search

micronaut-projects / micronaut-gcp

Integration between Micronaut and Google Cloud Platform (GCP)
Apache License 2.0
50 stars 35 forks source link

Google Secret Manager client fails to retrieve secret when executed from native image #775

Open montesmoci opened 1 year ago

montesmoci commented 1 year ago

Expected Behavior

Successful retrieval and reading of a secret stored in Secret Manager.

Actual Behaviour

The following stack trace is generated when attempting to retrieve a secret:

Mar 02, 2023 9:47:30 AM io.grpc.auth.GoogleAuthLibraryCallCredentials createJwtHelperOrNull
WARNING: Failed to create JWT helper. This is unexpected
java.lang.NoSuchMethodException: com.google.auth.oauth2.ServiceAccountCredentials.getQuotaProjectId()
        at java.lang.Class.getMethod(DynamicHub.java:2227)
        at io.grpc.auth.GoogleAuthLibraryCallCredentials$JwtHelper.<init>(GoogleAuthLibraryCallCredentials.java:318)
        at io.grpc.auth.GoogleAuthLibraryCallCredentials.createJwtHelperOrNull(GoogleAuthLibraryCallCredentials.java:224)
        at io.grpc.auth.GoogleAuthLibraryCallCredentials.<clinit>(GoogleAuthLibraryCallCredentials.java:53)
        at io.grpc.auth.MoreCallCredentials.from(MoreCallCredentials.java:35)
        at com.google.api.gax.grpc.GrpcCallContext.withCredentials(GrpcCallContext.java:160)
        at com.google.api.gax.grpc.GrpcCallContext.withCredentials(GrpcCallContext.java:67)
        at com.google.api.gax.rpc.ClientContext.create(ClientContext.java:206)
        at com.google.cloud.secretmanager.v1.stub.GrpcSecretManagerServiceStub.create(GrpcSecretManagerServiceStub.java:248)
        at com.google.cloud.secretmanager.v1.stub.SecretManagerServiceStubSettings.createStub(SecretManagerServiceStubSettings.java:349)
        at com.google.cloud.secretmanager.v1.SecretManagerServiceClient.<init>(SecretManagerServiceClient.java:180)
        at com.google.cloud.secretmanager.v1.SecretManagerServiceClient.create(SecretManagerServiceClient.java:162)
        at com.google.cloud.secretmanager.v1.SecretManagerServiceClient.create(SecretManagerServiceClient.java:153)
        at bug.nativeCompile.googleSecretManager.ApplicationSecretsClient.onStartup(ApplicationSecretsClient.java:35)
        at bug.nativeCompile.googleSecretManager.$ApplicationSecretsClient$Definition$Exec.dispatch(Unknown Source)
        at io.micronaut.context.AbstractExecutableMethodsDefinition$DispatchedExecutableMethod.invoke(AbstractExecutableMethodsDefinition.java:371)
        at io.micronaut.context.DefaultBeanContext$BeanExecutionHandle.invoke(DefaultBeanContext.java:3828)
        at io.micronaut.aop.chain.AdapterIntroduction.intercept(AdapterIntroduction.java:83)
        at io.micronaut.aop.chain.MethodInterceptorChain.proceed(MethodInterceptorChain.java:137)
        at bug.nativeCompile.googleSecretManager.ApplicationSecretsClient$ApplicationEventListener$onStartup1$Intercepted.onApplicationEvent(Unknown Source)
        at io.micronaut.context.event.ApplicationEventPublisherFactory.notifyEventListeners(ApplicationEventPublisherFactory.java:262)
        at io.micronaut.context.event.ApplicationEventPublisherFactory.access$200(ApplicationEventPublisherFactory.java:60)
        at io.micronaut.context.event.ApplicationEventPublisherFactory$2.publishEvent(ApplicationEventPublisherFactory.java:229)
        at io.micronaut.context.DefaultBeanContext.publishEvent(DefaultBeanContext.java:1703)
        at io.micronaut.context.DefaultBeanContext.start(DefaultBeanContext.java:356)
        at io.micronaut.context.DefaultApplicationContext.start(DefaultApplicationContext.java:194)
        at io.micronaut.runtime.Micronaut.start(Micronaut.java:75)
        at io.micronaut.runtime.Micronaut.run(Micronaut.java:323)
        at io.micronaut.runtime.Micronaut.run(Micronaut.java:309)
        at bug.nativeCompile.googleSecretManager.Application.main(Application.java:8)

Steps To Reproduce

  1. Assuming one has a GCP account and has the following secret with the name secret_txt (see line 16 of bug/nativeCompile/googleSecretManager/ApplicationSecretsClient.java).
  2. Change the gcp.project-id in application.yml to the relevant value.
  3. Use GraalVM via sdk man or some other means. On my end, I enable GraalVM via sdk use java 22.2.r17-grl
  4. Execute ./gradlew nativeCompile.
  5. Run the generated native image ./build/native/nativeCompile/bug-nativeCompile-googleSecretManager
  6. Observe that io.grpc.auth.GoogleAuthLibraryCallCredentials createJwtHelperOrNull WARNING: Failed to create JWT helper. This is unexpected java.lang.NoSuchMethodException: com.google.auth.oauth2.ServiceAccountCredentials.getQuotaProjectId() error is generated. The above error is not generated whenever ./gradlew run is executed.

Environment Information

Example Application

https://github.com/montesmoci/bug-nativeCompile-googleSecretsManager

Version

3.8.6

graemerocher commented 1 year ago

did you add the necessary library https://micronaut-projects.github.io/micronaut-gcp/latest/guide/#nativeImage

montesmoci commented 1 year ago

Not initially, no. I've added the dependency and the error still persists. Perhaps I'm using an incompatible Java GraalVM?

https://github.com/GoogleCloudPlatform/native-image-support-java#:~:text=the%20Cloud%20Client%20Libraries%20for%20Java%20come%20with%20the%20native%20image%20configurations%20built%2Din.%20This%20means%20that%20the%20Cloud%20Client%20libraries%20can%20be%20compiled%20into%20native%20images%20without%20the%20need%20for%20adding%20the%20native%2Dimage%2Dsupport%20dependency.

montesmoci commented 1 year ago

FYI: Adding implementation("com.google.cloud:google-cloud-secretmanager:2.12.0") resolves the issue.