maciejwalkowiak
commented
2 years ago What's the value of ${spring.profiles.active}? Has this setup worked before with Spring Cloud AWS 2.3.4?
Closed andyrozman closed 2 years ago
maciejwalkowiak
commented
2 years ago What's the value of ${spring.profiles.active}? Has this setup worked before with Spring Cloud AWS 2.3.4?
andyrozman
commented
2 years ago So the value is zumzum-dev04 (zumzum is replacement from company name). This worked with with Spring Boot 2.2.1-RELEASE and Spring Cloud Hoxton.SR1. We haven't updated Spring since the project started (which was in 2019).
andyrozman
commented
2 years ago I think I found the problem... So in file io.awspring.cloud.secretsmanager.AwsSecretsManagerProperties you have defined: private static final Pattern PREFIX_PATTERN = Pattern.compile("(/)?([a-zA-Z0-9.\-]+)(?:/[a-zA-Z0-9]+)"); in old code (before split), this is defined as this: private static final Pattern PREFIXPATTERN = Pattern.compile("(/[a-zA-Z0-9.\-]+)");
I checked. My secret-manager prefix: "/secret/zumzum-dev04" works with old implementation, but not with new.
If I change implementation, few parts of your tests stop working. The ones that have prefix "secret".
If you change it into this, then it would work for your case and mine: private static final Pattern PREFIX_PATTERN = Pattern.compile("(/)?([a-zA-Z0-9.\-]+)(?:/[a-zA-Z0-9.\-]+)*");
Would it be possible to fix this and make new 2.4 release with this change? I think that in next few weeks you might get few more users (that will try to upgrade to newest boot and some might have similar problem).
Also if I might suggest, when Exception is thrown, it would be nice to see what the input string was.
So something like this: if (StringUtils.hasLength(prefix) && !PREFIX_PATTERN.matcher(prefix).matches()) { throw new ValidationException(CONFIG_PREFIX + ".prefix", "The prefix must have pattern of: " + PREFIX_PATTERN.toString() + ", input prefix was: \"" + prefix + "\""); }
maciejwalkowiak
commented
2 years ago Would it be possible to fix this and make new 2.4 release with this change? I think that in next few weeks you might get few more users (that will try to upgrade to newest boot and some might have similar problem).
Yes, will be fixed and released.
andyrozman
commented
2 years ago What is release timeline for this?
maciejwalkowiak
commented
2 years ago Once we get #303 right meaning today/tomorrow/Monday 2.4.1 should be released.
andyrozman
commented
2 years ago Great. Thank you for all your great work...
maciejwalkowiak
commented
2 years ago
Type: Bug
Component: "Secrets Manager"
Describe the bug So because of Spring Vulnerability I have to upgrade my Spring Boot from 2.2 to 2.6.6. This changes also include Cloud upgrade (2021.0.1) and of course switching to io.awspring.cloud (2.4.0).
I was trying to get this working (I created small boot application for testing after loosing whole day), and my small application started working correctly just after I included spring-cloud-starter-bootstrap (3.1.1) (as per documentation). When I tried to apply the same solution to my production microservice (running on AWS in ECS cluster), I started getting validation errors on parameter aws.secretsmanager.prefix (The prefix must have pattern of: (/)?([a-zA-Z0-9.-]+)(?:/[a-zA-Z0-9]+)*).
Error log I get 2022-04-08 17:09:06.097 WARN [zumzum,,] 1 --- [ main] s.c.a.AnnotationConfigApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'awsSecretsManagerPropertySourceLocator' defined in class path resource [io/awspring/cloud/autoconfigure/secretsmanager/AwsSecretsManagerBootstrapConfiguration.class]: Unsatisfied dependency expressed through method 'awsSecretsManagerPropertySourceLocator' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'smClient' defined in class path resource [io/awspring/cloud/autoconfigure/secretsmanager/AwsSecretsManagerBootstrapConfiguration.class]: Unsatisfied dependency expressed through method 'smClient' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'aws.secretsmanager-io.awspring.cloud.secretsmanager.AwsSecretsManagerProperties': Invocation of init method failed; nested exception is io.awspring.cloud.secretsmanager.ValidationException: The prefix must have pattern of: (/)?([a-zA-Z0-9.-]+)(?:/[a-zA-Z0-9]+)*
2022-04-08 17:09:06.097 WARN [zumzum,,] 1 --- [ main] s.c.a.AnnotationConfigApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'awsSecretsManagerPropertySourceLocator' defined in class path resource [io/awspring/cloud/autoconfigure/secretsmanager/AwsSecretsManagerBootstrapConfiguration.class]: Unsatisfied dependency expressed through method 'awsSecretsManagerPropertySourceLocator' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'smClient' defined in class path resource [io/awspring/cloud/autoconfigure/secretsmanager/AwsSecretsManagerBootstrapConfiguration.class]: Unsatisfied dependency expressed through method 'smClient' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'aws.secretsmanager-io.awspring.cloud.secretsmanager.AwsSecretsManagerProperties': Invocation of init method failed; nested exception is io.awspring.cloud.secretsmanager.ValidationException: The prefix must have pattern of: (/)?([a-zA-Z0-9.-]+)(?:/[a-zA-Z0-9]+)*
2022-04-08 17:09:06.493 ERROR [zumzum,,] 1 --- [ main] o.s.b.d.LoggingFailureAnalysisReporter :
APPLICATION FAILED TO START
Description:
Validation failed for field: aws.secretsmanager.prefix
Action:
The prefix must have pattern of: (/)?([a-zA-Z0-9.-]+)(?:/[a-zA-Z0-9]+)*
2022-04-08 17:09:06.496 ERROR [zumzum,,] 1 --- [ main] o.s.b.d.LoggingFailureAnalysisReporter :
APPLICATION FAILED TO START
Description:
Validation failed for field: aws.secretsmanager.prefix
Action:
The prefix must have pattern of: (/)?([a-zA-Z0-9.-]+)(?:/[a-zA-Z0-9]+)*
Sample bootstrap.yml
aws: paramstore: prefix: /${spring.profiles.active} secretsmanager: prefix: /secret/${spring.profiles.active}