Skip to content

Latest commit

 

History

History
287 lines (202 loc) · 8.61 KB

Spring Cloud Azure Config Conversion Sample client library for Java

This sample shows how to convert a Spring Cloud Application with Cosmos DB to be using App Configuration + Key Vault

Key concepts

Getting started

Quick Start

Create an Azure Cosmos DB on Azure

  1. Use the Azure CLI az cosmosdb create.

    az cosmosdb create --name my-cosmos-db --resource-group MyResourceGroup

    This operation will return json, among them is a documentEndpoint, record this.

    {
  ...
  "documentEndpoint": "https://my-cosmos.documents.azure.com:443/",
  ...
}

  2. Then use the az cosmosdb keys list.

    az cosmosdb keys list --name my-cosmos-db -g MyResourceGroup

    Record the primaryMasterKey.

    {
  "primaryMasterKey": "...",
  "primaryReadonlyMasterKey": "...",
  "secondaryMasterKey": "...",
  "secondaryReadonlyMasterKey": "..."
}

Clone the sample Project

In this section, you clone a containerized Spring Boot application and test it locally.

  1. Open a command prompt or terminal window and create a local directory to hold your Spring Boot application, and change to that directory; for example:

    md C:\SpringBoot
cd C:\SpringBoot

    -- or --

    md /users/robert/SpringBoot
cd /users/robert/SpringBoot

  2. Clone the [Spring Boot on Docker Getting Started] sample project into the directory you created; for example:

    git clone https://github.com/Azure-Samples/azure-spring-boot-samples.git

  3. Change directory to the initial project; for example:

    cd azure-spring-boot-samples/azure-appconfiguration-convert-sample-initial

Config the sample

  1. Navigate to src/main/resources and open application.properties.

  2. Replace below properties in application.properties with information from your database.

    spring.cloud.azure.cosmos.endpoint=${COSMOS-URL}
spring.cloud.azure.cosmos.key=${COSMOS-KEY}
spring.cloud.azure.cosmos.database=${COSMOS-DATABASENAME}

Run the sample

  1. Build the JAR file using Maven; for example:

    mvn clean package

  2. When the web app has been created, start the web app using Maven; for example:

    mvn spring-boot:run

  3. View the results in the console.

  4. You should see the following message displayed: findOne in User collection get result: testFirstName

Convert to Using App Configuration

  1. Use the Azure CLI az keyvault create

    az keyvault create --name myVaultName -g MyResourceGroup

  2. Use the Azure CLI az ad sp

    az ad sp create-for-rbac -n "http://mySP" --sdk-auth

    This operation returns a series of key/value pairs:

    {
"clientId": "7da18cae-779c-41fc-992e-0527854c6583",
"clientSecret": "[generated client secret]",
"subscriptionId": "443e30da-feca-47c4-b68f-1636b75e16b3",
"tenantId": "35ad10f1-7799-4766-9acf-f2d946161b77",
"activeDirectoryEndpointUrl": "https://login.microsoftonline.com",
"resourceManagerEndpointUrl": "https://management.azure.com/",
"activeDirectoryGraphResourceId": "https://graph.windows.net/",
"sqlManagementEndpointUrl": "https://management.core.windows.net:8443/",
"galleryEndpointUrl": "https://gallery.azure.com/",
"managementEndpointUrl": "https://management.core.windows.net/"
}

  3. Run the following command to let the service principal access your key vault:

    az keyvault set-policy -n <your-unique-keyvault-name> --spn <clientId-of-your-service-principal> --secret-permissions delete get

  4. Use the Azure CLI az appconfig create

    az appconfig create -n myAppconfigName -g MyResourceGroup -l westus --sku Standard

  5. Run the following command to get your object-id, then add it to App Configuration.

    az ad sp show --id <clientId-of-your-service-principal>
az role assignment create --role "App Configuration Data Reader" --assignee-object-id <objectId-of-your-service-principal> --resource-group <your-resource-group>

  6. Create the following environment variables, using the values for the service principal that were displayed in the previous step:

    • AZURE_CLIENT_ID: clientId
    • AZURE_CLIENT_SECRET: clientSecret
    • AZURE_TENANT_ID: tenantId

  7. Upload your Cosmos DB key to Key Vault.

    az keyvault secret set --vault-name myVaultName --name "COSMOSDB-KEY" --value your-cosmosdb-key

  8. Upload your Configurations Cosmos DB name and URI to App Configuration

    az appconfig kv set --name myConfigStoreName --key "/application/azure.cosmos.database" --value your-cosmos-db-databasename --yes
az appconfig kv set --name myConfigStoreName --key "/application/azure.cosmos.uri" --value your-cosmosdb-uri  --yes

  9. Add a Key Vault Reference to App Configuration, make sure to update the uri with your config store name.

    az appconfig kv set-keyvault --name myConfigStoreName --key "/application/azure.cosmos.key" --secret-identifier https://myVaultName.vault.azure.net/secrets/COSMOSDB-KEY --yes

  10. Delete application.propertes from src/main/resources.

  11. Create a new file called bootstrap.properties in src/main/resources, and add the following.

    spring.cloud.azure.appconfiguration.stores[0].endpoint=https://{my-configstore-name}.azconfig.io

  12. Update the pom.xml file to now include.

    <dependency>
 <groupId>com.azure.spring</groupId>
 <artifactId>azure-spring-cloud-appconfiguration-config</artifactId>
 <version>2.3.0</version>
</dependency>

  13. Create a new file called AzureCredentials.java and add the code below.

    /*
 * Copyright (c) Microsoft Corporation. All rights reserved.
 * Licensed under the MIT License. See LICENSE in the project root for
 * license information.
 */
package sample.convert;

import com.azure.core.credential.TokenCredential;
import com.azure.identity.EnvironmentCredentialBuilder;
import com.microsoft.azure.spring.cloud.config.AppConfigurationCredentialProvider;
import com.microsoft.azure.spring.cloud.config.KeyVaultCredentialProvider;

public class AzureCredentials implements AppConfigurationCredentialProvider, KeyVaultCredentialProvider{

    @Override
    public TokenCredential getKeyVaultCredential(String uri) {
        return getCredential();
    }

    @Override
    public TokenCredential getAppConfigCredential(String uri) {
        return getCredential();
    }

    private TokenCredential getCredential() {
        return new EnvironmentCredentialBuilder().build();
    }

}
    1. Create a new file called AppConfiguration.java. And add the code below.
    /*
 * Copyright (c) Microsoft Corporation. All rights reserved.
 * Licensed under the MIT License. See LICENSE in the project root for
 * license information.
 */
package sample.convert;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class AppConfiguration {

    @Bean
    public AzureCredentials azureCredentials() {
        return new AzureCredentials();
    }
}

  14. Create a new folder in your resources directory called META-INF. Then in that folder create a file called spring.factories and add.

    org.springframework.cloud.bootstrap.BootstrapConfiguration=\
sample.convert.AppConfiguration

Run the updated sample

  1. Build the JAR file using Maven; for example:

    mvn clean package

  2. When the web app has been created, start the web app using Maven; for example:

    mvn spring-boot:run

  3. View the results in the console.

  4. You should see the following message displayed: findOne in User collection get result: testFirstName

Examples

Troubleshooting

Next steps

Contributing