Retrieve a secret in the application
Table of contents
Previously, you have created an Azure Key Vault and added the Dapr component to Azure Container Apps environmnet. Now, you will use the secret in the application. This second part of the assignment is about using Azure Key Vault as a secret store for the FineCollectionService to get the license key of the fine calculator.
Step 1: Create a secret in the Azure Key Vault for the license key
-
Open a terminal window.
-
Create a secret in the Azure Key Vault for the license key:
az keyvault secret set --vault-name $KEY_VAULT --name license-key --value HX783-5PN1G-CRJ4A-K2L7V
Step 2: Use the secret in the application FineCollectionService
-
Open the file
FineCollectionService/src/main/java/dapr/fines/fines/DaprFineCalulator.javain your code editor, and inspect it.It implements the
FineCalculatorinterface, which is used by theFineCollectionServiceto calculate the fine for a car. TheFineCalculatorinterface has a methodcalculateFinethat takes theexcessSpeedas input and returns the amount of the fine as output. If the excess speed is too high, it return-1.The object
FineFinesthat computes the fine requires a license Key. The license key is used to validate the license of the fine calculator. ThisDaprFineCalculatoris getting the license key from the secret store when theFineCalculatorbean is created in the classFineCollectionConfiguration. The license key is stored in the secret store with the namelicense-key.public class DaprFineCalculator implements FineCalculator { private final String fineCalculatorLicenseKey; private final FineFines fineFines; public DaprFineCalculator(final DaprClient daprClient) { if (daprClient == null) { throw new IllegalArgumentException("daprClient"); } final Map<String, String> licenseKeySecret = daprClient.getSecret("secretstore", "license-key").block(); if (licenseKeySecret == null || licenseKeySecret.isEmpty()) { throw new RuntimeException("'license-key' is not part of the secret store."); } this.fineCalculatorLicenseKey = licenseKeySecret.get("license-key"); this.fineFines = new FineFines(); } @Override public int calculateFine(final int excessSpeed) { return fineFines.calculateFine(this.fineCalculatorLicenseKey, excessSpeed); } } -
Open the file
FineCollectionService/src/main/java/dapr/fines/FineCollectionConfiguration.javain your code editor. - Comment out the following lines as the license key is now retrieved from the secret store instead of the environment variable:
@Value("${finefines.license-key}") private String fineCalculatorLicenseKey; - Comment out the following @Bean method that creates the bean
FineCalculator:@Bean public FineCalculator fineCalculator() { return new DefaultFineCalculator(fineCalculatorLicenseKey); } - Uncomment the following @Bean method that creates the bean
FineCalculator:// @Bean // public FineCalculator fineCalculator(final DaprClient daprClient) { // return new DaprFineCalculator(daprClient); // }This method requires the
DaprClientas input. - Uncomment the following @Bean method that creates the bean
DaprClient:// @Bean // public DaprClient daprClient() { // return new DaprClientBuilder().build(); // } -
Check all your code-changes are correct by building the code. Execute the following command in the terminal window:
mvn package
Step 3: Build and redeploy fine collection service
In this step, you will rebuild and redeploy the FineCollectionService to use the secret store (i.e. Azure Key Vault) to get the license key of the fine calculator.
-
Delete the image from local docker:
docker rmi fine-collection-service:1.0-SNAPSHOT -
In the root folder of
FineCollectionService, run the following command to build and push the image:mvn spring-boot:build-image docker tag fine-collection-service:1.0-SNAPSHOT "$CONTAINER_REGISTRY.azurecr.io/fine-collection-service:3.0" docker push "$CONTAINER_REGISTRY.azurecr.io/fine-collection-service:3.0"Where
$CONTAINER_REGISTRYis the name of your Azure Container Registry. -
Update
FineCollectionServicecontainer app with the new image:az containerapp update \ --name ca-fine-collection-service \ --resource-group rg-dapr-workshop-java \ --image "$CONTAINER_REGISTRY.azurecr.io/fine-collection-service:3.0"Where
$CONTAINER_REGISTRYis the name of your Azure Container Registry.
Step 4 - Run the simulation
-
Set the following environment variable:
-
Linux/Unix shell:
export TRAFFIC_CONTROL_SERVICE_BASE_URL=https://$TRAFFIC_CONTROL_SERVICE_FQDN -
Powershell:
$env:TRAFFIC_CONTROL_SERVICE_BASE_URL = "https://$TRAFFIC_CONTROL_SERVICE_FQDN"
-
-
In the root folder of the simulation (
Simulation), start the simulation:mvn spring-boot:run
Step 5 - Test the microservices running in ACA
You can access the log of the container apps from the Azure Portal or directly in a terminal window. To access the logs in the portal, you need to go to your resource group rg-dapr-workshop-java and select the container app for which you need the log. Then select Log stream in Monitoring section.
To access the logs from the terminal, follow the instructions below for each microservice.
The logs can take a few minutes to appear in the Log Analytics Workspace. If the logs are not updated, open the log stream in the Azure Portal.
Traffic Control Service
-
Run the following command to identify the running revision of traffic control service container apps:
-
Linux/Unix shell:
TRAFFIC_CONTROL_SERVICE_REVISION=$(az containerapp revision list -n ca-traffic-control-service -g rg-dapr-workshop-java --query "[0].name" -o tsv) echo $TRAFFIC_CONTROL_SERVICE_REVISION -
Powershell:
$TRAFFIC_CONTROL_SERVICE_REVISION = az containerapp revision list -n ca-traffic-control-service -g rg-dapr-workshop-java --query "[0].name" -o tsv $TRAFFIC_CONTROL_SERVICE_REVISION
-
-
Run the following command to get the last 10 lines of traffic control service logs from Log Analytics Workspace:
az monitor log-analytics query \ --workspace $LOG_ANALYTICS_WORKSPACE_CUSTOMER_ID \ --analytics-query "ContainerAppConsoleLogs_CL | where RevisionName_s == '$TRAFFIC_CONTROL_SERVICE_REVISION' | project TimeGenerated, Log_s | sort by TimeGenerated desc | take 10" \ --out table
Fine Collection Service
-
Run the following command to identify the running revision of fine collection service container apps:
-
Linux/Unix shell:
FINE_COLLECTION_SERVICE_REVISION=$(az containerapp revision list -n ca-fine-collection-service -g rg-dapr-workshop-java --query "[0].name" -o tsv) echo $FINE_COLLECTION_SERVICE_REVISION -
Powershell:
$FINE_COLLECTION_SERVICE_REVISION = az containerapp revision list -n ca-fine-collection-service -g rg-dapr-workshop-java --query "[0].name" -o tsv $FINE_COLLECTION_SERVICE_REVISION
-
-
Run the following command to get the last 10 lines of fine collection service logs from Log Analytics Workspace:
az monitor log-analytics query \ --workspace $LOG_ANALYTICS_WORKSPACE_CUSTOMER_ID \ --analytics-query "ContainerAppConsoleLogs_CL | where RevisionName_s == '$FINE_COLLECTION_SERVICE_REVISION' | project TimeGenerated, Log_s | sort by TimeGenerated desc | take 10" \ --out table
Vehicle Registration Service
-
Run the following command to identify the running revision of vehicle registration service container apps:
-
Linux/Unix shell:
VEHICLE_REGISTRATION_SERVICE_REVISION=$(az containerapp revision list -n ca-vehicle-registration-service -g rg-dapr-workshop-java --query "[0].name" -o tsv) echo $VEHICLE_REGISTRATION_SERVICE_REVISION -
Powershell:
$VEHICLE_REGISTRATION_SERVICE_REVISION = az containerapp revision list -n ca-vehicle-registration-service -g rg-dapr-workshop-java --query "[0].name" -o tsv $VEHICLE_REGISTRATION_SERVICE_REVISION
-
-
Run the following command to get the last 10 lines of vehicle registration service logs from Log Analytics Workspace:
az monitor log-analytics query \ --workspace $LOG_ANALYTICS_WORKSPACE_CUSTOMER_ID \ --analytics-query "ContainerAppConsoleLogs_CL | where RevisionName_s == '$VEHICLE_REGISTRATION_SERVICE_REVISION' | project TimeGenerated, Log_s | sort by TimeGenerated desc | take 10" \ --out table
< Setup Azure Key Vault Reference a secret in Dapr components >