I'm having difficulty with authentication when accessing Google Cloud Storage from within an appengine web app. I want to use the Application Default Credentials. Maybe someone can advise me.
I have a project, with service account: "x#appspot.gserviceaccount.com".
In section IAM the project has only member, y#gmail.com (which is my email address), with role Owner.
In the project I have two Cloud Storage buckets, staging.x.appspot.com and x.appspot.com. I haven't edited their permissions.
In the project I have an appengine web app written in Java. From its code, I want to access Cloud Storage like this:
import com.google.cloud.AuthCredentials;
import com.google.cloud.storage.Storage;
AuthCredentials credentials=AuthCredentials.createApplicationDefaults();
Storage storage=StorageOptions.builder().authCredentials(credentials).build().service();
with maven dependencies
<dependency>
<groupId>com.google.appengine</groupId>
<artifactId>appengine-api-1.0-sdk</artifactId>
<version>1.9.38</version>
</dependency>
<dependency>
<groupId>com.google.auth</groupId>
<artifactId>google-auth-library-appengine</artifactId>
<version>0.4.0</version>
</dependency>
<dependency>
<groupId>com.google.cloud</groupId>
<artifactId>gcloud-java</artifactId>
<version>0.2.3</version>
</dependency>
I start the development server with
mvn clean appengine:devserver
and deploy with
mvn clean appengine:update
I would have thought that is enough.
But in devserver on one computer it works, on another computer I get exception "401 Invalid authentication" or something like that. I don't know what the difference between the computers is.
In the deployed app I get exception 403 Forbidden.
Caused by: com.google.api.client.googleapis.json.GoogleJsonResponseException: 403
{
"code" : 403,
"errors" : [ {
"domain" : "global",
"message" : "Forbidden",
"reason" : "forbidden"
} ],
"message" : "Forbidden"
}
What am I doing wrong?
As Brandon and Nick said, gcloud auth login with the google user that is the owner (so not the service account) did the trick. Thanks for your help.
Related
In our springboot project, we use only firestore, no other GCP services included
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-gcp-starter-data-firestore</artifactId>
<version>1.2.7.RELEASE</version>
</dependency>
but we always got error with GCP Credidential, I want to disable that track, how to do it?
java.io.IOException: The Application Default Credentials are not available. They are available if running in Google Compute Engine. Otherwise, the environment variable GOOGLE_APPLICATION_CREDENTIALS must be defined pointing to a file defining the credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information.
In the application property we put as:
spring
cloud:
gcp:
firestore:
enabled: true
project-id: my-firestore-project-id
credentials:
location: classpath:my-firestore-authentication-file-xxxx.json
I already tried to disabled as:
spring.cloud.gcp.logging.enabled=false
spring.cloud.gcp.trace.enabled=false
and still error, the error wont stop the application but it's disturb and how to disable that?
I recently learned that springboot 2.3.0 offers liveness/readiness. In order to implement them, I updated springboot version to 2.3.0 and added dependency spring-boot-starter-validation in pom. I updated helm chart's env section as well to contain:
name: management.health.probes.enabled
value: 'true'
name: management.endpoint.health.group.readiness.include
value: 'readinessState,db'
Is this all I need to in order to implement liveness and readiness probes for the component? If so, is there way to test this locally? My co-worker told me if I can write environment locally in application.properties, I should be able to test it locally (running postman and expose api such as /actuator/health/livness or something).
Add actuator dependency in pom
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
HTTP Probes are only configured for applications running on Kubernetes. You can give it a try locally by manually enabling the probes with the management.health.probes.enabled=true configuration property
You can check the liveness and readiness by curl or using postman to hit below endpoints
// http://localhost:8080/actuator/health/liveness
// HTTP/1.1 200 OK
{
"status": "UP",
"components": {
"livenessProbe": {
"status": "UP"
}
}
}
// http://localhost:8080/actuator/health/readiness
// HTTP/1.1 503 SERVICE UNAVAILABLE
{
"status": "OUT_OF_SERVICE",
"components": {
"readinessProbe": {
"status": "OUT_OF_SERVICE"
}
}
}
You can of course configure additional Health Indicators to be part of the Probes, checking for the state of external systems: a database, a Web API, a shared cache.
management.endpoint.health.group.liveness.include=livenessProbe,customCheck
I am having a problem please hope you can help me it seems that it does not recognize the user class.
{
"timestamp": "2020-03-29T20:22:48.166+0000",
"status": 404,
"error": "Not Found",
"message": "No message available",
"path": "/usuarios"
}
I am performing microservices, one is Zuul server, another is Eureka server and User service. Also I am trying to work the User class (which in a start was in the User service) in a different project as a library (users-commons), in which the User microservice would use it through dependency implementation in pom.xml, I did this because I will also need the User for later microservices so I decouple it.
Project where the user class is located, which will not be a project that runs an application, it will only be a library project.
enter image description here
Application.properties, from the Zuul microservice
spring.application.name = servicio-zuul-server
server.port = 8090
eureka.client.serviceUrl.defaultZone= http://localhost:8761/eureka
zuul.routes.usuarios.service-id=servicio-usuarios
zuul.routes.usuarios.path=/api/usuarios/**
In the User microservice
Uduario.Dao, I am using #RepositoryRestResource, to implement the full Crud automatically
enter image description here
in: SpringbootServicioUsuariosApplication
#SpringBootApplication
#EntityScan({"com.formacionbdi.springboot.app.usuarios.commons.models.entity"})
public class SpringbootServicioUsuariosApplication {
public static void main(String[] args) {
SpringApplication.run(SpringbootServicioUsuariosApplication.class, args);
}
}
in the pom.xml of servicio.usuario, the dependency of usuario.commons, which previously generated its jar
<dependency>
<groupId>com.formacionbdi.springboot.app.usuarios.commons</groupId>
<artifactId>springboot-servicio-usuarios-commons</artifactId>
<version>0.0.1-SNAPSHOT</version>
</dependency>
I am trying to run: localhost:8090/api/usuarios/usuarios, this is where I get the 404 error.
I have already done this same procedure in another project and I could do it without problems but in this case I don't understand what the problem is. Please hope you can help me.
I had the same problem, this is how I solved:
- First copy the package path that you have declared in your EntityScan and added it to the scanBasePackages attribute from #SpringBootApplication
- You can delete or comment the #EntityScan annotation.
So, it shoud end like that:
#SpringBootApplication(scanBasePackages = "com.formacionbdi.springboot.app.usuarios.commons.models.entity")
//#EntityScan({"com.formacionbdi.springboot.app.usuarios.commons.models.entity"})
I tried to deploy a websocket application using Tomcat 7.0 in Eclipse.
After i deployed the app on localhost, when i try to access the websocket it throws an error like this
WebSocket connection to
'ws://localhost:8080/GroupChatServer/chat?name=hari' failed: Error
during WebSocket handshake: Unexpected response code: 404
I deployed the app in
http://localhost:8080/GroupChatServer/
I tried a sample chat app from this link:
GroupChatServer
can anyone help me to solve this?
You did not provide enough details to answer the question absolutely.
But i had a similar problem
The Error during the handshake happens, because Tomcat has its own api for websockets. Thus you might have added the JSR implementation or something similar as javax.websocket-api in your pom.xml there comes a conflict at runtime.
Try to not export your Websocket-library to your webserver, thus it uses its own implementation.
If you use maven, set the websocket dependency as provided:
<!-- Provided Websocket API, because tomcat has its own implementation -->
<dependency>
<groupId>javax.websocket</groupId>
<artifactId>javax.websocket-api</artifactId>
<version>1.1</version>
<scope>provided</scope>
</dependency>
I'm using newest Azure java sdk(version 0.6), but I found I have problems when I use service bus configuration "configureWithConnectionString" function.
Here is my code below,
//get config
string connectionString = "Endpoint=sb://testservicebusnamespace.servicebus.windows.net/;SharedAccessKeyName=MySharedAccessKey;SharedAccessKey=<this is secret not show>";
config = new Configuration();
ServiceBusConfiguration.configureWithConnectionString(null, config, connectionString);
//create service
service = ServiceBusService.create(config);
And I get connection String from my service bus namespace portal in Azure. But When I run this code, it throws an exception "The key 'SharedAccessKeyName' is not valid for this connection string".
I don't know what's the problem, because I get the connection from Azure portal, and I've checked its content(the SharedAccessKeyName, SharedAccessKey), they are right.
So could anyone help me? Is it my problem or this SDK needs update(because I've heard portal already uses SAS, but SDK still uses ACS to authenticate)?
Thanks very much.
It looks like Java Azure SDK(0.6.0) still uses ACS to authenticate. See this github issue comments:
the current SDK works with service bus namespace with ACS auth mode, but not new created servicebus namespace which use SAS token auth mode. we will investigate this issue
and
One workaround is to create the service bus namespace via PowerShell.
This seems to enable the ACS auth mode by default. Command is:
New-AzureSBNameSpace -Name MyNameSpace -Location "West Europe"
Take a note of the "DefaultKey" you get after running the command. You
need to use that with the ServiceBusConfiguration and I'm not sure if
that is available via the Azure management portal. Use "owner" as the
authenticationName parameter to the configureWithWrapAuthentication.
I'm adding this answer, because I thought I was doomed. But found a new library.
This dependency (which 0.5.0 was latest version when I wrote this post)......gives you the issue.
<dependency>
<groupId>com.microsoft.windowsazure</groupId>
<artifactId>microsoft-azure-api-servicebus</artifactId>
<version>0.5.0</version>
</dependency>
Microsoft slightly altered the groupid. Here is a dependency that seems much more update to date.
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>azure-servicebus</artifactId>
<version>0.9.7</version>
</dependency>
Maven link here : https://search.maven.org/#artifactdetails%7Ccom.microsoft.azure%7Cazure-servicebus%7C0.9.7%7Cjar
So its an old question. But hopefully this points somebody in the right direction.