-
Notifications
You must be signed in to change notification settings - Fork 523
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added secrets management examples with the workflow (#653)
* Added secrets management examples with the workflow Signed-off-by: Amulya Varote <amulyavarote@microsoft.com> * Fixed syntax error for validation Signed-off-by: Amulya Varote <amulyavarote@microsoft.com> * Increased time of the rollouts - distributed calc eg using k8s Signed-off-by: Amulya Varote <amulyavarote@microsoft.com> * Changed hello-kubernetes readme Signed-off-by: Amulya Varote <amulyavarote@microsoft.com> * Changes based on the review comments Signed-off-by: Amulya Varote <amulyavarote@microsoft.com> * Resolved merge conflicts Signed-off-by: Amulya Varote <amulyavarote@microsoft.com> * Removed k8s installation from secrets mgnt Signed-off-by: Amulya Varote <amulyavarote@microsoft.com> * Removed dapr k8s installation from secrets mgnt Signed-off-by: Amulya Varote <amulyavarote@microsoft.com>
- Loading branch information
1 parent
017da7d
commit cf3054f
Showing
38 changed files
with
3,503 additions
and
1 deletion.
There are no files selected for viewing
106 changes: 106 additions & 0 deletions
106
.github/workflows/validate_new_quickstarts_secrets_management.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,106 @@ | ||
# | ||
# Copyright 2021 The Dapr Authors | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
# | ||
|
||
name: Validate Secrets Management | ||
|
||
on: | ||
workflow_dispatch: | ||
push: | ||
branches: | ||
- master | ||
- feature/new_quickstarts | ||
- release-* | ||
tags: | ||
- v* | ||
pull_request: | ||
branches: | ||
- master | ||
- feature/new_quickstarts | ||
- release-* | ||
jobs: | ||
deploy: | ||
name: Validate quickstarts on ${{ matrix.os }} | ||
runs-on: ${{ matrix.os }} | ||
env: | ||
DAPR_INSTALL_URL: https://raw.githubusercontent.com/dapr/cli/master/install | ||
GOVER: 1.17 | ||
KUBERNETES_VERSION: v1.21.1 | ||
KIND_VERSION: v0.11.0 | ||
KIND_IMAGE_SHA: sha256:69860bda5563ac81e3c0057d654b5253219618a22ec3a346306239bba8cfa1a6 | ||
strategy: | ||
matrix: | ||
os: [ubuntu-latest, macos-latest] | ||
steps: | ||
- name: Install docker - MacOS | ||
if: matrix.os == 'macos-latest' | ||
uses: docker-practice/actions-setup-docker@1.0.8 | ||
with: | ||
docker_buildx: false | ||
docker_version: 20.10 | ||
- name: Set up Go ${{ env.GOVER }} | ||
uses: actions/setup-go@v2 | ||
with: | ||
go-version: ${{ env.GOVER }} | ||
- name: Determine latest Dapr Runtime version including Pre-releases | ||
run: | | ||
helm repo add dapr https://dapr.github.io/helm-charts/ && helm repo update && export RUNTIME_VERSION=$(helm search repo dapr/dapr --devel --versions | awk '/dapr\/dapr/ {print $3; exit}' ) | ||
echo "DAPR_RUNTIME_VERSION=$RUNTIME_VERSION" >> $GITHUB_ENV | ||
echo "Found $RUNTIME_VERSION" | ||
shell: bash | ||
- name: Determine latest Dapr Cli version including Pre-releases | ||
run: | | ||
export CLI_VERSION=$(curl "https://api.github.com/repos/dapr/cli/releases?per_page=1&page=1" --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' | jq '.[0].tag_name'| tr -d '",v') | ||
echo "DAPR_CLI_VERSION=$CLI_VERSION" >> $GITHUB_ENV | ||
echo "Found $CLI_VERSION" | ||
shell: bash | ||
- name: Set up Dapr CLI - Mac/Linux | ||
if: matrix.os != 'windows-latest' | ||
run: wget -q ${{ env.DAPR_INSTALL_URL }}/install.sh -O - | /bin/bash -s ${{ env.DAPR_CLI_VERSION }} | ||
- name: Set up Dapr CLI - Windows | ||
if: matrix.os == 'windows-latest' | ||
run: powershell -Command "\$$script=iwr -useb ${{ env.DAPR_INSTALL_URL }}/install.ps1; \$$block=[ScriptBlock]::Create(\$$script); invoke-command -ScriptBlock \$$block -ArgumentList ${{ env.DAPR_CLI_VERSION }}" | ||
- name: Install Dapr | ||
run: | | ||
export GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} | ||
dapr init --runtime-version=${{ env.DAPR_RUNTIME_VERSION }} | ||
dapr --version | ||
- name: Check out code | ||
uses: actions/checkout@v2 | ||
- name: Install utilities dependencies | ||
run: | | ||
echo "PATH=$PATH:$HOME/.local/bin" >> $GITHUB_ENV | ||
pip3 install setuptools wheel | ||
pip3 install mechanical-markdown | ||
- name: Validate Python http Secrets Management | ||
run: | | ||
pushd secrets_management/python/http | ||
make validate | ||
popd | ||
- name: Validate Python sdk Secrets Management | ||
run: | | ||
pushd secrets_management/python/sdk | ||
make validate | ||
popd | ||
- name: Validate Javascript http Secrets Management | ||
run: | | ||
pushd secrets_management/javascript/http | ||
make validate | ||
popd | ||
- name: Validate Javascript sdk Secrets Management | ||
run: | | ||
pushd secrets_management/javascript/sdk | ||
make validate | ||
popd | ||
- name: Linkcheck README.md | ||
run: | | ||
make validate |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
apiVersion: dapr.io/v1alpha1 | ||
kind: Component | ||
metadata: | ||
name: localsecretstore | ||
namespace: default | ||
spec: | ||
type: secretstores.local.file | ||
version: v1 | ||
metadata: | ||
- name: secretsFile | ||
value: secrets.json | ||
- name: nestedSeparator | ||
value: ":" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
# Dapr secrets management (HTTP Client) | ||
|
||
In this quickstart, you'll create a microservice to demonstrate Dapr's secrets management API. The service fetches secret from a secret store. See [Why secrets management](#why-secrets-management) to understand when to use this API. | ||
|
||
Visit [this](https://docs.dapr.io/developing-applications/building-blocks/secrets/) link for more information about Dapr and Secrets Management. | ||
|
||
> **Note:** This example leverages HTTP `requests` only. If you are looking for the example using the Dapr Client SDK (recommended) [click here](../sdk/). | ||
This quickstart includes one service: | ||
|
||
- Dotnet client service `order-processor` | ||
|
||
### Run Dotnet service with Dapr | ||
|
||
1. Open a new terminal window and navigate to `order-processor` directory: | ||
|
||
<!-- STEP | ||
name: Install Dotnet dependencies | ||
--> | ||
|
||
```bash | ||
cd ./order-processor | ||
dotnet restore | ||
dotnet build | ||
``` | ||
|
||
<!-- END_STEP --> | ||
2. Run the Dotnet service app with Dapr: | ||
|
||
<!-- STEP | ||
name: Run order-processor service | ||
expected_stdout_lines: | ||
- '== APP == Fetched Secret: {"secret":"YourPasskeyHere"}' | ||
- "Exited App successfully" | ||
expected_stderr_lines: | ||
output_match_mode: substring | ||
--> | ||
|
||
```bash | ||
cd ./order-processor | ||
dapr run --app-id order-processor --components-path ../../../components/ -- dotnet run | ||
``` | ||
|
||
<!-- END_STEP --> | ||
|
||
```bash | ||
dapr stop --app-id order-processor | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
DOCKER_IMAGE_PREFIX ?=dotnet-http- | ||
APPS ?=order-processor | ||
|
||
include ../../../docker.mk | ||
include ../../../validate.mk |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
using System.Text; | ||
using System.Text.Json; | ||
using System.Text.Json.Serialization; | ||
|
||
var baseURL = (Environment.GetEnvironmentVariable("BASE_URL") ?? "http://localhost") + ":" | ||
+ (Environment.GetEnvironmentVariable("DAPR_HTTP_PORT") ?? "3500"); | ||
const string DAPR_SECRET_STORE = "localsecretstore"; | ||
const string SECRET_NAME = "secret"; | ||
|
||
var httpClient = new HttpClient(); | ||
httpClient.DefaultRequestHeaders.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json")); | ||
|
||
// Get secret from a local secret store | ||
var secret = await httpClient.GetStringAsync($"{baseURL}/v1.0/secrets/{DAPR_SECRET_STORE}/{SECRET_NAME}"); | ||
Console.WriteLine("Fetched Secret: " + secret); |
10 changes: 10 additions & 0 deletions
10
secrets_management/csharp/http/order-processor/Program.csproj
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
<Project Sdk="Microsoft.NET.Sdk"> | ||
|
||
<PropertyGroup> | ||
<OutputType>Exe</OutputType> | ||
<TargetFramework>net6.0</TargetFramework> | ||
<Nullable>enable</Nullable> | ||
<ImplicitUsings>enable</ImplicitUsings> | ||
</PropertyGroup> | ||
|
||
</Project> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
{ | ||
"secret": "YourPasskeyHere" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
# Dapr secrets management | ||
|
||
In this quickstart, you'll create a microservice to demonstrate Dapr's secrets management API. The service fetches secret from a secret store. See [Why secrets management](#why-secrets-management) to understand when to use this API. | ||
|
||
Visit [this](https://docs.dapr.io/developing-applications/building-blocks/secrets/) link for more information about Dapr and Secrets Management. | ||
|
||
> **Note:** This example leverages the Dapr client SDK. If you are looking for the example using only HTTP [click here](../http). | ||
This quickstart includes one service: | ||
|
||
- Dotnet client service `order-processor` | ||
|
||
### Run Dotnet service with Dapr | ||
|
||
1. Open a new terminal window and navigate to `order-processor` directory: | ||
|
||
<!-- STEP | ||
name: Install Dotnet dependencies | ||
--> | ||
|
||
```bash | ||
cd ./order-processor | ||
dotnet restore | ||
dotnet build | ||
``` | ||
|
||
<!-- END_STEP --> | ||
2. Run the Dotnet service app with Dapr: | ||
|
||
<!-- STEP | ||
name: Run order-processor service | ||
expected_stdout_lines: | ||
- '== APP == Fetched Secret: [secret, YourPasskeyHere]' | ||
- "Exited App successfully" | ||
expected_stderr_lines: | ||
output_match_mode: substring | ||
--> | ||
|
||
```bash | ||
cd ./order-processor | ||
dapr run --app-id order-processor --components-path ../../../components/ -- dotnet run | ||
``` | ||
|
||
<!-- END_STEP --> | ||
|
||
```bash | ||
dapr stop --app-id order-processor | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
DOCKER_IMAGE_PREFIX ?=dotnet-sdk- | ||
APPS ?=order-processor | ||
|
||
include ../../../docker.mk | ||
include ../../../validate.mk |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
using System; | ||
using Dapr.Client; | ||
|
||
const string DAPR_SECRET_STORE = "localsecretstore"; | ||
const string SECRET_NAME = "secret"; | ||
var client = new DaprClientBuilder().Build(); | ||
|
||
// Get secret from a local secret store | ||
var secret = await client.GetSecretAsync(DAPR_SECRET_STORE, SECRET_NAME); | ||
var secretValue = string.Join(", ", secret); | ||
Console.WriteLine($"Fetched Secret: {secretValue}"); |
12 changes: 12 additions & 0 deletions
12
secrets_management/csharp/sdk/order-processor/Program.csproj
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
<Project Sdk="Microsoft.NET.Sdk"> | ||
|
||
<PropertyGroup> | ||
<OutputType>Exe</OutputType> | ||
<TargetFramework>net6.0</TargetFramework> | ||
</PropertyGroup> | ||
|
||
<ItemGroup> | ||
<PackageReference Include="Dapr.AspNetCore" Version="1.5.0" /> | ||
</ItemGroup> | ||
|
||
</Project> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
{ | ||
"secret": "YourPasskeyHere" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
##lint files | ||
*.cjs | ||
|
||
##node modules | ||
node_modules |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
# Dapr secrets management (HTTP Client) | ||
|
||
In this quickstart, you'll create a microservice to demonstrate Dapr's secrets management API. The service fetches secret from a secret store. See [Why secrets management](#why-secrets-management) to understand when to use this API. | ||
|
||
Visit [this](https://docs.dapr.io/developing-applications/building-blocks/secrets/) link for more information about Dapr and Secrets Management. | ||
|
||
> **Note:** This example leverages HTTP `requests` only. If you are looking for the example using the Dapr Client SDK (recommended) [click here](../sdk/). | ||
This quickstart includes one service: | ||
|
||
- Node client service `order-processor` | ||
|
||
### Run Node service with Dapr | ||
|
||
1. Navigate to folder and install dependencies: | ||
|
||
<!-- STEP | ||
name: Install Node dependencies | ||
--> | ||
|
||
```bash | ||
cd ./order-processor | ||
npm install | ||
``` | ||
<!-- END_STEP --> | ||
|
||
2. Run the Node service app with Dapr: | ||
|
||
<!-- STEP | ||
name: Run Node publisher | ||
expected_stdout_lines: | ||
- "== APP == Fetched Secret: { secret: 'YourPasskeyHere' }" | ||
- "Exited App successfully" | ||
expected_stderr_lines: | ||
working_dir: ./order-processor | ||
output_match_mode: substring | ||
--> | ||
|
||
```bash | ||
dapr run --app-id order-processor --components-path ../../../components/ -- npm start | ||
``` | ||
|
||
<!-- END_STEP --> | ||
|
||
```bash | ||
dapr stop --app-id order-processor | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
DOCKER_IMAGE_PREFIX ?=javascript-http- | ||
APPS ?=order-processor | ||
|
||
include ../../../docker.mk | ||
include ../../../validate.mk |
14 changes: 14 additions & 0 deletions
14
secrets_management/javascript/http/order-processor/index.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
import axios from "axios"; | ||
|
||
const DAPR_HOST = process.env.DAPR_HOST || "http://localhost"; | ||
const DAPR_HTTP_PORT = process.env.DAPR_HTTP_PORT || "3500"; | ||
const DAPR_SECRET_STORE = "localsecretstore"; | ||
const SECRET_NAME = "secret"; | ||
|
||
async function main() { | ||
// Get secret from a local secret store | ||
const secret = await axios.get(`${DAPR_HOST}:${DAPR_HTTP_PORT}/v1.0/secrets/${DAPR_SECRET_STORE}/${SECRET_NAME}`); | ||
console.log("Fetched Secret: ", secret.data); | ||
} | ||
|
||
main().catch(e => console.error(e)) |
Oops, something went wrong.