Closed abhikt48 closed 4 years ago
@g2vinay PTAL
Looping in @anuchandy.
@abhikt48, unfortunately thedependency conflict is a problem with very limited options to solve it. One option is pin to a specific version in the application, in your case you cannot override Jackson version to 2.10.0 in your application. The only other option I'm aware of is - Shade azure-security-keyvault-secrets
and it dependencies with Jackson 2.10.0 dependencies Relocated.
If you download the following app and run mvn package
, it should produce a file with name keyvaultshadedlib-1.0-SNAPSHOT-shaded.jar
in target dir
then your app should be able to take dependency on this produced jar. Its not clean but something we can try.
@anuchandy - Thanks a lot for providing backup option. I tried with suggested option, but it is not working as expected with Mule application. It is working fine only with maven based application but not with mule-maven.
There could be two reasons -
I replaced below 3 jars at Mule server for testing and it is working fine as expected. In real scenario - we can't replace in production. So we can't use it.
Please find attached ErrorTrace_AKV.txt.
Is it possible for you guyz to provide timeline to fix this issue, so we can plan accordingly. ? ErrorTrace_AKV.txt
@abhikt48 thanks for trying it out and sharing your insight!.
The sample app I shared shade only azure-security-keyvault-secrets
+ it's dependencies (including azure-core
) and relocate Jackson 2.10.0 references from classes in the shaded jar. I guess in your app - along with keyvaultshadedlib-1.0-SNAPSHOT-shaded.jar
, there is an explicit reference to "com.azure:azure-identity:1.0.1" which result in pulling "azure-core" (and dependencies including Jackson 2.10.0), now the Jackson conflict is back via "azure-core" in class path. This is what I understood from the 2nd point you mentioned.
I think we should include "com.azure:azure-identity:1.0.1" as well in the shaded-jar and make sure your app is not explicitly referring any other azure libs that has transitive dependency on Jackson 2.10.0.
@anuchandy - Thanks for information. Yes it is working fine after including "azure-identity" in shaded library. Temperory this issue gone. However i will look forward for permanent fixes. Please let us know once fixes are available.
@abhikt48 thanks for trying out and happy to know you were able to deploy the app.
This dependency issue is a common problem in hosted environments (Azure Data Bricks/Functions, Google Cloud Apache Spark, Mule etc..) due to env injecting conflicting libs in the class path. Shading is the only option here. Below given some of the official references on Shading from Cloud providers:
Thanks again for raising this issue @abhikt48 and thanks @g2vinay and @anuchandy for following up with helpful details on dependency conflicts as well as how to resolve them in hosted environments with jar shading.
I'm closing this issue as it is resolved and there's been no further discussion for 2 weeks. @abhikt48 please feel free to reactivate if I've missed anything.
Thanks again.
key vault jar uses 2.10.0 jackson dependency, but we need to use Jackson 2.4.3 dependency. The application is failing due to cross dependency issue. We can't upgrade the version due to big infrastructure changes.
Exception or Stack Trace Please find attached Error_Test.txt
To Reproduce
Use below dependencies in project
Get Secret - you will start getting error java.lang.IllegalAccessError: tried to access method com.fasterxml.jackson.databind.ser.std.StdSerializer
Code Snippet `ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder() .clientId(CLIENT_ID) .clientSecret(CLIENT_SECRET) .tenantId(TENANT_ID) .build(); SecretClient secretClient = new SecretClientBuilder() .vaultUrl(KEY_VAULT_URL) .credential(clientSecretCredential) .buildClient();
Expected behavior Application should run and provide secret value.
Setup (please complete the following information):