I am using spring boot with azure's keyvault
<dependency>
<groupId>com.azure.spring</groupId>
<artifactId>azure-spring-boot-starter-keyvault-secrets</artifactId>
</dependency>
but there is a problem, when I want to update secret.
How to force for example via rest api lets say, refresh of this value ?
#Value("${x-value}") private val xValue: String = "0"
thanks!
Can you rephrase you're question to clarify what exactly do you want to refresh? If you want to refresh the value from AKV (AKV secret changes -> value in code changes) you need to use environment to get the property:
#Autowired
Environment environment
...
xValue = environment.getProperty("x-value");
because #Value() is set during construction of the component. It won't change during it's lifetime.
If you want the change the AKV contents: this is not the purpose of azure-spring-boot-starter-keyvault-secrets.
Related
I read everywhere #RefreshScope for cloud bus applications work with RabbitMQ and Kafka. But in my case, I am using AWS Parameter store. I want all my client instances to be refreshed automatically without rebuilding servers on AWS Console.
I created AWS Eventbridge from Paramstore to notify Kinesis Stream but I am not able to figure out how can it notify all my client nodes instead of load balancer refresh to only one node(instance).
Thank you for responding in advance.
I've never worked with AWS Eventbridge / Kinesis, however:
#RefreshScope is something that belongs to spring cloud and not not AWS.
More precisely, beans defined with this scope will be re-loaded by spring without reloading the whole application context "dynamically" when configuration changes in spring boot cloud configuration service. Usually this means that you don't have to restart the application.
Now, spring boot microservice should be deployed with actuator that exposes refresh endpoint. Calling this endpoint manually will cause all the #RefreshScope beans to reload.
Here is the source code of the RefreshEndpoint:
#Endpoint(id = "refresh")
public class RefreshEndpoint {
private ContextRefresher contextRefresher;
public RefreshEndpoint(ContextRefresher contextRefresher) {
this.contextRefresher = contextRefresher;
}
#WriteOperation
public Collection<String> refresh() {
Set<String> keys = this.contextRefresher.refresh();
return keys;
}
}
As you see, its merely invokes contextRefresher.refresh(), ContextRefresher is a bean that you can inject in your custom code that will listen to the changes coming from AWS Parameter store (it should somehow invoke it directly or maybe send some message that you could consume or something).
If you're using spring-cloud-bus (disclaimer, I've never worked with it) it exposes the bus-refresh endpoint as well (pretty similar mechanism to what I've described), read spring-cloud-bus documentation for more details.
Thank you Team for sharing info.
Here is what I did to make it work. Added these two libraries to my project
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-stream-binder-kinesis</artifactId>
<version>1.1.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-bus</artifactId>
</dependency>
And added these two entries into bootstrap.properties
cloud.aws.region.static=us-east-1
cloud.aws.stack.auto = false
And refreshing using this endpoint (/bus-refresh)
I have spring boot micro-service with database credentials define in the application properties.
spring.datasource.url=<<url>>
spring.datasource.username=<<username>>
spring.datasource.password=<<password>>
We do not use spring data source to create the connection manually. Only Spring create the database connection with JPA.(org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration)
We only provide the application properties, but spring create the connections automatically to use with the database connection pool.
Our requirement to enhance the security without using db properties in clear text. Two possible methods.
Encrypt the database credentials
Use the AWS secret manager. (then get the credential with the application load)
For the option1, jasypt can be used, since we are just providing the properties only and do not want to create the data source manually, how to do to understand by the spring framework is the problem. If better I can get some working sample or methods.
Regarding the option-2,
first we need to define secretName.
use the secertName and get the database credentials from AWS secret manager.
update the application.properties programatically to understand by spring framework. (I need to know this step)
I need to use either option1 and option2. Mentioned the issues with each option.
What you could do is use environment variables for your properties. You can use them like this:
spring.datasource.url=${SECRET_URL}
You could then retrieve these and start your Spring process using a ProcessBuilder. (Or set the variables any other way)
I have found the solution for my problem.
We need to define org.springframework.context.ApplicationListenerin spring.factories file. It should define the required application context listener like below.
org.springframework.context.ApplicationListener=com.sample.PropsLoader
PropsLoader class is like this.
public class PropsLoader implements ApplicationListener<ApplicationEnvironmentPreparedEvent> {
#Override
public void onApplicationEvent(ApplicationEnvironmentPreparedEvent event) {
ConfigurableEnvironment environment = event.getEnvironment();
String appEnv = environment.getProperty("application.env");
//set new properties based on the application environment.
// calling other methods and depends on the enviornment and get the required value set
Properties props = new Properties();
props.put("new_property", "value");
environment.getPropertySources().addFirst(new PropertiesPropertySource("props", props));
}
}
spring.factories file should define under the resources package and META-INF
folder.
This will set the application context with new properties before loading any other beans.
We are currently using below. It's quite old, but cannot upgrade to higher version now
`
<dependency>
<groupId>org.infinispan</groupId>
<artifactId>infinispan-spring3</artifactId>
<version>6.4.0.Final-redhat-4</version>
</dependency>
<dependency>
<groupId>org.infinispan</groupId>
<artifactId>infinispan-client-hotrod</artifactId>
<version>6.4.0.Final-redhat-4</version>
</dependency>
`
We have modified our code from something with a direct JDG implementation (as shown below) to SpringRemoteCacheManager in an XML based configuration file and are using Spring cache:advice to define cacheable, cahce-put, cache-evict methods.
See Current code where we have control to add expiry time. We want to do similar thing with Spring - Infinispan as well. With Spring - Infinispan we do not write any application code that puts/gets objects in/from cache as its handled by Spring annotations (#Cacheable / #CachePut)
Appreciate if anyone can provide any pointers
RemoteCache<Object, Object> cache = jdgRemoteCacheManager.getCache(cacheName);
cache.put(keyName, object, 15, TimeUnit.MINUTES);
Unfortunately Spring Cache support doesn't provide such methods (see the Javadocs). So it seems the only way is to use the RemoteCache API provided by Infinispan.
Perhaps you could implement your own #Cacheable annotation and implement all the functionality you need. But that's a Spring question really...
I am playing around with the Google Cloud DLP Java library. I've set up my service credentials and saved them in a JSON file as per the instructions here:
https://cloud.google.com/dlp/docs/libraries.
The documentation states that the preferred way to authenticate is by setting the environment variable GOOGLE_APPLICATION_CREDENTIALS to point to the path of the JSON file that contains the credentials. This is not all that practical in my case. I have a Spring Boot application where all the code (as well as the JSON file with the credentials) is embedded in a "fat jar". I can easily use the class loader to obtain an InputStream to the resource, but I can't really point to it inside the jar file from an environment variable. It's also not practical to create an environment variable from within a running JVM without resorting to hacks like using reflection, etc.
Some other Google Cloud libraries have service classes that can be initialized with a GoogleCredentials object, but I haven't found a way of doing this with the DLP library. Is there any way of passing a GoogleCredentials into the DlpServiceClient?
I ended up figuring it out after quite a bit of Googling. This worked fine:
Resource r = new ClassPathResource("/path-to-my-cred-file.json");
GoogleCredentials creds = GoogleCredentials.fromStream(r.getInputStream());
DlpServiceSettings settings = DlpServiceSettings.newBuilder()
.setCredentialsProvider(FixedCredentialsProvider.create(creds)).build();
try (DlpServiceClient dlpServiceClient = DlpServiceClient.create(settings)) {
///... other stuff here ...
}
Using Document AI the following worked for me:
GoogleCredentials credentials = GoogleCredentials.fromStream(new FileInputStream("path-to-json-file"))
.createScoped(Lists.newArrayList("https://www.googleapis.com/auth/cloud-platform"));
DocumentProcessorServiceClient client = DocumentProcessorServiceClient.create(
DocumentProcessorServiceSettings.newBuilder()
.setEndpoint("eu-documentai.googleapis.com:443")
.setCredentialsProvider(FixedCredentialsProvider.create(credentials))
.build()
);
...
ProcessResponse result = client.processDocument(request);
Taken from here https://www.googlecloudcommunity.com/gc/AI-ML/DocAI-Response-in-a-single-json-file/m-p/491257
If you use maven, "GoogleCredentials" is not visible at compile-time but only at runtime.
You have to configure something like that:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.google.auth</groupId>
<artifactId>google-auth-library-oauth2-http</artifactId>
<version>1.11.0</version>
<scope>compile</scope>
</dependency>
</dependencies>
</dependencyManagement>
At the project with Spring Boot we use application.properties but need to configure some of these properties (like port number of logging level) based on an external configuration. We access the configuration via API so it is known only at runtime.
Is there a way to override or set some Spring properties at runtime (for example using a bean) and if yes how can this be achieved?
You could do this with Spring Cloud Config
Just for the purpose of illustration, here's a relatively quick way to see dynamic property overrides at runtime:
First, for your bean to be able to pick up changed properties, you need to annotate it with
#RefreshScope
Add the spring cloud dependency to your spring boot app, eg for gradle
compile group: 'org.springframework.cloud', name: 'spring-cloud-starter', version: '1.1.1.RELEASE'
( NB You also need the spring boot actuator dependency.)
With the app running, you can view your current config at eg
http://localhost:8080/env
eg if you have a property 'my.property' in application.properties, you'll see something like:
"applicationConfig: [classpath:/application.properties]": {
"my.property": "value1",
etc
To change the value, POST my.property=value2 to /env as application/x-www-form-urlencoded
eg
curl -X POST http://localhost:8080 -d my.property=value2
GET /env again and you'll see the new value appears under the "manager" section
To apply the changed properties, do an empty POST to /refresh. Now your bean will have the new value.
Could you use system properties to pass in the variable? If you configure the PropertyPlaceholderConfigurer you can set the precedence of system properties vs file properties.
For example, something like:
#Bean public PropertyPlaceholderConfigurer placeHolderConfigurer() {
PropertyPlaceholderConfigurer props = new PropertyPlaceholderConfigurer()
props.setSystemPropertiesMode( PropertyPlaceholderConfigurer.SYSTEM_PROPERTIES_MODE_OVERRIDE )
props.setLocations(new
PathMatchingResourcePatternResolver().getResources("classpath:/**.properties"));
props
}
The above would load your .properties file, but we set the priority to be system variables first, so if you set a system variable that will override the same variable in the config.
Alternatively, looking at the docs, Spring recommends defining a search order in your Environment:
[PropertyPlaceholderConfigurer is still appropriate for use when]
existing configuration makes use of the "systemPropertiesMode" and/or "systemPropertiesModeName" properties. Users are encouraged to
move away from using these settings, and rather configure property
source search order through the container's Environment; however,
exact preservation of functionality may be maintained by continuing to
use PropertyPlaceholderConfigurer.
Hopefully one of the above should sort out what you need?