From 461d6c96f2802baeada161613c82819b62bd63fe Mon Sep 17 00:00:00 2001
From: Anish Ramasekar <anish.ramasekar@gmail.com>
Date: Thu, 6 Oct 2022 23:20:19 +0000
Subject: [PATCH] feat: add azure-identity java example

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
---
 .../azure-identity-sdk.md                     |  1 +
 examples/azure-identity/java/Dockerfile       | 15 +++
 examples/azure-identity/java/Makefile         | 39 ++++++++
 examples/azure-identity/java/pom.xml          | 97 +++++++++++++++++++
 .../com/example/azureidentity/java/App.java   | 26 +++++
 5 files changed, 178 insertions(+)
 create mode 100644 examples/azure-identity/java/Dockerfile
 create mode 100644 examples/azure-identity/java/Makefile
 create mode 100644 examples/azure-identity/java/pom.xml
 create mode 100644 examples/azure-identity/java/src/main/java/com/example/azureidentity/java/App.java

diff --git a/docs/book/src/topics/language-specific-examples/azure-identity-sdk.md b/docs/book/src/topics/language-specific-examples/azure-identity-sdk.md
index c391967d5..c9f8501fb 100644
--- a/docs/book/src/topics/language-specific-examples/azure-identity-sdk.md
+++ b/docs/book/src/topics/language-specific-examples/azure-identity-sdk.md
@@ -19,3 +19,4 @@ The following client libraries are the **minimum** version required
 | Python                | [azure-sdk-for-python](https://github.com/Azure/azure-sdk-for-python) | [Link](https://github.com/Azure/azure-workload-identity/tree/main/examples/azure-identity/python) |
 | JavaScript/TypeScript | [azure-sdk-for-js](https://github.com/Azure/azure-sdk-for-js)         | [Link](https://github.com/Azure/azure-workload-identity/tree/main/examples/azure-identity/node)   |
 | C#                    | [azure-sdk-for-net](https://github.com/Azure/azure-sdk-for-net)       | [Link](https://github.com/Azure/azure-workload-identity/tree/main/examples/azure-identity/dotnet) |
+| Java                  | [azure-sdk-for-java](https://github.com/Azure/azure-sdk-for-java)     | [Link](https://github.com/Azure/azure-workload-identity/tree/main/examples/azure-identity/java)   |
diff --git a/examples/azure-identity/java/Dockerfile b/examples/azure-identity/java/Dockerfile
new file mode 100644
index 000000000..015f62435
--- /dev/null
+++ b/examples/azure-identity/java/Dockerfile
@@ -0,0 +1,15 @@
+ARG BUILDER=maven:3.8.4-jdk-11
+ARG BASEIMAGE=gcr.io/distroless/java:11-nonroot
+
+FROM ${BUILDER} as builder
+WORKDIR /app
+COPY pom.xml .
+RUN mvn -e -B dependency:resolve
+COPY src ./src
+RUN mvn -e -B package
+
+FROM ${BASEIMAGE}
+COPY --from=builder /app/target/azid-java-*.jar /app.jar
+# Kubernetes runAsNonRoot requires USER to be numeric
+USER 65532:65532
+CMD ["/app.jar"]
diff --git a/examples/azure-identity/java/Makefile b/examples/azure-identity/java/Makefile
new file mode 100644
index 000000000..29a97be2a
--- /dev/null
+++ b/examples/azure-identity/java/Makefile
@@ -0,0 +1,39 @@
+REGISTRY ?= ghcr.io/azure/azure-workload-identity
+IMAGE_NAME := azid-java
+IMAGE_VERSION ?= latest
+
+DEMO_IMAGE := $(REGISTRY)/$(IMAGE_NAME):$(IMAGE_VERSION)
+
+## --------------------------------------
+## Images
+## --------------------------------------
+
+# Output type of docker buildx build
+OUTPUT_TYPE ?= type=registry
+
+ALL_OS = linux
+ALL_ARCH.linux = amd64 arm64
+ALL_OS_ARCH.linux = $(foreach arch, ${ALL_ARCH.linux}, linux-$(arch))
+ALL_OS_ARCH = $(foreach os, $(ALL_OS), ${ALL_OS_ARCH.${os}})
+
+# The architecture of the image
+ARCH ?= amd64
+
+.PHONY: container-linux
+container-linux:
+	docker buildx build \
+		--output=$(OUTPUT_TYPE) \
+		--platform="linux/$(ARCH)" \
+		--tag=$(DEMO_IMAGE)-linux-$(ARCH) .
+
+.PHONY: container-all
+container-all:
+	for arch in $(ALL_ARCH.linux); do \
+		ARCH=$${arch} $(MAKE) container-linux; \
+	done
+
+.PHONY: push-manifest
+push-manifest:
+	docker manifest create --amend $(DEMO_IMAGE) $(foreach osarch, $(ALL_OS_ARCH), $(DEMO_IMAGE)-${osarch})
+	for arch in $(ALL_ARCH.linux); do docker manifest annotate --os linux --arch $${arch} $(DEMO_IMAGE) $(DEMO_IMAGE)-linux-$${arch}; done; \
+	docker manifest push --purge $(DEMO_IMAGE)
diff --git a/examples/azure-identity/java/pom.xml b/examples/azure-identity/java/pom.xml
new file mode 100644
index 000000000..4729afdf6
--- /dev/null
+++ b/examples/azure-identity/java/pom.xml
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>com.example.azureidentity.java</groupId>
+  <artifactId>azid-java</artifactId>
+  <version>1.0-SNAPSHOT</version>
+
+  <name>azid-java</name>
+  <!-- FIXME change it to the project's website -->
+  <url>http://www.example.com</url>
+
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    <maven.compiler.source>1.8</maven.compiler.source>
+    <maven.compiler.target>1.8</maven.compiler.target>
+  </properties>
+
+  <dependencies>
+    <dependency>
+      <groupId>com.azure</groupId>
+      <artifactId>azure-security-keyvault-secrets</artifactId>
+      <version>4.5.0</version>
+    </dependency>
+    <dependency>
+      <groupId>com.azure</groupId>
+      <artifactId>azure-identity</artifactId>
+      <version>1.6.0</version>
+    </dependency>
+    <dependency>
+      <groupId>com.azure</groupId>
+      <artifactId>azure-core</artifactId>
+      <version>1.32.0</version>
+    </dependency>
+    <!-- in a real application, you would use a proper logging implementation such as log4j2 or logback -->
+    <dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>slf4j-simple</artifactId>
+      <version>1.7.32</version>
+    </dependency>
+  </dependencies>
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-shade-plugin</artifactId>
+        <version>3.2.4</version>
+        <executions>
+          <execution>
+            <phase>package</phase>
+            <goals>
+              <goal>shade</goal>
+            </goals>
+            <configuration>
+              <transformers>
+                <transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
+                  <mainClass>com.example.azureidentity.java.App</mainClass>
+                </transformer>
+              </transformers>
+              <filters>
+                <filter>
+                  <artifact>*:*</artifact>
+                  <excludes>
+                    <exclude>META-INF/*.SF</exclude>
+                    <exclude>META-INF/*.DSA</exclude>
+                    <exclude>META-INF/*.RSA</exclude>
+                  </excludes>
+                </filter>
+              </filters>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-dependency-plugin</artifactId>
+        <version>2.6</version>
+        <executions>
+          <execution>
+            <id>unpack-dependencies</id>
+            <phase>package</phase>
+            <goals>
+              <goal>unpack-dependencies</goal>
+            </goals>
+            <configuration>
+              <excludeScope>system</excludeScope>
+              <excludes>META-INF/*.SF,META-INF/*.DSA,META-INF/*.RSA</excludes>
+              <excludeGroupIds>junit,org.mockito,org.hamcrest</excludeGroupIds>
+              <outputDirectory>${project.build.directory}/classes</outputDirectory>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+</project>
diff --git a/examples/azure-identity/java/src/main/java/com/example/azureidentity/java/App.java b/examples/azure-identity/java/src/main/java/com/example/azureidentity/java/App.java
new file mode 100644
index 000000000..47db7117d
--- /dev/null
+++ b/examples/azure-identity/java/src/main/java/com/example/azureidentity/java/App.java
@@ -0,0 +1,26 @@
+package com.example.azureidentity.java;
+
+import java.util.Map;
+
+import com.azure.security.keyvault.secrets.SecretClient;
+import com.azure.security.keyvault.secrets.SecretClientBuilder;
+import com.azure.security.keyvault.secrets.models.KeyVaultSecret;
+import com.azure.identity.DefaultAzureCredentialBuilder;
+import com.azure.identity.DefaultAzureCredential;
+
+public class App {
+    public static void main(String[] args) {
+        Map<String, String> env = System.getenv();
+        String keyvaultURL = env.get("KEYVAULT_URL");
+        String secretName = env.get("SECRET_NAME");
+
+        DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder().build();
+
+        SecretClient secretClient = new SecretClientBuilder()
+                .vaultUrl(keyvaultURL)
+                .credential(defaultCredential)
+                .buildClient();
+        KeyVaultSecret secret = secretClient.getSecret(secretName);
+        System.out.printf("successfully got secret, secret=%s", secret.getValue());
+    }
+}