Add web client sample

Author: moarychan

keyvault/spring-cloud-azure-starter-keyvault-jca/keyvault-ssl-bundles-web/README.md

@@ -167,7 +167,7 @@ You can debug your sample by adding the saved output values to the tool's enviro
 1. Send below inbound HTTPS request:
 
    ```bash
-   curl --insecure https://localhost:8443/ssl-test
+   curl --insecure https://localhost:8444/ssl-test
    ```
 
    You will see the following in the console:
@@ -180,7 +180,7 @@ You can debug your sample by adding the saved output values to the tool's enviro
 
    ```bash
 
-   curl --insecure https://localhost:8443/ssl-test-outbound
+   curl --insecure https://localhost:8444/ssl-test-outbound
    ```
 
    you will see console like this:

keyvault/spring-cloud-azure-starter-keyvault-jca/keyvault-ssl-bundles-web/src/main/resources/application.yaml

@@ -5,35 +5,31 @@ spring:
     bundle:
       azure-keyvault:
         keyVaultBundle:
+          keyvault-ref: keyvault1
           key:
             alias: self-signed
-          certificates-refresh-interval: 60s
-        keyVaultBundle2:
-          inherit: false
-          endpoint: ${KEY_VAULT_SSL_BUNDLES_WEB_KEYVAULT_URI_02}
-          profile:
-            tenant-id: ${KEY_VAULT_SSL_BUNDLES_WEB_TENANT_ID}
-          credential:
-            client-id: ${KEY_VAULT_SSL_BUNDLES_WEB_CLIENT_ID}
-            client-secret: ${KEY_VAULT_SSL_BUNDLES_WEB_CLIENT_SECRET}
-          key:
-            alias: tomcat
+          certificates-refresh-interval: 120s
         myLocalBundle:
-          inherit: false
+          keyvault-ref: keyvault2
           certificate-paths:
             custom: "classpath:local-custom"
   cloud:
     azure:
       keyvault:
         jca:
-          endpoint: ${KEY_VAULT_SSL_BUNDLES_WEB_KEYVAULT_URI_01}
           profile:
-            tenant-id: ${KEY_VAULT_SSL_BUNDLES_WEB_TENANT_ID}
+            tenant-id: ${KEY_VAULT_SSL_BUNDLES_TENANT_ID}
           credential:
-            client-id: ${KEY_VAULT_SSL_BUNDLES_WEB_CLIENT_ID}
-            client-secret: ${KEY_VAULT_SSL_BUNDLES_WEB_CLIENT_SECRET}
+            client-id: ${KEY_VAULT_SSL_BUNDLES_CLIENT_ID}
+            client-secret: ${KEY_VAULT_SSL_BUNDLES_CLIENT_SECRET}
+          connections:
+            keyvault1:
+              endpoint: ${KEY_VAULT_SSL_BUNDLES_KEYVAULT_URI_01}
+            keyvault2:
+              endpoint: ${KEY_VAULT_SSL_BUNDLES_KEYVAULT_URI_02}
+
 server:
-  port: 8443
+  port: 8444
   ssl:
     bundle: "keyVaultBundle"
 logging.level:

keyvault/spring-cloud-azure-starter-keyvault-jca/keyvault-ssl-bundles-web/terraform/main.tf

@@ -16,7 +16,12 @@ terraform {
 }
 
 provider "azurerm" {
-  features {}
+  features {
+    key_vault {
+      purge_soft_delete_on_destroy = true  # Purge soft-deleted vaults when destroyed
+      recover_soft_deleted_key_vaults = false  # Don’t recover, we want to destroy
+    }
+  }
 }
 
 data "azuread_client_config" "current" {}

keyvault/spring-cloud-azure-starter-keyvault-jca/keyvault-ssl-bundles-web/terraform/outputs.tf

@@ -1,30 +1,30 @@
-output "KEY_VAULT_SSL_BUNDLES_WEB_KEYVAULT_URI_01" {
+output "KEY_VAULT_SSL_BUNDLES_KEYVAULT_URI_01" {
   value       = azurerm_key_vault.kv_account_01.vault_uri
   description = "The key vault uri 01."
 }
 
-output "KEY_VAULT_SSL_BUNDLES_WEB_KEYVAULT_URI_02" {
+output "KEY_VAULT_SSL_BUNDLES_KEYVAULT_URI_02" {
   value       = azurerm_key_vault.kv_account_02.vault_uri
   description = "The key vault uri 02."
 }
 
-output "KEY_VAULT_SSL_BUNDLES_WEB_TENANT_ID" {
+output "KEY_VAULT_SSL_BUNDLES_TENANT_ID" {
   value = data.azuread_client_config.current.tenant_id
   description = "The tenant id."
 }
 
-output "KEY_VAULT_SSL_BUNDLES_WEB_CLIENT_ID" {
+output "KEY_VAULT_SSL_BUNDLES_CLIENT_ID" {
   value = azuread_application.app.application_id
   description = "The application id of service principal."
 }
 
-output "KEY_VAULT_SSL_BUNDLES_WEB_CLIENT_SECRET" {
+output "KEY_VAULT_SSL_BUNDLES_CLIENT_SECRET" {
   value     = azuread_application_password.service_principal_password.value
   sensitive = true
   description = "The client secret of service principal."
 }
 
-output "KEY_VAULT_SSL_BUNDLES_WEB_RESOURCE_GROUP_NAME" {
+output "KEY_VAULT_SSL_BUNDLES_RESOURCE_GROUP_NAME" {
   value = azurerm_resource_group.main.name
   description = "The resource group name."
 }

keyvault/spring-cloud-azure-starter-keyvault-jca/keyvault-ssl-bundles-web/terraform/setup_env.sh

@@ -1,13 +1,13 @@
-export KEY_VAULT_SSL_BUNDLES_WEB_KEYVAULT_URI_01=$(terraform -chdir=./terraform output -raw KEY_VAULT_SSL_BUNDLES_WEB_KEYVAULT_URI_01)
-export KEY_VAULT_SSL_BUNDLES_WEB_KEYVAULT_URI_02=$(terraform -chdir=./terraform output -raw KEY_VAULT_SSL_BUNDLES_WEB_KEYVAULT_URI_02)
-export KEY_VAULT_SSL_BUNDLES_WEB_TENANT_ID=$(terraform -chdir=./terraform output -raw KEY_VAULT_SSL_BUNDLES_WEB_TENANT_ID)
-export KEY_VAULT_SSL_BUNDLES_WEB_CLIENT_ID=$(terraform -chdir=./terraform output -raw KEY_VAULT_SSL_BUNDLES_WEB_CLIENT_ID)
-export KEY_VAULT_SSL_BUNDLES_WEB_CLIENT_SECRET=$(terraform -chdir=./terraform output -raw KEY_VAULT_SSL_BUNDLES_WEB_CLIENT_SECRET)
-export KEY_VAULT_SSL_BUNDLES_WEB_RESOURCE_GROUP_NAME=$(terraform -chdir=./terraform output -raw KEY_VAULT_SSL_BUNDLES_WEB_RESOURCE_GROUP_NAME)
+export KEY_VAULT_SSL_BUNDLES_KEYVAULT_URI_01=$(terraform -chdir=./terraform output -raw KEY_VAULT_SSL_BUNDLES_KEYVAULT_URI_01)
+export KEY_VAULT_SSL_BUNDLES_KEYVAULT_URI_02=$(terraform -chdir=./terraform output -raw KEY_VAULT_SSL_BUNDLES_KEYVAULT_URI_02)
+export KEY_VAULT_SSL_BUNDLES_TENANT_ID=$(terraform -chdir=./terraform output -raw KEY_VAULT_SSL_BUNDLES_TENANT_ID)
+export KEY_VAULT_SSL_BUNDLES_CLIENT_ID=$(terraform -chdir=./terraform output -raw KEY_VAULT_SSL_BUNDLES_CLIENT_ID)
+export KEY_VAULT_SSL_BUNDLES_CLIENT_SECRET=$(terraform -chdir=./terraform output -raw KEY_VAULT_SSL_BUNDLES_CLIENT_SECRET)
+export KEY_VAULT_SSL_BUNDLES_RESOURCE_GROUP_NAME=$(terraform -chdir=./terraform output -raw KEY_VAULT_SSL_BUNDLES_RESOURCE_GROUP_NAME)
 
-echo KEY_VAULT_SSL_BUNDLES_WEB_KEYVAULT_URI_01=$KEY_VAULT_SSL_BUNDLES_WEB_KEYVAULT_URI_01
-echo KEY_VAULT_SSL_BUNDLES_WEB_KEYVAULT_URI_02=$KEY_VAULT_SSL_BUNDLES_WEB_KEYVAULT_URI_02
-echo KEY_VAULT_SSL_BUNDLES_WEB_TENANT_ID=$KEY_VAULT_SSL_BUNDLES_WEB_TENANT_ID
-echo KEY_VAULT_SSL_BUNDLES_WEB_CLIENT_ID=$KEY_VAULT_SSL_BUNDLES_WEB_CLIENT_ID
-echo KEY_VAULT_SSL_BUNDLES_WEB_CLIENT_SECRET=$KEY_VAULT_SSL_BUNDLES_WEB_CLIENT_SECRET
-echo KEY_VAULT_SSL_BUNDLES_WEB_RESOURCE_GROUP_NAME=$KEY_VAULT_SSL_BUNDLES_WEB_RESOURCE_GROUP_NAME
+echo KEY_VAULT_SSL_BUNDLES_KEYVAULT_URI_01=$KEY_VAULT_SSL_BUNDLES_KEYVAULT_URI_01
+echo KEY_VAULT_SSL_BUNDLES_KEYVAULT_URI_02=$KEY_VAULT_SSL_BUNDLES_KEYVAULT_URI_02
+echo KEY_VAULT_SSL_BUNDLES_TENANT_ID=$KEY_VAULT_SSL_BUNDLES_TENANT_ID
+echo KEY_VAULT_SSL_BUNDLES_CLIENT_ID=$KEY_VAULT_SSL_BUNDLES_CLIENT_ID
+echo KEY_VAULT_SSL_BUNDLES_CLIENT_SECRET=$KEY_VAULT_SSL_BUNDLES_CLIENT_SECRET
+echo KEY_VAULT_SSL_BUNDLES_RESOURCE_GROUP_NAME=$KEY_VAULT_SSL_BUNDLES_RESOURCE_GROUP_NAME

keyvault/spring-cloud-azure-starter-keyvault-jca/keyvault-ssl-bundles-webflux/README.md

@@ -0,0 +1,222 @@
+---
+page_type: sample
+languages:
+- java
+products:
+- azure-key-vault
+name: Enable Server and Client SSL from Azure Key Vault SSL Bundles in Spring Boot webflux Application
+description: This sample demonstrates how to enable Server and Client SSL via Azure KeyVault SSL bundles in Spring Boot webflux application.
+---
+
+# Enable Server and Client SSL from Azure Key Vault SSL Bundles in Spring Boot Web Application
+
+This sample demonstrates how to enable Server and Client SSL via Azure KeyVault SSL bundles in Spring Boot web application. [Link to reference doc](https://learn.microsoft.com/azure/developer/java/spring-framework).
+
+## What You Will Build
+
+You will build an application that use `spring-cloud-azure-starter-keyvault-jca` to retrieve certificates from multiple [Azure Key Vault](https://azure.microsoft.com/services/key-vault/).
+
+## What You Need
+
+- [An Azure subscription](https://azure.microsoft.com/free/)
+- [Terraform](https://www.terraform.io/)
+- [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli)
+- [JDK8](https://www.oracle.com/java/technologies/downloads/) or later
+- Maven
+- You can also import the code straight into your IDE:
+    - [IntelliJ IDEA](https://www.jetbrains.com/idea/download)
+
+## Provision Azure Resources Required to Run This Sample
+
+### Authenticate Using the Azure CLI
+Terraform must authenticate to Azure to create infrastructure.
+
+In your terminal, use the Azure CLI tool to setup your account permissions locally.
+
+```shell
+az login
+```
+
+Your browser window will open and you will be prompted to enter your Azure login credentials. After successful authentication, your terminal will display your subscription information. You do not need to save this output as it is saved in your system for Terraform to use.
+
+```shell
+You have logged in. Now let us find all the subscriptions to which you have access...
+
+[
+  {
+    "cloudName": "AzureCloud",
+    "homeTenantId": "home-Tenant-Id",
+    "id": "subscription-id",
+    "isDefault": true,
+    "managedByTenants": [],
+    "name": "Subscription-Name",
+    "state": "Enabled",
+    "tenantId": "0envbwi39-TenantId",
+    "user": {
+      "name": "[email protected]",
+      "type": "user"
+    }
+  }
+]
+```
+
+If you have more than one subscription, specify the subscription-id you want to use with command below: 
+```shell
+az account set --subscription <your-subscription-id>
+```
+
+### Provision the Resources
+After login Azure CLI with your account, now you can use the terraform script to create Azure Resources.
+
+#### Run with Bash
+
+```shell
+# In the root directory of the sample
+# Initialize your Terraform configuration
+terraform -chdir=./terraform init
+
+# Apply your Terraform Configuration
+terraform -chdir=./terraform apply -auto-approve
+
+```
+
+#### Run with Powershell
+
+```shell
+# In the root directory of the sample
+# Initialize your Terraform configuration
+terraform -chdir=terraform init
+
+# Apply your Terraform Configuration
+terraform -chdir=terraform apply -auto-approve
+
+```
+
+It may take a few minutes to run the script. After successful running, you will see prompt information like below:
+
+```shell
+...
+azurecaf_name.azurecaf_name_kv_01: Creating...
+azurecaf_name.azurecaf_name_kv_02: Creating...
+azurecaf_name.resource_group: Creating...
+azurecaf_name.azurecaf_name_kv_01: Creation complete after 0s [id=tsnjmjbuwvumasse]
+azurecaf_name.resource_group: Creation complete after 0s [id=ddeodontheybkwgm]
+azurecaf_name.azurecaf_name_kv_02: Creation complete after 0s [id=tsnjmjbuwvumasse]
+azuread_application.app: Creating...
+azuread_application.app: Creation complete after 3s [id=37a44efb-1cd2-44e4-a149-d9bb9c315d6f]
+azuread_application_password.service_principal_password: Creating...
+azuread_service_principal.service_principal: Creating...
+
+
+Apply complete! Resources: 11 added, 0 changed, 0 destroyed.
+
+Outputs:
+
+...
+
+```
+
+You can go to [Azure portal](https://ms.portal.azure.com/) in your web browser to check the resources you created.
+
+### Export Output to Your Local Environment
+Running the command below to export environment values:
+
+#### Run with Bash
+
+```shell
+source ./terraform/setup_env.sh
+```
+
+#### Run with Powershell
+
+```shell
+terraform\setup_env.ps1
+```
+
+If you want to run the sample in debug mode, you can save the output value.
+
+```shell
+KEY_VAULT_SSL_BUNDLE_CLIENT_ID=
+KEY_VAULT_SSL_BUNDLE_CLIENT_SECRET=
+KEY_VAULT_SSL_BUNDLE_KEYVAULT_URI_01=
+KEY_VAULT_SSL_BUNDLE_KEYVAULT_URI_02=
+KEY_VAULT_SSL_BUNDLE_RESOURCE_GROUP_NAME=
+KEY_VAULT_SSL_BUNDLE_TENANT_ID=
+```
+
+## Run Locally
+
+### Run the sample with Maven
+
+In your terminal, run `mvn clean spring-boot:run`.
+
+```shell
+mvn clean spring-boot:run
+```
+
+### Run the sample in IDEs
+
+You can debug your sample by adding the saved output values to the tool's environment variables or the sample's `application.yaml` file.
+
+* If your tool is `IDEA`, please refer to [Debug your first Java application](https://www.jetbrains.com/help/idea/debugging-your-first-java-application.html) and [add environment variables](https://www.jetbrains.com/help/objc/add-environment-variables-and-program-arguments.html#add-environment-variables).
+
+* If your tool is `ECLIPSE`, please refer to [Debugging the Eclipse IDE for Java Developers](https://www.eclipse.org/community/eclipse_newsletter/2017/june/article1.php) and [Eclipse Environment Variable Setup](https://examples.javacodegeeks.com/desktop-java/ide/eclipse/eclipse-environment-variable-setup-example/).
+
+## Verify This Sample
+
+This sample required an SSL server, you can use sample [keyvault-ssl-bundles-web](../keyvault-ssl-bundles-web) as the target server, which means the https://localhost:8444/ssl-test is available.For Azure resource usage, you can share the output environment variable of [keyvault-ssl-bundles-web](../keyvault-ssl-bundles-web) or create the new resources and shared to [keyvault-ssl-bundles-web](../keyvault-ssl-bundles-web) as they use the same environment variables.
+
+1. Send below request to acquire a resource with TLS connection:
+
+   ```bash
+   curl http://localhost:8080/webclient/tls
+   ```
+   
+   You will see the following in the console:
+   
+   ```console
+   Response from webClient tls "https://localhost:8444/ssl-test": Inbound TLS is working!
+   ```
+
+2. Send below request to acquire a resource with mTLS connection:
+
+   ```bash
+   
+   curl http://localhost:8080/webclient/mtls
+   ```
+   
+   you will see console like this:
+   
+   ```console
+   Response from webClient mtls "https://localhost:8444/ssl-test": Inbound TLS is working!
+   ```
+
+## Clean Up Resources
+After running the sample, if you don't want to run the sample, remember to destroy the Azure resources you created to avoid unnecessary billing.
+
+The terraform destroy command terminates resources managed by your Terraform project.   
+To destroy the resources you created.
+
+#### Run with Bash
+
+```shell
+terraform -chdir=./terraform destroy -auto-approve
+```
+
+#### Run with Powershell
+
+```shell
+terraform -chdir=terraform destroy -auto-approve
+```
+
+## (Optional) Retrieve specific secrets
+
+If you don't want to load all secrets from Azure Key Vault. You can specify the secrets you want to load by setting the `spring.cloud.azure.keyvault.secret.property-sources.secret-keys=secret1,secret2...` property in the `application.yaml` file.
+
+For this sample, run locally with the command `mvn clean spring-boot:run -Dspring-boot.run.profiles=secrets` to activate the [application-secrets.yml](./src/main/resources/application-secrets.yml) profile file.
+
+[Verify This Sample](#verify-this-sample).
+
+## Deploy to Azure Spring Apps
+
+Now that you have the Spring Boot application running locally, it's time to move it to production. [Azure Spring Apps](https://learn.microsoft.com/azure/spring-apps/overview) makes it easy to deploy Spring Boot applications to Azure without any code changes. The service manages the infrastructure of Spring applications so developers can focus on their code. Azure Spring Apps provides lifecycle management using comprehensive monitoring and diagnostics, configuration management, service discovery, CI/CD integration, blue-green deployments, and more. To deploy your application to Azure Spring Apps, see [Deploy your first application to Azure Spring Apps](https://learn.microsoft.com/azure/spring-apps/quickstart?tabs=Azure-CLI).