DOCSP-26307 FLE Java Automatically Generate Credentials with AzureVM (#2501)

* draft note change

* managed identity notes

* wording update

* wording

* clean up code

* more wording

* add to QE

* chris feedback

Author: jordan-smith721

source/includes/queryable-encryption/tutorials/automatic/azure/client.rst

@@ -105,6 +105,8 @@
                :language: java
                :dedent:
 
+            .. include:: /includes/tutorials/automatic/azure/azure-vm-managed-identity.rst
+
          .. tab::
             :tabid: go
 

source/includes/queryable-encryption/tutorials/automatic/azure/dek.rst

@@ -10,12 +10,6 @@
 
       .. include:: /includes/queryable-encryption/tab-note.rst
 
-      .. tip::
-
-         You recorded your {+azure-kv+} credentials in the
-         in the :ref:`Register Your Applitcation with Azure <qe-tutorial-automatic-azure-register>`
-         step of this guide.
-
       .. tabs-drivers::
 
          .. tab::
@@ -54,6 +48,8 @@
                :language: java
                :dedent:
 
+            .. include:: /includes/tutorials/automatic/azure/azure-vm-managed-identity.rst
+
          .. tab::
             :tabid: go
 
@@ -72,11 +68,6 @@
                :language: csharp
                :dedent:
 
-      .. tip:: Learn More
-
-         To learn more about the KMS provider object for {+azure-kv+}, see
-         :ref:`qe-reference-kms-providers-azure`.
-
    .. step:: Add Your Key Information
 
       Update the following code to specify your {+cmk-long+}:

source/includes/queryable-encryption/tutorials/automatic/azure/record-credentials.rst

@@ -0,0 +1,10 @@
+.. important:: Record your Credentials
+      
+    Ensure you record the following credentials:
+
+    - **Tenant ID**
+    - **Client ID**
+    - **Client secret**
+
+    You will need them to construct your ``kmsProviders`` object
+    later in this tutorial.

source/includes/queryable-encryption/tutorials/automatic/azure/register.rst

@@ -13,13 +13,39 @@
       `Register an application with the Microsoft identity platform <https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app>`__
       Quick Start.
 
-      .. important:: Record your Credentials
+      .. tabs-drivers::
 
-         Ensure you record the following credentials:
+         .. tab::
+            :tabid: nodejs
 
-         - **tenant id**
-         - **client id**
-         - **client secret**
+            .. include:: /includes/queryable-encryption/tutorials/automatic/azure/record-credentials.rst
 
-         You will need them to construct your ``kmsProviders`` object
-         later in this tutorial.
+         .. tab::
+            :tabid: python
+
+            .. include:: /includes/queryable-encryption/tutorials/automatic/azure/record-credentials.rst
+
+         .. tab::
+            :tabid: java-sync
+
+            .. important:: Record your Credentials
+      
+               Ensure you record the following credentials:
+
+               - **tenant id**
+               - **client id**
+               - **client secret**
+      
+               Unless you are running your client within an Azure Virtual
+               Machine, you will need these credentials to construct your
+               ``kmsProviders`` object later in this tutorial.
+
+         .. tab::
+            :tabid: go
+
+            .. include:: /includes/queryable-encryption/tutorials/automatic/azure/record-credentials.rst
+
+         .. tab::
+            :tabid: csharp
+
+            .. include:: /includes/queryable-encryption/tutorials/automatic/azure/record-credentials.rst

source/includes/tutorials/automatic/azure/azure-vm-managed-identity.rst

@@ -0,0 +1,15 @@
+.. tip:: Azure Virtual Machine Managed Identities
+
+         If your client runs on an Azure Virtual Machine (VM), you can allow the
+         VM to use its Managed Identity to authenticate to your key vault.
+
+         To allow the Azure VM to automatically provide your credentials,
+         assign an empty map instead of one that contains your Azure
+         credentials as shown in the following code:
+
+         .. code-block:: java
+
+             String kmsProvider = "azure";
+             Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>();
+             Map<String, Object> providerDetails = new HashMap<>();
+             kmsProviders.put(kmsProvider, providerDetails);

source/includes/tutorials/automatic/azure/client.rst

@@ -69,6 +69,8 @@
                :language: java
                :dedent:
 
+            .. include:: /includes/tutorials/automatic/azure/azure-vm-managed-identity.rst
+
          .. tab::
             :tabid: nodejs
 

source/includes/tutorials/automatic/azure/dek.rst

@@ -8,12 +8,6 @@
       Add the service account credentials to your CSFLE-enabled client
       code.
 
-      .. tip::
-
-         You recorded your {+azure-kv+} credentials in the
-         in the :ref:`Register Your Applitcation with Azure <csfle-tutorial-automatic-azure-register>`
-         step of this guide.
-
       .. tabs-drivers::
 
          .. tab::
@@ -25,6 +19,8 @@
                :language: java
                :dedent:
 
+            .. include:: /includes/tutorials/automatic/azure/azure-vm-managed-identity.rst
+
          .. tab::
             :tabid: nodejs
 
@@ -61,11 +57,6 @@
                :language: go
                :dedent:
 
-      .. tip:: Learn More
-
-         To learn more about the KMS provider object for {+azure-kv+}, see
-         :ref:`csfle-reference-kms-providers-azure`.
-
    .. step:: Add Your Key Information
 
       Update the following code to specify your {+cmk-long+}:

source/includes/tutorials/automatic/azure/record-credentials.rst

@@ -0,0 +1,10 @@
+.. important:: Record your Credentials
+      
+    Ensure you record the following credentials:
+
+    - **Tenant ID**
+    - **Client ID**
+    - **Client secret**
+
+    You will need them to construct your ``kmsProviders`` object
+    later in this tutorial.

source/includes/tutorials/automatic/azure/register.rst

@@ -12,14 +12,41 @@
       follow Microsoft's official
       `Register an application with the Microsoft identity platform <https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app>`__
       Quick Start.
+   
+      .. tabs-drivers::
+
+         .. tab::
+            :tabid: nodejs
+
+            .. include:: /includes/tutorials/automatic/azure/record-credentials.rst
+
+         .. tab::
+            :tabid: python
+
+            .. include:: /includes/tutorials/automatic/azure/record-credentials.rst
+
+         .. tab::
+            :tabid: java-sync
+
+            .. important:: Record your Credentials
 
-      .. important:: Record your Credentials
+               Ensure you record the following credentials:
+
+               - **tenant id**
+               - **client id**
+               - **client secret**
 
-         Ensure you record the following credentials:
+               Unless you are running your client within an Azure Virtual
+               Machine, you will need these credentials to construct your
+               ``kmsProviders`` object later in this tutorial.
+
+         .. tab::
+            :tabid: go
+
+            .. include:: /includes/tutorials/automatic/azure/record-credentials.rst
+
+         .. tab::
+            :tabid: csharp
 
-         - **tenant id**
-         - **client id**
-         - **client secret**
+            .. include:: /includes/tutorials/automatic/azure/record-credentials.rst
 
-         You will need them to construct your ``kmsProviders`` object
-         later in this tutorial.