Skip to content

Latest commit

 

History

History
 
 

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 

Spring Cloud Azure Config Conversion Sample client library for Java

This sample shows how to convert a Spring Cloud Application with Cosmos DB to be using App Configuration + Key Vault

Key concepts

Getting started

Quick Start

Create an Azure Cosmos DB on Azure

  1. Use the Azure CLI az cosmosdb create.

    az cosmosdb create --name my-cosmos-db --resource-group MyResourceGroup
    

    This operation will return json, among them is a documentEndpoint, record this.

    {
      ...
      "documentEndpoint": "https://my-cosmos.documents.azure.com:443/",
      ...
    }
    
  2. Then use the az cosmosdb keys list.

    az cosmosdb keys list --name my-cosmos-db -g MyResourceGroup
    

    Record the primaryMasterKey.

    {
      "primaryMasterKey": "...",
      "primaryReadonlyMasterKey": "...",
      "secondaryMasterKey": "...",
      "secondaryReadonlyMasterKey": "..."
    }
    

Clone the sample Project

In this section, you clone a containerized Spring Boot application and test it locally.

  1. Open a command prompt or terminal window and create a local directory to hold your Spring Boot application, and change to that directory; for example:

    md C:\SpringBoot
    cd C:\SpringBoot

    -- or --

    md /users/robert/SpringBoot
    cd /users/robert/SpringBoot
  2. Clone the [Spring Boot on Docker Getting Started] sample project into the directory you created; for example:

    git clone https://github.com/Azure-Samples/azure-spring-boot-samples.git
  3. Change directory to the initial project; for example:

    cd azure-spring-boot-samples/azure-appconfiguration-convert-sample-initial

Config the sample

  1. Navigate to src/main/resources and open application.properties.

  2. Replace below properties in application.properties with information from your database.

    spring.cloud.azure.cosmos.endpoint=${COSMOS-URL}
    spring.cloud.azure.cosmos.key=${COSMOS-KEY}
    spring.cloud.azure.cosmos.database=${COSMOS-DATABASENAME}

Run the sample

  1. Build the JAR file using Maven; for example:

    mvn clean package
  2. When the web app has been created, start the web app using Maven; for example:

    mvn spring-boot:run
  3. View the results in the console.

  4. You should see the following message displayed: findOne in User collection get result: testFirstName

Convert to Using App Configuration

  1. Use the Azure CLI az keyvault create

    az keyvault create --name myVaultName -g MyResourceGroup
    
  2. Use the Azure CLI az ad sp

    az ad sp create-for-rbac -n "http://mySP" --sdk-auth
    

    This operation returns a series of key/value pairs:

    {
    "clientId": "7da18cae-779c-41fc-992e-0527854c6583",
    "clientSecret": "[generated client secret]",
    "subscriptionId": "443e30da-feca-47c4-b68f-1636b75e16b3",
    "tenantId": "35ad10f1-7799-4766-9acf-f2d946161b77",
    "activeDirectoryEndpointUrl": "https://login.microsoftonline.com",
    "resourceManagerEndpointUrl": "https://management.azure.com/",
    "activeDirectoryGraphResourceId": "https://graph.windows.net/",
    "sqlManagementEndpointUrl": "https://management.core.windows.net:8443/",
    "galleryEndpointUrl": "https://gallery.azure.com/",
    "managementEndpointUrl": "https://management.core.windows.net/"
    }
  3. Run the following command to let the service principal access your key vault:

    az keyvault set-policy -n <your-unique-keyvault-name> --spn <clientId-of-your-service-principal> --secret-permissions delete get
  4. Use the Azure CLI az appconfig create

    az appconfig create -n myAppconfigName -g MyResourceGroup -l westus --sku Standard
    
  5. Run the following command to get your object-id, then add it to App Configuration.

    az ad sp show --id <clientId-of-your-service-principal>
    az role assignment create --role "App Configuration Data Reader" --assignee-object-id <objectId-of-your-service-principal> --resource-group <your-resource-group>
  6. Create the following environment variables, using the values for the service principal that were displayed in the previous step:

    • AZURE_CLIENT_ID: clientId
    • AZURE_CLIENT_SECRET: clientSecret
    • AZURE_TENANT_ID: tenantId
  7. Upload your Cosmos DB key to Key Vault.

    az keyvault secret set --vault-name myVaultName --name "COSMOSDB-KEY" --value your-cosmosdb-key
    
  8. Upload your Configurations Cosmos DB name and URI to App Configuration

    az appconfig kv set --name myConfigStoreName --key "/application/azure.cosmos.database" --value your-cosmos-db-databasename --yes
    az appconfig kv set --name myConfigStoreName --key "/application/azure.cosmos.uri" --value your-cosmosdb-uri  --yes
    
  9. Add a Key Vault Reference to App Configuration, make sure to update the uri with your config store name.

    az appconfig kv set-keyvault --name myConfigStoreName --key "/application/azure.cosmos.key" --secret-identifier https://myVaultName.vault.azure.net/secrets/COSMOSDB-KEY --yes
    
  10. Delete application.propertes from src/main/resources.

  11. Create a new file called bootstrap.properties in src/main/resources, and add the following.

    spring.cloud.azure.appconfiguration.stores[0].endpoint=https://{my-configstore-name}.azconfig.io
  12. Update the pom.xml file to now include.

    <dependency>
     <groupId>com.azure.spring</groupId>
     <artifactId>azure-spring-cloud-appconfiguration-config</artifactId>
     <version>2.3.0</version>
    </dependency>
  13. Create a new file called AzureCredentials.java and add the code below.

    /*
     * Copyright (c) Microsoft Corporation. All rights reserved.
     * Licensed under the MIT License. See LICENSE in the project root for
     * license information.
     */
    package sample.convert;
    
    import com.azure.core.credential.TokenCredential;
    import com.azure.identity.EnvironmentCredentialBuilder;
    import com.microsoft.azure.spring.cloud.config.AppConfigurationCredentialProvider;
    import com.microsoft.azure.spring.cloud.config.KeyVaultCredentialProvider;
    
    public class AzureCredentials implements AppConfigurationCredentialProvider, KeyVaultCredentialProvider{
    
        @Override
        public TokenCredential getKeyVaultCredential(String uri) {
            return getCredential();
        }
    
        @Override
        public TokenCredential getAppConfigCredential(String uri) {
            return getCredential();
        }
    
        private TokenCredential getCredential() {
            return new EnvironmentCredentialBuilder().build();
        }
    
    }
    1. Create a new file called AppConfiguration.java. And add the code below.
    /*
     * Copyright (c) Microsoft Corporation. All rights reserved.
     * Licensed under the MIT License. See LICENSE in the project root for
     * license information.
     */
    package sample.convert;
    
    import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;
    
    @Configuration
    public class AppConfiguration {
    
        @Bean
        public AzureCredentials azureCredentials() {
            return new AzureCredentials();
        }
    }
  14. Create a new folder in your resources directory called META-INF. Then in that folder create a file called spring.factories and add.

    org.springframework.cloud.bootstrap.BootstrapConfiguration=\
    sample.convert.AppConfiguration
    

Run the updated sample

  1. Build the JAR file using Maven; for example:

    mvn clean package
  2. When the web app has been created, start the web app using Maven; for example:

    mvn spring-boot:run
  3. View the results in the console.

  4. You should see the following message displayed: findOne in User collection get result: testFirstName

Examples

Troubleshooting

Next steps

Contributing