6.0</TargetFramework>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+  </PropertyGroup>
+
+</Project>
diff --git a/secrets_management/csharp/http/order-processor/secrets.json b/secrets_management/csharp/http/order-processor/secrets.json
@@ -0,0 +1,3 @@
+{
+    "secret": "YourPasskeyHere"
+}
diff --git a/secrets_management/csharp/sdk/README.md b/secrets_management/csharp/sdk/README.md
@@ -0,0 +1,48 @@
+# Dapr secrets management
+
+In this quickstart, you'll create a microservice to demonstrate Dapr's secrets management API. The service fetches secret from a secret store. See [Why secrets management](#why-secrets-management) to understand when to use this API.
+
+Visit [this](https://docs.dapr.io/developing-applications/building-blocks/secrets/) link for more information about Dapr and Secrets Management.
+
+> **Note:** This example leverages the Dapr client SDK.  If you are looking for the example using only HTTP [click here](../http).
+
+This quickstart includes one service:
+
+- Dotnet client service `order-processor` 
+
+### Run Dotnet service with Dapr
+
+1. Open a new terminal window and navigate to `order-processor` directory: 
+
+<!-- STEP
+name: Install Dotnet dependencies
+-->
+
+```bash
+cd ./order-processor
+dotnet restore
+dotnet build
+```
+
+<!-- END_STEP -->
+2. Run the Dotnet service app with Dapr: 
+
+<!-- STEP
+name: Run order-processor service
+expected_stdout_lines:
+  - '== APP == Fetched Secret: [secret, YourPasskeyHere]'
+  - "Exited App successfully"
+expected_stderr_lines:
+output_match_mode: substring
+-->
+
+```bash
+cd ./order-processor
+dapr run --app-id order-processor --components-path ../../../components/ -- dotnet run
+```
+
+<!-- END_STEP -->
+
+```bash
+dapr stop --app-id order-processor
+```
diff --git a/secrets_management/csharp/sdk/makefile b/secrets_management/csharp/sdk/makefile
@@ -0,0 +1,5 @@
+DOCKER_IMAGE_PREFIX ?=dotnet-sdk-
+APPS                ?=order-processor
+
+include ../../../docker.mk
+include ../../../validate.mk
diff --git a/secrets_management/csharp/sdk/order-processor/Program.cs b/secrets_management/csharp/sdk/order-processor/Program.cs
@@ -0,0 +1,11 @@
+using System;
+using Dapr.Client;
+
+const string DAPR_SECRET_STORE = "localsecretstore";
+const string SECRET_NAME = "secret";
+var client = new DaprClientBuilder().Build();
+
+// Get secret from a local secret store
+var secret = await client.GetSecretAsync(DAPR_SECRET_STORE, SECRET_NAME);
+var secretValue = string.Join(", ", secret);
+Console.WriteLine($"Fetched Secret: {secretValue}");
diff --git a/secrets_management/csharp/sdk/order-processor/Program.csproj b/secrets_management/csharp/sdk/order-processor/Program.csproj
@@ -0,0 +1,12 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>net6.0</TargetFramework>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Dapr.AspNetCore" Version="1.5.0" />
+  </ItemGroup>
+
+</Project>
diff --git a/secrets_management/csharp/sdk/order-processor/secrets.json b/secrets_management/csharp/sdk/order-processor/secrets.json
@@ -0,0 +1,3 @@
+{
+    "secret": "YourPasskeyHere"
+}
diff --git a/secrets_management/javascript/http/.gitignore b/secrets_management/javascript/http/.gitignore
@@ -0,0 +1,5 @@
+##lint files
+*.cjs
+
+##node modules
+node_modules
diff --git a/secrets_management/javascript/http/README.md b/secrets_management/javascript/http/README.md
@@ -0,0 +1,47 @@
+# Dapr secrets management (HTTP Client)
+
+In this quickstart, you'll create a microservice to demonstrate Dapr's secrets management API. The service fetches secret from a secret store. See [Why secrets management](#why-secrets-management) to understand when to use this API.
+
+Visit [this](https://docs.dapr.io/developing-applications/building-blocks/secrets/) link for more information about Dapr and Secrets Management.
+
+> **Note:** This example leverages HTTP `requests` only.  If you are looking for the example using the Dapr Client SDK (recommended) [click here](../sdk/).
+
+This quickstart includes one service:
+
+- Node client service `order-processor` 
+
+### Run Node service with Dapr
+
+1. Navigate to folder and install dependencies: 
+
+<!-- STEP
+name: Install Node dependencies
+-->
+
+```bash
+cd ./order-processor
+npm install
+```
+<!-- END_STEP -->
+
+2. Run the Node service app with Dapr: 
+
+<!-- STEP
+name: Run Node publisher
+expected_stdout_lines:
+  - "== APP == Fetched Secret:  { secret: 'YourPasskeyHere' }"
+  - "Exited App successfully"
+expected_stderr_lines:
+working_dir: ./order-processor
+output_match_mode: substring
+-->
+
+```bash
+dapr run --app-id order-processor --components-path ../../../components/ -- npm start
+```
+
+<!-- END_STEP -->
+
+```bash
+dapr stop --app-id order-processor
+```
diff --git a/secrets_management/javascript/http/makefile b/secrets_management/javascript/http/makefile
@@ -0,0 +1,5 @@
+DOCKER_IMAGE_PREFIX ?=javascript-http-
+APPS                ?=order-processor
+
+include ../../../docker.mk
+include ../../../validate.mk
diff --git a/secrets_management/javascript/http/order-processor/index.js b/secrets_management/javascript/http/order-processor/index.js
@@ -0,0 +1,14 @@
+import axios from "axios";
+
+const DAPR_HOST = process.env.DAPR_HOST || "http://localhost";
+const DAPR_HTTP_PORT = process.env.DAPR_HTTP_PORT || "3500";
+const DAPR_SECRET_STORE = "localsecretstore";
+const SECRET_NAME = "secret";
+
+async function main() {
+  // Get secret from a local secret store
+  const secret = await axios.get(`${DAPR_HOST}:${DAPR_HTTP_PORT}/v1.0/secrets/${DAPR_SECRET_STORE}/${SECRET_NAME}`);
+  console.log("Fetched Secret: ", secret.data);
+}
+
+main().catch(e => console.error(e))