I'm writing my first bigger Quarkus Applications. Using maven and Java 11, on Windows.
At the moment, I'm trying to make it more secure. I Implemented Authentication using smallrey jwt and that worked fine. Now I'm trying to secure my application.properties by saving the secrets and keys inside a Hashicrop Vault.
I followed this guide to implement this. It´s working fine until the compilation part. If I try to compile after adding these lines to my application.property
# vault url
quarkus.vault.url=http://localhost:8200
quarkus.vault.kv-secret-engine-version=2
# vault authentication
quarkus.vault.authentication.client-token=xxx
# path within the kv secret
quarkus.vault.secret-config-kv-path=test
And try to compile it wit mvn quarkus:dev. I get this error:
ERROR: Failed to start application (with profile dev)
io.smallrye.mutiny.TimeoutException
at
io.smallrye.mutiny.operators.uni.UniBlockingAwait.await(UniBlockingAwait.java:58)
at io.smallrye.mutiny.groups.UniAwait.atMost(UniAwait.java:61)
at
io.quarkus.vault.runtime.client.VertxVaultClient.exec(VertxVaultClient.java:161)
at
io.quarkus.vault.runtime.client.VertxVaultClient.exec(VertxVaultClient.java:146)
at
io.quarkus.vault.runtime.client.VertxVaultClient.get(VertxVaultClient.java:127)
Link to the complete log. I'm a bit lost and can't read anything meaningful out of the error log, so I'm not sure where to look for the wrong configuration.
I'm not trying to access anything inside the vault at the moment.
Related
I try to use the MongoDB in the spring-boot project.
I tried a different of non-usable tutorial and stopped on the official documentation
I created cluster and now I ready to use MongoDB in my project.
Documentation says:
As I understand the pwd - this is the password, so my application.properties looks like:
spring.data.mongodb.uri=mongodb+srv://root:pass#88.155.XX.XXX.mongodb.net/mygrocerylist
spring.data.mongodb.database=mygrocerylist
this is all what I added to the application.properties - there are no other information in the tutorial.
After I started project, I receive error, that repeats every several seconds (however project still launched - I receive error even during system logging):
com.mongodb.MongoConfigurationException: No SRV records available for
host 88.155.21.126 at
com.mongodb.internal.dns.DefaultDnsResolver.resolveHostFromSrvRecords(DefaultDnsResolver.java:64)
~[mongodb-driver-core-4.4.2.jar:na] at
com.mongodb.internal.connection.DefaultDnsSrvRecordMonitor$DnsSrvRecordMonitorRunnable.run(DefaultDnsSrvRecordMonitor.java:78)
~[mongodb-driver-core-4.4.2.jar:na] at
java.base/java.lang.Thread.run(Thread.java:829) ~[na:an]
please, can anyone to explain how to exactly add MongoDB to the spring project?
I prefer to use such solution, since I need to complete the task and launch my project in the another PC. In any case - I tried to use mongoDb in the docker and this way also not work for me, and I not sure the other side use MongoDB locally.
I have a big problem, I want to send my backend to Google Cloud Run however, I get the following error when I follow this tutorial for the jvm part: https://quarkus.io/guides/deploying-to-google-cloud#deploying-to-google-cloud-run
ERROR: (gcloud.run.deploy) The user-provided container failed to start and listen on the port defined provided by the PORT=8080 environment variable. Logs for this revision might contain more information.
I tried to defined this variable in my application.yml : quarkus.http.port: 8080 but it still doesn't work :(
If you have any advice, I am interested, thank you very much
Look at https://github.com/cescoffier/polycloud-demo/blob/main/src/main/resources/application.properties.
This is part of a demo deploying on Google Cloud Run. As you can see, the port is configured using:
quarkus.http.port=${PORT:8080}
Also, make sure your application starts correctly. If there is an issue during the startup, the port is not opened.
I am trying to compile an application in Quarkus Native and monitor it using Jaeger Traicing, however, I am encountering a problem that when compiling it is taking the wrong url and not the one I should use to work with opentracing:
Example application.properties file:
quarkus.datasource.db-kind=oracle
quarkus.datasource.jdbc.driver=io.opentracing.contrib.jdbc.TracingDriver
quarkus.datasource.jdbc.url=jdbc:tracing:oracle:thin:#172.28.2.134:1522/IVR
quarkus.datasource.username=${USERNAME_CONNECTION_BD:xxxxxxxxxxxxx}
quarkus.datasource.password=${PASSWORD_CONNECTION_BD:xxxxxxxxxx}
quarkus.http.port=${PORT:8082}
quarkus.http.ssl-port=${PORT-SSl:8083}
quarkus.jaeger.service-name=find-puk-code-tracing
quarkus.jaeger.sampler-type=const
quarkus.jaeger.sampler-param=1
quarkus.jaeger.endpoint=${URL_JAEGER:http://10.161.169.24:14268/api/traces}
quarkus.native.add-all-charsets=true
quarkus.swagger-ui.path=/api/FindPukCodeBS/swagger-ui
quarkus.smallrye-openapi.path=/api/FindPukCodeBS/swagger
quarkus.swagger-ui.always-include=true
Locally it works wonderfully, but when I deploy at the kubernetes level it is not taking the url correctly, as follows::
quarkus.datasource.jdbc.url=jdbc:tracing:oracle:thin:#172.28.2.134:1522/IVR
In the logs that appear to me it seems to take the url without the word tracing, however as you can see at the log level it prints the url that is being passed in the application.properties:
That could be happening? I don't understand, and I don't have the value burned anywhere, I'm taking it directly from the application.properties.
I have a small Spring Boot app, using Spring Cloud AWS (1.0.0.RELEASE) to access SQS queue. It is beeing deployed on an EC2 instance with Instance Profile set. It appears that AWS side of things is working, as I can access both relevant metadata links: iam/info and iam/security-credentials/role-name, and they do contain correct information. Just to be sure, I've used aws cmdline utility (aws sqs list-queues) and it does work, so I guess setup is ok. However, when the app starts, it reads application.properties (which contains line cloud.aws.credentials.instanceProfile=true) then drops following warning: com.amazonaws.util.EC2MetadataUtils: Unable to retrieve the requested metadata and finally throws following exception:
Caused by: com.amazonaws.AmazonServiceException: The security token included in the request is invalid. (Service: AmazonSQS; Status Code: 403; Error Code: InvalidClientTokenId; Request ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1071)
at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:719)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:454)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:294)
at com.amazonaws.services.sqs.AmazonSQSClient.invoke(AmazonSQSClient.java:2291)
at com.amazonaws.services.sqs.AmazonSQSClient.getQueueUrl(AmazonSQSClient.java:516)
at com.amazonaws.services.sqs.buffered.AmazonSQSBufferedAsyncClient.getQueueUrl(AmazonSQSBufferedAsyncClient.java:278)
at org.springframework.cloud.aws.messaging.support.destination.DynamicQueueUrlDestinationResolver.resolveDestination(DynamicQueueUrlDestinationResolver.java:78)
at org.springframework.cloud.aws.messaging.support.destination.DynamicQueueUrlDestinationResolver.resolveDestination(DynamicQueueUrlDestinationResolver.java:37)
at org.springframework.messaging.core.CachingDestinationResolverProxy.resolveDestination(CachingDestinationResolverProxy.java:88)
at org.springframework.cloud.aws.messaging.listener.AbstractMessageListenerContainer.start(AbstractMessageListenerContainer.java:295)
at org.springframework.cloud.aws.messaging.listener.SimpleMessageListenerContainer.start(SimpleMessageListenerContainer.java:38)
at org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:173)
... 17 common frames omitted
...which means that for some reason Spring Cloud AWS is not picking up on Instance Profile credentials. I've enabled debug log level on com.amazonaws.request and it appears that request is sent without access key and secret key.
DEBUG --- com.amazonaws.request : Sending Request: POST https://sqs.eu-west-1.amazonaws.com / Parameters: (Action: GetQueueUrl, Version: 2012-11-05, QueueName: xxxxxxxxxxxxx, ) Headers: (User-Agent: aws-sdk-java/1.9.3 Linux/3.14.35-28.38.amzn1.x86_64 Java_HotSpot(TM)_64-Bit_Server_VM/25.45-b02/1.8.0_45 AmazonSQSBufferedAsyncClient/1.9.3, )
Anybody has any idea what am I missing or at least any hints how to further debug this?
EDIT: After going through spring-cloud-aws code a bit, I've kinda moved forward. Configuration file application.properties bundled with jar had some text value for accessKey and secretKey. My customized application.properties haven't got those properties and that probably caused spring to use values in bundled file as defaults. I've included them with empty values, which changed the exception to com.amazonaws.AmazonClientException: Unable to load AWS credentials from any provider in the chain. It appears that AWS SDK is configured with DefaultProviderChain, yet it still fails to pick up instance profile credentials.
The solution to this problem comes from two distinct facts.
Instance profile credentials are going to be used only and only if application.properties has instanceProfile property set to true and accessKey set to null (ContextCredentialsAutoConfiguration).
Even if you will provide your custom application.properties file, Spring is going to read application.properties file bundled with app jar (if it does exist). If that's the case, properties from both files will sum up to create an execution enviroment. I suspect that bundled file is parsed first, then custom second, overriding any property present in bundled file.
In my case, bundled application.properties had accessKey and secretKey placeholders (with phony values) which were filled out by developer whenever he wanted some testing outside of EC2 enviroment. That made accessKey not null and therefore, excluded instance profile path. I just removed the application.properties file from jar and that solved the problem.
cloud:
aws:
credentials:
accessKey:
secretKey:
instanceProfile: true
useDefaultAwsCredentialsChain: true
This would do the trick, if you were using the latest (2.X.X) Spring AWS Cloud.
I am trying for several hours to get the HornetQ Examples running in Eclipse. Using the Standalone Examples everything works fine, but when I run the examples in Eclipse I get the following error:
javax.jms.JMSSecurityException: Unable to validate user: null
What could this error mean? Where do I have to specify the user? Maybe HornetQ tries to look this user up in "Some Context/Properties" etc , but I do not know where and how to specifiy the user HornetQ is running under.
What i did:
1.)Started Default HornetQ Server with the start.sh Script in the ./bin directory
2.)Copied the QueueExample over to eclpise
3.)Did some minor changes in the config files (to have the same Queue Names...)
(I also tried to disable security completely by setting:
<security-enabled>false</security-enabled>
but with no success, always getting the same error. Also when trying to programmatically instance HornetQ only via classes I get this error too).
Thank you very much!!
Jens
Did you have a look at this thread? It seems you need to the permission 'createTempQueue' to the example role.