Support for GetSecret + ITs + sample. (dapr#249)

Author: artursouza

.github/workflows/build.yml

@@ -17,15 +17,15 @@ jobs:
   build:
     runs-on: ubuntu-latest
     env:
-      GOVER: 1.13.7
+      GOVER: 1.14.0
       GOOS: linux
       GOARCH: amd64
       GOPROXY: https://proxy.golang.org
       JDK_VER: 13.0.x
       DAPR_RUNTIME_VER: 0.4.0-rc.1
       DAPR_INSTALL_URL: https://raw.githubusercontent.com/dapr/cli/f84566fb2bf5a599252ab9d6bd82fc78faf94dba/install/install.sh
-      DAPR_CLI_REF:
-      DAPR_REF:
+      DAPR_CLI_REF: eb76cbf2200058f849814649f23212b3247a952c
+      DAPR_REF: 034b82ebfbb7c76e5801ae6d90c2edd29f629df8
       OSSRH_USER_TOKEN: ${{ secrets.OSSRH_USER_TOKEN }}
       OSSRH_PWD_TOKEN: ${{ secrets.OSSRH_PWD_TOKEN }}
       GPG_KEY: ${{ secrets.GPG_KEY }}
@@ -40,7 +40,7 @@ jobs:
       run: wget -q ${{ env.DAPR_INSTALL_URL }} -O - | /bin/bash
     - name: Set up Go ${{ env.GOVER }}
       if: env.DAPR_REF != '' || env.DAPR_CLI_REF != ''
-      uses: actions/setup-go@v1
+      uses: actions/setup-go@v2-beta
       with:
         go-version: ${{ env.GOVER }}
     - name: Checkout Dapr CLI repo to override dapr command.
@@ -80,6 +80,12 @@ jobs:
       run: |
         docker-compose -f ./sdk-tests/deploy/local-test-kafka.yml up -d
         docker ps
+    - name: Install Local Hashicorp Vault using docker-compose
+      run: |
+        docker-compose -f ./sdk-tests/deploy/local-test-vault.yml up -d
+        docker ps
+    - name: Setup Vault's test token
+      run: echo myroot > /tmp/.hashicorp_vault_token
     - name: Clean up files
       run: mvn clean
     - name: Build sdk

examples/.hashicorp_vault_token

@@ -0,0 +1 @@
+myroot

examples/components/hashicorp_vault.yaml

@@ -0,0 +1,15 @@
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: vault
+spec:
+  type: secretstores.hashicorp.vault
+  metadata:
+  - name: vaultAddr
+    value: "http://127.0.0.1:8200"
+  - name: skipVerify
+    value : true
+  - name: vaultTokenMountPath
+    value : ".hashicorp_vault_token"
+  - name: vaultKVPrefix
+    value : "dapr"

examples/src/main/java/io/dapr/examples/secrets/README.md

@@ -0,0 +1,112 @@
+# Dapr's Secret Store Sample
+
+In this sample, we'll see how to retrieve a secret using Dapr's Java SDK. 
+This sample includes two files:
+
+* docker-compose-vault.yml (Starts Hashicorp's Vault as a container)
+* SecretClient.java (Reads a secret from Dapr's Secret Store)
+* Existing Dapr component file in `< repo dir >/examples/components/hashicorp_vault.yaml`
+* Existing token file in `< repo dir >/examples/.hashicorp_vault_token` (Consumed by `daprd`'s vault component above)
+
+Visit [this](https://github.com/dapr/docs/tree/master/concepts/secrets) link for more information about secret stores in Dapr.
+ 
+## Secret store sample using the Java-SDK
+
+In this example, the component used is Hashicorp Vault, but others are also available.
+
+Visit [this](https://github.com/dapr/components-contrib/tree/master/secretstores) link for more information about secret stores implementations.
+
+
+## Pre-requisites
+
+* [Dapr and Dapr Cli](https://github.com/dapr/docs/blob/master/getting-started/environment-setup.md#environment-setup).
+* Java JDK 11 (or greater): [Oracle JDK](https://www.oracle.com/technetwork/java/javase/downloads/index.html#JDK11) or [OpenJDK](https://jdk.java.net/13/).
+* [Apache Maven](https://maven.apache.org/install.html) version 3.x.
+* Hashicorp's vault client [installed](https://www.vaultproject.io/docs/install/).
+
+### Checking out the code
+
+Clone this repository:
+
+```sh
+git clone https://github.com/dapr/java-sdk.git
+cd java-sdk
+```
+
+Then build the Maven project:
+
+```sh
+# make sure you are in the `java-sdk` directory.
+mvn install
+```
+### Setting Vault locally
+
+Before getting into the application code, follow these steps in order to setup a local instance of Vault. This is needed for the local instances. Steps are:
+
+1. navigate to the [repo-root] with `cd java-sdk`
+2. Run `docker-compose -f ./examples/src/main/java/io/dapr/examples/secrets/docker-compose-vault.yml up -d` to run the container locally
+3. Run `docker ps` to see the container running locally: 
+
+```bash
+342d3522ca14        vault                      "docker-entrypoint.s…"         34 seconds ago        Up About
+a minute   0.0.0.0:8200->8200/tcp                               secrets_hashicorp_vault_1
+```
+Click [here](https://hub.docker.com/_/vault/) for more information about the container image for Hashicorp's Vault.
+
+### Create a secret in Vault
+Dapr's API for secret store only support read operations. For this sample to run, we will first create a secret via the Vault's cli commands:
+
+1. Login:
+```bash
+vault login myroot
+```
+
+2. Create secret (replace `[my favorite movie]` with a title of our choice):
+```bash
+vault kv put secret/dapr/movie title="[my favorite movie]"
+```
+
+In the command above, `secret` means the secret engine in Hashicorp's Vault.
+Then, `dapr` is the prefix as defined in `< repo dir >/examples/components/hashicorp_vault.yaml`.
+Finally, `movie` is the secret name and then a `key=value` pair.
+
+A secret in dapr is a dictionary. In this sample, only one key-value pair is used but more can be added as an exercise for the reader.
+
+### Running the secret store sample
+
+The example's main function is in `SecretClient.java`.
+
+```java
+public class SecretClient {
+
+  private static final String SECRET_STORE_NAME = "vault";
+  
+  ///...
+
+  public static void main(String[] args) throws Exception {
+    ///...
+    String secretKey = args[0];
+    DaprClient client = (new DaprClientBuilder()).build();
+    Map<String, String> secret = client.getSecret(SECRET_STORE_NAME, secretKey).block();
+    System.out.println(JSON_SERIALIZER.writeValueAsString(secret));
+  }
+///...
+}
+```
+The program receives one and only one argument: the secret's key to be fetched.
+After identifying the key to be fetched, it will retrieve it from the pre-defined secret store: `vault`.
+The secret store's name **must** match the component's name defined in `< repo dir >/examples/components/hashicorp_vault.yaml`.
+
+ Execute the follow script in order to run the example:
+```sh
+cd to [repo-root]/examples
+dapr run  -- java -jar target/dapr-java-sdk-examples-exec.jar io.dapr.examples.secrets.SecretClient movie
+```
+
+Once running, the program should print the output as follows:
+
+```
+== APP == {"title":"[my favorite movie]"}
+```
+
+Thanks for playing.

examples/src/main/java/io/dapr/examples/secrets/SecretClient.java

@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ */
+
+package io.dapr.examples.secrets;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import io.dapr.client.DaprClient;
+import io.dapr.client.DaprClientBuilder;
+
+import java.util.Map;
+
+/**
+ * 1. Build and install jars:
+ *   mvn clean install
+ * 2. cd to [repo-root]/examples
+ * 3. Add secret to vault:
+ *   vault kv put secret/dapr/movie title="[my favorite movie]"
+ * 4. Read secret from example:
+ *   dapr run  -- java -jar target/dapr-java-sdk-examples-exec.jar io.dapr.examples.secrets.SecretClient movie
+ */
+public class SecretClient {
+
+  /**
+   * Identifier in Dapr for the secret store.
+   */
+  private static final String SECRET_STORE_NAME = "vault";
+
+  /**
+   * JSON Serializer to print output.
+   */
+  private static final ObjectMapper JSON_SERIALIZER = new ObjectMapper();
+
+  /**
+   * Client to read a secret.
+   *
+   * @param args Unused arguments.
+   */
+  public static void main(String[] args) throws Exception {
+    if (args.length != 1) {
+      throw new IllegalArgumentException("Use one argument: secret's key to be retrieved.");
+    }
+
+    String secretKey = args[0];
+    DaprClient client = (new DaprClientBuilder()).build();
+    Map<String, String> secret = client.getSecret(SECRET_STORE_NAME, secretKey).block();
+    System.out.println(JSON_SERIALIZER.writeValueAsString(secret));
+  }
+}

examples/src/main/java/io/dapr/examples/secrets/docker-compose-vault.yml

@@ -0,0 +1,10 @@
+version: '2'
+services:
+  hashicorp_vault:
+    image: vault
+    ports:
+      - "8200:8200"
+    cap_add:
+      - IPC_LOCK
+    environment:
+      VAULT_DEV_ROOT_TOKEN_ID: "myroot"

pom.xml

@@ -17,8 +17,8 @@
     <grpc.version>1.25.0</grpc.version>
     <protobuf.version>3.11.0</protobuf.version>
     <protoc.version>3.10.0</protoc.version>
-    <dapr.proto.url>https://raw.githubusercontent.com/dapr/dapr/v0.4.0/pkg/proto/dapr/dapr.proto</dapr.proto.url>
-    <dapr.client.proto.url>https://raw.githubusercontent.com/dapr/dapr/v0.4.0/pkg/proto/daprclient/daprclient.proto</dapr.client.proto.url>
+    <dapr.proto.url>https://raw.githubusercontent.com/dapr/dapr/3b792de734594463f6a16ce8c952fe2ed96c0dc0/pkg/proto/dapr/dapr.proto</dapr.proto.url>
+    <dapr.client.proto.url>https://raw.githubusercontent.com/dapr/dapr/3b792de734594463f6a16ce8c952fe2ed96c0dc0/pkg/proto/daprclient/daprclient.proto</dapr.client.proto.url>
     <os-maven-plugin.version>1.6.2</os-maven-plugin.version>
     <maven-dependency-plugin.version>3.1.1</maven-dependency-plugin.version>
     <maven-antrun-plugin.version>1.8</maven-antrun-plugin.version>

sdk-tests/components/vault.yaml

@@ -0,0 +1,15 @@
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: vault
+spec:
+  type: secretstores.hashicorp.vault
+  metadata:
+  - name: vaultAddr
+    value: "http://127.0.0.1:8200"
+  - name: skipVerify
+    value : true
+  - name: vaultTokenMountPath
+    value : "/tmp/.hashicorp_vault_token"
+  - name: vaultKVPrefix
+    value : "dapr"

sdk-tests/deploy/local-test-vault.yml

@@ -0,0 +1,10 @@
+version: '2'
+services:
+  hashicorp_vault:
+    image: vault
+    ports:
+      - "8200:8200"
+    cap_add:
+      - IPC_LOCK
+    environment:
+      VAULT_DEV_ROOT_TOKEN_ID: "myroot"

sdk-tests/pom.xml

@@ -65,6 +65,13 @@
       <version>2.2.2.RELEASE</version>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <!-- This is need for us to programmatically add secrets in integration tests. -->
+      <groupId>com.bettercloud</groupId>
+      <artifactId>vault-java-driver</artifactId>
+      <version>5.1.0</version>
+      <scope>test</scope>
+    </dependency>
   </dependencies>
 
   <build>