docs: update environment variables according to CLI outputs (#561)

Author: rkpattnaik780

code-examples/quarkus-kafka-quickstart/src/main/resources/application.properties

@@ -26,9 +26,9 @@ quarkus.container-image.push=false
 
 %dev.kafka.sasl.mechanism=OAUTHBEARER
 %dev.kafka.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required \
-  oauth.client.id="${RHOAS_CLIENT_ID}" \
-  oauth.client.secret="${RHOAS_CLIENT_SECRET}" \
-  oauth.token.endpoint.uri="${RHOAS_OAUTH_TOKEN_URL}" ;
+  oauth.client.id="${RHOAS_SERVICE_ACCOUNT_CLIENT_ID}" \
+  oauth.client.secret="${RHOAS_SERVICE_ACCOUNT_CLIENT_SECRET}" \
+  oauth.token.endpoint.uri="${RHOAS_SERVICE_ACCOUNT_OAUTH_TOKEN_URL}" ;
 %dev.kafka.sasl.login.callback.handler.class=io.strimzi.kafka.oauth.client.JaasClientOauthLoginCallbackHandler
 
 ## sbo-dev profile that can be used for local development when using 

code-examples/quarkus-service-registry-quickstart/consumer/.env

@@ -4,9 +4,9 @@ mp.messaging.incoming.quotes.value.deserializer=io.apicurio.registry.serde.avro.
 mp.messaging.incoming.quotes.apicurio.registry.use-specific-avro-reader=true
 mp.messaging.incoming.quotes.apicurio.registry.avro-datum-provider=io.apicurio.registry.serde.avro.ReflectAvroDatumProvider
 
-%dev.mp.messaging.incoming.quotes.apicurio.auth.service.token.endpoint=${RHOAS_OAUTH_TOKEN_URL:https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token}
-%dev.mp.messaging.incoming.quotes.apicurio.auth.client.id=${RHOAS_CLIENT_ID}
-%dev.mp.messaging.incoming.quotes.apicurio.auth.client.secret=${RHOAS_CLIENT_SECRET}
+%dev.mp.messaging.incoming.quotes.apicurio.auth.service.token.endpoint=${RHOAS_SERVICE_ACCOUNT_OAUTH_TOKEN_URL:https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token}
+%dev.mp.messaging.incoming.quotes.apicurio.auth.client.id=${RHOAS_SERVICE_ACCOUNT_CLIENT_ID}
+%dev.mp.messaging.incoming.quotes.apicurio.auth.client.secret=${RHOAS_SERVICE_ACCOUNT_CLIENT_SECRET}
 
 mp.messaging.connector.smallrye-kafka.apicurio.registry.url=${SERVICE_REGISTRY_URL}${SERVICE_REGISTRY_CORE_PATH}
 
@@ -19,7 +19,7 @@ mp.messaging.connector.smallrye-kafka.apicurio.registry.url=${SERVICE_REGISTRY_U
 
 %dev.kafka.sasl.mechanism=OAUTHBEARER
 %dev.kafka.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required \
-  oauth.client.id="${RHOAS_CLIENT_ID}" \
-  oauth.client.secret="${RHOAS_CLIENT_SECRET}" \
-  oauth.token.endpoint.uri="${RHOAS_OAUTH_TOKEN_URL}" ;
+  oauth.client.id="${RHOAS_SERVICE_ACCOUNT_CLIENT_ID}" \
+  oauth.client.secret="${RHOAS_SERVICE_ACCOUNT_CLIENT_SECRET}" \
+  oauth.token.endpoint.uri="${RHOAS_SERVICE_ACCOUNT_OAUTH_TOKEN_URL}" ;
 %dev.kafka.sasl.login.callback.handler.class=io.strimzi.kafka.oauth.client.JaasClientOauthLoginCallbackHandler

code-examples/quarkus-service-registry-quickstart/consumer/src/main/resources/application.properties

@@ -10,9 +10,9 @@ mp.messaging.outgoing.quotes.value.serializer=io.apicurio.registry.serde.avro.Av
 mp.messaging.outgoing.quotes.key.serializer=org.apache.kafka.common.serialization.StringSerializer
 mp.messaging.outgoing.quotes.merge=true
 
-%dev.mp.messaging.outgoing.quotes.apicurio.auth.service.token.endpoint=${RHOAS_OAUTH_TOKEN_URL:https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token}
-%dev.mp.messaging.outgoing.quotes.apicurio.auth.client.id=${RHOAS_CLIENT_ID}
-%dev.mp.messaging.outgoing.quotes.apicurio.auth.client.secret=${RHOAS_CLIENT_SECRET}
+%dev.mp.messaging.outgoing.quotes.apicurio.auth.service.token.endpoint=${RHOAS_SERVICE_ACCOUNT_OAUTH_TOKEN_URL:https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token}
+%dev.mp.messaging.outgoing.quotes.apicurio.auth.client.id=${RHOAS_SERVICE_ACCOUNT_CLIENT_ID}
+%dev.mp.messaging.outgoing.quotes.apicurio.auth.client.secret=${RHOAS_SERVICE_ACCOUNT_CLIENT_SECRET}
 
 mp.messaging.connector.smallrye-kafka.apicurio.registry.url=${SERVICE_REGISTRY_URL}${SERVICE_REGISTRY_CORE_PATH}
 %test.quarkus.apicurio-registry.devservices.port=8888
@@ -25,7 +25,7 @@ mp.messaging.connector.smallrye-kafka.apicurio.registry.url=${SERVICE_REGISTRY_U
 
 %dev.kafka.sasl.mechanism=OAUTHBEARER
 %dev.kafka.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required \
-  oauth.client.id="${RHOAS_CLIENT_ID}" \
-  oauth.client.secret="${RHOAS_CLIENT_SECRET}" \
-  oauth.token.endpoint.uri="${RHOAS_OAUTH_TOKEN_URL}" ;
+  oauth.client.id="${RHOAS_SERVICE_ACCOUNT_CLIENT_ID}" \
+  oauth.client.secret="${RHOAS_SERVICE_ACCOUNT_CLIENT_SECRET}" \
+  oauth.token.endpoint.uri="${RHOAS_SERVICE_ACCOUNT_OAUTH_TOKEN_URL}" ;
 %dev.kafka.sasl.login.callback.handler.class=io.strimzi.kafka.oauth.client.JaasClientOauthLoginCallbackHandler

code-examples/quarkus-service-registry-quickstart/producer/.env

@@ -159,8 +159,8 @@ endif::[]
 [source,subs="+quotes"]
 ----
 $ export KAFKA_HOST=__<bootstrap_server>__
-$ export RHOAS_CLIENT_ID=__<client_id>__
-$ export RHOAS_CLIENT_SECRET=__<client_secret>__
+$ export RHOAS_SERVICE_ACCOUNT_CLIENT_ID=__<client_id>__
+$ export RHOAS_SERVICE_ACCOUNT_CLIENT_SECRET=__<client_secret>__
 ----
 --
 
@@ -186,8 +186,8 @@ This example uses the SASL/PLAIN authentication mechanism with the server and cr
 ----
 $ kafkacat -t my-first-kafka-topic -b "$KAFKA_HOST" \
  -X security.protocol=SASL_SSL -X sasl.mechanisms=PLAIN \
- -X sasl.username="$RHOAS_CLIENT_ID" \
- -X sasl.password="$RHOAS_CLIENT_SECRET" -P
+ -X sasl.username="$RHOAS_SERVICE_ACCOUNT_CLIENT_ID" \
+ -X sasl.password="$RHOAS_SERVICE_ACCOUNT_CLIENT_SECRET" -P
 ----
 
 NOTE: {product-kafka} also supports the SASL/OAUTHBEARER mechanism for authentication, which is the recommended authentication mechanism to use. However, Kafkacat does not yet fully support OAUTHBEARER, so this example uses SASL/PLAIN.
@@ -237,8 +237,8 @@ This example uses the SASL/PLAIN authentication mechanism with the server and cr
 ----
 $ kafkacat -t my-first-kafka-topic -b "$KAFKA_HOST" \
  -X security.protocol=SASL_SSL -X sasl.mechanisms=PLAIN \
- -X sasl.username="$RHOAS_CLIENT_ID" \
- -X sasl.password="$RHOAS_CLIENT_SECRET" -C
+ -X sasl.username="$RHOAS_SERVICE_ACCOUNT_CLIENT_ID" \
+ -X sasl.password="$RHOAS_SERVICE_ACCOUNT_CLIENT_SECRET" -C
 
 First message
 Second message

code-examples/quarkus-service-registry-quickstart/producer/src/main/resources/application.properties

@@ -165,8 +165,8 @@ endif::[]
 [source,subs="+quotes"]
 ----
 KAFKA_HOST=__<bootstrap_server>__
-RHOAS_CLIENT_ID=__<client_id>__
-RHOAS_CLIENT_SECRET=__<client_secret>__
+RHOAS_SERVICE_ACCOUNT_CLIENT_ID=__<client_id>__
+RHOAS_SERVICE_ACCOUNT_CLIENT_SECRET=__<client_secret>__
 KAFKA_SASL_MECHANISM=plain
 ----
 ifdef::qs[]

docs/kafka/kcat-kafka/README.adoc

@@ -160,9 +160,9 @@ endif::[]
 [source,subs="+quotes"]
 ----
 $ export KAFKA_HOST=__<bootstrap_server>__
-$ export RHOAS_CLIENT_ID=__<client_id>__
-$ export RHOAS_CLIENT_SECRET=__<client_secret>__
-$ export RHOAS_OAUTH_TOKEN_URL=__<oauth_token_endpoint_uri>__
+$ export RHOAS_SERVICE_ACCOUNT_CLIENT_ID=__<client_id>__
+$ export RHOAS_SERVICE_ACCOUNT_CLIENT_SECRET=__<client_secret>__
+$ export RHOAS_SERVICE_ACCOUNT_OAUTH_TOKEN_URL=__<oauth_token_endpoint_uri>__
 ----
 --
 . In the Quarkus example application, review the `src/main/resources/application.properties` file to understand how the environment variables you set in the previous step are used in your application. This example uses the `dev` configuration profile in the `application.properties` file.

docs/kafka/nodejs-kafka/README.adoc

@@ -170,9 +170,9 @@ This Quarkus example application includes producer and consumer processes that s
 $ export KAFKA_HOST=__<bootstrap_server>__
 $ export SERVICE_REGISTRY_URL=__<service_registry_url>__
 $ export SERVICE_REGISTRY_CORE_PATH=/apis/registry/v2
-$ export RHOAS_OAUTH_TOKEN_URL=__<oauth_token_endpoint_uri>__
-$ export RHOAS_CLIENT_ID=__<client_id>__
-$ export RHOAS_CLIENT_SECRET=__<client_secret>__
+$ export RHOAS_SERVICE_ACCOUNT_OAUTH_TOKEN_URL=__<oauth_token_endpoint_uri>__
+$ export RHOAS_SERVICE_ACCOUNT_CLIENT_ID=__<client_id>__
+$ export RHOAS_SERVICE_ACCOUNT_CLIENT_SECRET=__<client_secret>__
 ----
 
 . In the Quarkus example application, review the `/src/main/resources/application.properties` files in the `consumer` and `producer` sub-folders to understand how the environment variables you set in the previous step are used. This example uses the `dev` configuration profile in the `application.properties` files.

docs/kafka/quarkus-kafka/README.adoc

@@ -108,7 +108,7 @@ In {product-long-rhoas}, a service context is a defined set of instances running
 
 To create a context, you can use the {product-long-rhoas} (`rhoas`) command-line interface (CLI). New service instances that you create are automatically added to the context that is currently in use. You can switch between different contexts and add or remove service instances as required. You can include the same service instance in multiple contexts.
 
-When you have created a service context, you can use a single CLI command to generate the configuration information that client applications need to connect to the instances in that context. You can generate connection configuration information in various formats such as an environment variables file (.env), a JSON file, a Java properties file, and a Kubernetes secret.
+When you have created a service context, you can use a single CLI command to generate the configuration information that client applications need to connect to the instances in that context. You can generate connection configuration information in various formats such as an environment variables file (.env), a JSON file, a Java properties file, and a Kubernetes ConfigMap.
 
 [id="proc-creating-new-service-contexts_{context}"]
 == Creating new service contexts
@@ -277,14 +277,28 @@ $ rhoas context use --name development-context
 $ cd ~/app-services-guides/code-examples/quarkus-service-registry-quickstart/
 ----
 
+. Create a service account for the Quarkus application to authenticate with the Kafka and {registry} instances in the context. Save the credentials in an environment variables file in the directory for the producer component.
++
+[source,shell]
+----
+$ rhoas service-account create --type env --output-file ./producer/.env
+----
+
 . Generate an environment variables file that contains the connection configuration information required by the producer component.
 +
 [source,shell]
 ----
-$ rhoas generate-config --type env --output-file ./producer/.env
+$ rhoas generate-config --type env --output-file ./producer/rhoas.env
 ----
 
-. Copy the `.env` file to the directory for the consumer component, as shown in the following Linux example:
+. Append the contents of the connection configuration file to the service account environment variables file.
++
+[source,shell]
+----
+$ cat ./producer/rhoas.env >> ./producer/.env
+----
+
+. Copy the updated `.env` file to the directory for the consumer component, as shown in the following Linux example:
 +
 [source,shell]
 ----
@@ -293,24 +307,23 @@ $ cp ./producer/.env ./consumer/.env
 +
 For a service context with single Kafka and {registry} instances, the `.env` file looks like the following example:
 +
-.Example environment variables file for connection configuration information
+.Example environment variables file for connection configuration and credentials
 [source,shell,subs="+attributes,+quotes"]
 ----
 \\## Generated by rhoas cli
-## Kafka Configuration
+RHOAS_SERVICE_ACCOUNT_CLIENT_ID=_<client-id>_
+RHOAS_SERVICE_ACCOUNT_CLIENT_SECRET=_<client-secret>_
+RHOAS_SERVICE_ACCOUNT_OAUTH_TOKEN_URL={sso-token-url}
+## Generated by rhoas cli
+\\## Kafka Configuration
 KAFKA_HOST=kafka-inst-cafkr-jma--lhulbl-ca.bf2.kafka.rhcloud.com:443
-\\## Service Registry Configuration
+## Service Registry Configuration
 SERVICE_REGISTRY_URL=https://bu98.serviceregistry.rhcloud.com/t/0aa1dd8b-63d5-466c-9de8-7c03320a81c2
 SERVICE_REGISTRY_CORE_PATH=/apis/registry/v2
 SERVICE_REGISTRY_COMPAT_PATH=/apis/ccompat/v6
-
-## Authentication Configuration
-RHOAS_CLIENT_ID=_<client-id>_
-RHOAS_CLIENT_SECRET=_<client-secret>_
-RHOAS_OAUTH_TOKEN_URL={sso-token-url}
 ----
 +
-As shown in the example, the file that you generate contains the endpoints for your service instances, and the credentials required to connect to those instances. The CLI automatically created a service account (under the environment variable name `RHOAS_CLIENT_ID`) that client applications can use to authenticate with the Kafka and {registry} instances.
+As shown in the example, the file that you generate contains the endpoints for your service instances, and the credentials required to connect to those instances.
 
 . Set Access Control List (ACL) permissions to enable the new service account to access resources in the Kafka instance.
 +