I am using spring-cloud-starter-aws-secrets-manager-config 2.3.3 for a spring boot application which works perfectly in my local pointing to stage environment where i configure AWS_PROFILE to fetch secrets.
spring.config.import=aws-secretsmanager:service/xyz/stage-v2/email/smtp;
service/xyz/stage-v2/ex/db/token
<dependency>
<groupId>io.awspring.cloud</groupId>
<artifactId>spring-cloud-starter-aws-secrets-manager-config</artifactId>
<version>2.3.3</version>
</dependency>
In stage environment i am setting up instance profile and a assume role profile.
with the same role setup other applications run but they are not spring based.
but application fails to fetch secret values with below error :
Config data resource '[AwsSecretsManagerConfigDataResource#71560f51 context = 'service/xyz/stage-v2/ex/db/token', optional = false]' via location 'aws-secretsmanager:service/xyz/stage-v2/email/smtp;service/xyz/stage-v2/ex/db/token' does not exist
I am configuring an instance profile in databricks which does not have access to my secrets.But it is allowed another assume role which has access.
Recently upon debugging i found that spring application is trying to access aws with instance profile account Id instead of the assumedRole.
So i just need to know how do we pass the assumableRole to spring boot app.
I have a Spring boot app running on Google Cloud Run, and I want to connect to a postgres instance running on Google Cloudsql. I am able to connect using Spring Cloud GCP starter project.
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-gcp-starter-sql-postgresql</artifactId>
</dependency>
But I don't want to add this dependency.
I was able to connect from my local app by using using the postgressql plugin and specifying spring.datasource.url=*** after creating a Cloud proxy.
But when I tried doing the same from cloud run after using gcloud beta run deploy --add-cloudsql-instances <INSTANCE-ID> it doesn't work. According to https://cloud.google.com/run/docs/configuring/connect-cloudsql, --add-cloudsql-instances automatically creates a Cloud proxy. So why doesn't it work?
Thanks.
This doesn't work because Java doesn't support Unix domain sockets. The Spring Cloud GCP circumvents this by using the Cloud SQL JDBC Socket Factory.
You can use the Socket Factory directly by adding it your your pom (and updating your URL as specified in the README).
I am trying to setup a Spring Boot Admin server on a Cloud foundry. I am using the client Spring Cloud Discovery with SimpleDiscoveryClient configuration. We are not having any Thrid Party service discovery client like eureka. I can see the service getting registered to the spring boot admin server. But when i scale up any service, i see only one instance of that service and the actual number of instances are not reflected. I would like to know if that is possible without Eureka or any other service discovery, if yes how to achieve that without them.
Thanks
I am trying to connect from my Spring Boot (2.0.1) Web Application to an Azure SQL DB using Azure AD (with the Application as the DB user) but cannot seem to connect the dots.
I followed the steps for Connecting using Azure AD Auth. However, I get a failed login.
I'm assuming that's because without setting the 'authentication' property in the JDBC url, it's just authenticating against the database directly (user created using CREATE USER <> FROM EXTERNAL PROVIDER from instructions)?
Is there a way to configure the spring datasource/jdbc libraries to use the proper Azure AD authentication (adal4j-1.6.3) while connecting? The example does this in code, but I'm having trouble finding the proper configurations.
I tried using 'authentication=ActiveDirectoryPassword', but kept getting a 'AADSTS50034: The user account does not exist in the directory' error.
spring.datasource.url="jdbc:sqlserver://myServer.database.windows.net:1433;database=myDB;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;applicationName=myApp;"
spring.datasource.username: <user>
spring.datasource.accessToken: <key>
The bigger goal is to secure my database access to specific apps. I had added my app as a Reader on my server and ideally would authenticate as that application to track usage/analytics/etc from that app.
I apologize if this is way off, I'm new to Azure and Oauth. Thanks.
For me the below properties and dependencies worked:
Instead of using adal4j I have used msal4j(recommended by Microsoft)
spring:
datasource:
url: jdbc:sqlserver://<Azure SQL Server Name>.database.windows.net:1433;databaseName=<DB Name>;encrypt=true;loginTimeout=30
username: <UserName>
password: <Password>
driver-class-name: com.microsoft.sqlserver.jdbc.SQLServerDriver
hikari:
data-source-properties:
authentication: ActiveDirectoryPassword
pom.xml
<dependency>
<groupId>com.microsoft.sqlserver</groupId>
<artifactId>mssql-jdbc</artifactId>
<version>9.2.1.jre8</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.microsoft.azure/msal4j -->
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>msal4j</artifactId>
<version>1.9.1</version>
</dependency>
There is no way to configure Spring to use an application Id + key from Azure AD in place of username/password when connecting to Azure SQL DB. The only way I found was to modify code and create a #Bean method that returned an SQLServerDataSource where I manually retrieve a Client Credential access token and pass that into the data source.
Connecting using an access token - shows how to retrieve token and set on data source
Creating a custom Data Source - shows how to use Spring to create and use custom data source
Also be aware of token management (see my other question).
Including dependency adal4j with below configuration would help
spring.datasource.username=\<your AD username\>
spring.datasource.password=\<your AD password\>
spring.datasource.hikari.data-source-properties.authentication=ActiveDirectoryPassword
Please confirm that you are using a User that exists in the database and is a user in the same tenant where your database exists. If you are using a version of the Microsoft JDBC Driver that is earlier than the 4.0 version, you are also required to append the server name to the UserId to the connection string.
https://learn.microsoft.com/en-us/sql/connect/jdbc/connecting-to-an-azure-sql-database?view=sql-server-2017
I am deploying Spring Boot Application in Amazon BeanStalk.
Created a new RDS Postgres instance and connected to that instance using Postgres Client Application. Then created a new database in that. Then Changed database configuration to that instance in my local system Spring boot application. Then I able to connect to that database and use it through the application. But when deployed as a war file in Amazon Beanstalk. It is not working. Showing error as
Unable to obtain JDBC Connection
Any Solution?
Thanks in Adavance