I'm rather new to Spring Boot, and I'm having a tough time on a seemingly simple problem. I have setup a Google Cloud Run instance with a secret mounted in a volume - it's a JSON file with a firebase token. As shown in the screenshot below, the file's mount path is /secrets
Based on this, I was expecting to simply need to do the following in my Spring Boot app to load the file and initialize Firebase:
File file = new File("secrets/firebase-token");
FileInputStream fileInputStream = new FileInputStream(file);
var credentials = GoogleCredentials.fromStream(fileInputStream);
var options = FirestoreOptions.newBuilder().setCredentials(credentials).build();
What am I doing wrong? Is there a special way to access the volume's path in Cloud Run?
Thanks in advance!!
P.S: this works well in localhost with a firebase-token path on my machine.
Related
So the title says pretty much it all. I have a spring-boot based Microservices and I need to supply everything which usually goes to application.properties via AWS AppConfig. How can I do this? I've created a sample project, but how can I do this for the database URL?
If I had correctly understand the question then you need to configure the application properties through the AWS Config. On high level, AWS Config has Configuration Profile where you can store the configurations. The config profile can be in YML, JSON or text document format. Here is the official documentation of AWS config.
I am using AWS SQS, SNS, and S3 services. So for that i have created the roles and queues in aws. Now I have roles ARNs and Queues ARNs. How can I connect to these services through my spring boot app?
I have gone through this link, but i didn't get how to use the cerdentials from AWSCredentialsProvider. Please help me in this.
Thanks in advance!
"I didn't get how to use the cerdentials from AWSCredentialsProvider."
I am going to answer this question using the recommended SDK - which is AWS SDK for Java V2. You may find V1 in old online content - but using V1 is not best practice.
There are different ways of handling creds when writing a Java App that uses AWS SDK for Java V2 - including a Spring BOOT app.
You can use an Environment variable provider:
Region region = Region.US_EAST_1;
RdsDataClient dataClient = RdsDataClient.builder()
.credentialsProvider(EnvironmentVariableCredentialsProvider.create())
.region(region)
.build();
You can use the shared credentials and config files. This reads your creds from a Credential file located under .aws.
Region region = Region.US_EAST_1;
RdsDataClient dataClient = RdsDataClient.builder()
.region(region)
.build();
You can use a StaticCredentialsProvider where you put your creds in the code.
AwsBasicCredentials credentials = AwsBasicCredentials.create("<KEY>", "<Secret Key>");
StaticCredentialsProvider staticCredentials = StaticCredentialsProvider.create(credentials);
Region region = Region.US_EAST_1;
DynamoDbClient ddb = DynamoDbClient.builder()
.region(region)
.credentialsProvider(staticCredentials)
.build();
All of these credential ways are explained in the AWS Java V2 Developer Guide -- which I strongly recommend that any developer programming with the AWS SDK for Java V2 SDK read.
Finally, you will find code examples of writing a Spring BOOT example with the AWS SDK for Java v2 in the AWS Github code repo. For example.
Creating your first AWS Java web application
This creates an example Spring Boot web app that submits data to an Amazon DynamoDB table.
So the idea is that Assuming Roles is not application part, it's the infra service where your application is executing on.
For e.g.: If you have Spring Boot application running on EC2 (or Fargate, or Lambda, or Elastic Beanstalk or anywhere in AWS) that EC2 should have assumed the role. The "role" then should have rights to access SQS (or any service). Now when your application will try to use SQS running on EC2 with right role, everything will be fine.
If you're testing the code on your machine then it will not work as your machine has not assumed the role.
I create a Spring Cloud Config server. I put security in my application.properties file
security.basic.enabled=false
security.user.name=1user
security.user.password=123
When I try to log to the application with the name and password, I always get
Bad credentials
I tried to put enabled to true but get same result. I saw in the command line then spring generate random password like
69dfeb52-6320-4085-bcd1-22ee7a3676a2
if I use with with username user, I can connect.
>
Hi Robert Trudel
If you are using Spring Boot 2.x, then you need to prefix these properties with spring
as shown below:
spring.security.user.name=1user
spring.security.user.password=123
Also, you do not need this security.basic.enabled=false.
Hope this helps!
The spring cloud config server can serve plain text files as described here: https://cloud.spring.io/spring-cloud-config/multi/multi__serving_plain_text.html
I am able to get the plain text file if I curl the cloud server url as
curl http://config.server:8001/config-server/ConfigData/default/master/plainTxtFile.json (file is in private github repo.)
So in a spring boot application, which uses config server as to get the configuration I can also get the file by accessing the above url via code.
Is there a way where I can define a 'configClient' and access file as configClient.getResource(), rather than getting it from url
No, unfortunately:
This was not implemented in the open source project.
See: https://github.com/spring-cloud/spring-cloud-config/issues/789
I am new to AWS and Spring Cloud. I have accomplished a simple AWS Java Application where the AWS credentials are stored in ~/.aws/credentials file. It works just fine. I moved to a new project in Spring Boot and Spring Cloud. I would like to continue using the ~/.aws/credential that I have set up for the Java application. However, I have not been able to find a way to load the credentials from the credentials file. I had to move the access key and secret key to the aws-config.xml.
<aws-context:context-credentials>
<aws-context:simple-credentials access-key="${accessKey:}" secret-key="${secretKey:}"/>
<aws-context:context-resource-loader/>
When I accomplished this, the Spring Boot and Spring Cloud application worked fine. However, keeping the information in the xml file is not the safest way because I am using GitHub.
Can someone point me in the direction whereby I can pull the information from the ~/.aws/credentials file into Spring Boot /Spring Cloud using Maven?
Thank you for taking the time reading my post.
Russ
try below settings
cloud:
aws:
credentials:
instanceProfile: false
useDefaultAwsCredentialsChain: false
profileName: <name>
profilePath: ${user.home}/.aws/credentials
Instance Profile sounds like the right option!
It's a IAM-role that lives on instances, without the need to hardcode credentials in code.
Spring Cloud's Maven setup guide :)