Add code samples to Azure Identity SDK section

scottaddie · scottaddie · commit f66352c5da6d · 2023-08-24T10:28:59.000-05:00
diff --git a/articles/aks/workload-identity-overview.md b/articles/aks/workload-identity-overview.md
@@ -3,7 +3,7 @@ title: Use an Azure AD workload identities on Azure Kubernetes Service (AKS)
 description: Learn about Azure Active Directory workload identity for Azure Kubernetes Service (AKS) and how to migrate your application to authenticate using this identity.  
 ms.topic: article
 ms.custom: build-2023
-ms.date: 08/18/2023
+ms.date: 08/24/2023
 ---
 
 # Use Azure AD workload identity with Azure Kubernetes Service (AKS)
@@ -29,24 +29,170 @@ In the Azure Identity client libraries, choose one of the following approaches:
 - Create a `ChainedTokenCredential` instance that includes `WorkloadIdentityCredential`.
 - Use `WorkloadIdentityCredential` directly.
 
-The following table provides the **minimum** package version required for each language's client library.
+The following table provides the **minimum** package version required for each language ecosystem's client library.
 
-| Language   | Library                                                                                                          | Minimum Version | Example                                                                                                                           |
-|------------|------------------------------------------------------------------------------------------------------------------|-----------------|-----------------------------------------------------------------------------------------------------------------------------------|
-| .NET       | [Azure.Identity](/dotnet/api/overview/azure/identity-readme)                                                     | 1.9.0           | [Link](https://github.com/Azure/azure-workload-identity/tree/main/examples/azure-identity/dotnet)                                 |
-| C++        | [azure-identity-cpp](https://github.com/Azure/azure-sdk-for-cpp/blob/main/sdk/identity/azure-identity/README.md) | 1.6.0-beta.1    | [Link](https://github.com/Azure/azure-sdk-for-cpp/blob/main/sdk/identity/azure-identity/samples/workload_identity_credential.cpp) |
-| Go         | [azidentity](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity)                                | 1.3.0           | [Link](https://github.com/Azure/azure-workload-identity/tree/main/examples/azure-identity/go)                                     |
-| Java       | [azure-identity](/java/api/overview/azure/identity-readme)                                                       | 1.9.0           | [Link](https://github.com/Azure/azure-workload-identity/tree/main/examples/azure-identity/java)                                   |
-| JavaScript | [@azure/identity](/javascript/api/overview/azure/identity-readme)                                                | 3.2.0           | [Link](https://github.com/Azure/azure-workload-identity/tree/main/examples/azure-identity/node)                                   |
-| Python     | [azure-identity](/python/api/overview/azure/identity-readme)                                                     | 1.13.0          | [Link](https://github.com/Azure/azure-workload-identity/tree/main/examples/azure-identity/python)                                 |
+| Ecosystem | Library                                                                                                          | Minimum Version |
+|-----------|------------------------------------------------------------------------------------------------------------------|-----------------|
+| .NET      | [Azure.Identity](/dotnet/api/overview/azure/identity-readme)                                                     | 1.9.0           |
+| C++       | [azure-identity-cpp](https://github.com/Azure/azure-sdk-for-cpp/blob/main/sdk/identity/azure-identity/README.md) | 1.6.0-beta.1    |
+| Go        | [azidentity](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity)                                | 1.3.0           |
+| Java      | [azure-identity](/java/api/overview/azure/identity-readme)                                                       | 1.9.0           |
+| Node.js   | [@azure/identity](/javascript/api/overview/azure/identity-readme)                                                | 3.2.0           |
+| Python    | [azure-identity](/python/api/overview/azure/identity-readme)                                                     | 1.13.0          |
 
 &dagger; In the C++ library, `WorkloadIdentityCredential` isn't part of the `DefaultAzureCredential` authentication flow.
 
+In the following code samples, `DefaultAzureCredential` is used. This credential type will use the environment variables injected by the Azure Workload Identity mutating webhook to authenticate with Azure Key Vault.
+
+## [.NET](#tab/dotnet)
+
+```csharp
+using Azure.Identity;
+using Azure.Security.KeyVault.Secrets;
+
+string keyVaultUrl = Environment.GetEnvironmentVariable("KEYVAULT_URL");
+string secretName = Environment.GetEnvironmentVariable("SECRET_NAME");
+
+var client = new SecretClient(
+    new Uri(keyVaultUrl),
+    new DefaultAzureCredential());
+
+KeyVaultSecret secret = await client.GetSecretAsync(secretName);
+```
+
+## [C++](#tab/cpp)
+
+```cpp
+#include <cstdlib>
+#include <azure/identity.hpp>
+#include <azure/keyvault/secrets/secret_client.hpp>
+
+using namespace Azure::Identity;
+using namespace Azure::Security::KeyVault::Secrets;
+
+int main()
+{
+  const char* keyVaultUrl = std::getenv("KEYVAULT_URL");
+  const char* secretName = std::getenv("SECRET_NAME");
+  auto credential = std::make_shared<DefaultAzureCredential>();
+
+  SecretClient client(keyVaultUrl, credential);
+  Secret secret = client.GetSecret(secretName).Value;
+
+  return 0;
+}
+```
+
+## [Go](#tab/go)
+
+```go
+package main
+
+import (
+	"context"
+	"os"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+	"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets"
+    "k8s.io/klog/v2"
+)
+
+func main() {
+	keyVaultUrl := os.Getenv("KEYVAULT_URL")
+	secretName := os.Getenv("SECRET_NAME")
+
+	credential, err := azidentity.NewDefaultAzureCredential(nil)
+	if err != nil {
+		klog.Fatal(err)
+	}
+
+	client, err := azsecrets.NewClient(keyVaultUrl, credential, nil)
+	if err != nil {
+		klog.Fatal(err)
+	}
+
+	secret, err := client.GetSecret(context.Background(), secretName, "", nil)
+	if err != nil {
+		klog.ErrorS(err, "failed to get secret", "keyvault", keyVaultUrl, "secretName", secretName)
+		os.Exit(1)
+	}
+}
+```
+
+## [Java](#tab/java)
+
+```java
+import java.util.Map;
+
+import com.azure.security.keyvault.secrets.SecretClient;
+import com.azure.security.keyvault.secrets.SecretClientBuilder;
+import com.azure.security.keyvault.secrets.models.KeyVaultSecret;
+import com.azure.identity.DefaultAzureCredentialBuilder;
+import com.azure.identity.DefaultAzureCredential;
+
+public class App {
+    public static void main(String[] args) {
+        Map<String, String> env = System.getenv();
+        String keyVaultUrl = env.get("KEYVAULT_URL");
+        String secretName = env.get("SECRET_NAME");
+
+        SecretClient client = new SecretClientBuilder()
+                .vaultUrl(keyVaultUrl)
+                .credential(new DefaultAzureCredentialBuilder().build())
+                .buildClient();
+        KeyVaultSecret secret = client.getSecret(secretName);
+    }
+}
+```
+
+## [Node.js](#tab/javascript)
+
+```nodejs
+import { DefaultAzureCredential } from "@azure/identity";
+import { SecretClient } from "@azure/keyvault-secrets";
+
+const main = async () => {
+    const keyVaultUrl = process.env["KEYVAULT_URL"];
+    const secretName = process.env["SECRET_NAME"];
+
+    const credential = new DefaultAzureCredential();
+    const client = new SecretClient(keyVaultUrl, credential);
+
+    const secret = await client.getSecret(secretName);
+}
+
+main().catch((error) => {
+    console.error("An error occurred:", error);
+    process.exit(1);
+});
+```
+
+## [Python](#tab/python)
+
+```python
+import os
+
+from azure.keyvault.secrets import SecretClient
+from azure.identity import DefaultAzureCredential
+
+def main():
+    keyvault_url = os.getenv('KEYVAULT_URL', '')
+    secret_name = os.getenv('SECRET_NAME', '')
+
+    client = SecretClient(vault_url=keyvault_url, credential=DefaultAzureCredential())
+    secret = client.get_secret(secret_name)
+
+if __name__ == '__main__':
+    main()
+```
+
+---
+
 ## Microsoft Authentication Library (MSAL)
 
-The following client libraries are the **minimum** version required
+The following client libraries are the **minimum** version required.
 
-| Language | Library | Image | Example | Has Windows |
+| Ecosystem | Library | Image | Example | Has Windows |
 |-----------|-----------|----------|----------|----------|
 | .NET | [microsoft-authentication-library-for-dotnet](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet) | ghcr.io/azure/azure-workload-identity/msal-net:latest | [Link](https://github.com/Azure/azure-workload-identity/tree/main/examples/msal-net/akvdotnet) | Yes |
 | Go | [microsoft-authentication-library-for-go](https://github.com/AzureAD/microsoft-authentication-library-for-go) | ghcr.io/azure/azure-workload-identity/msal-go:latest | [Link](https://github.com/Azure/azure-workload-identity/tree/main/examples/msal-go) | Yes |
