Unable to set custom security configuration for Kafka - spring-cloud-stream-binder-kafka

I am trying out the functional style of using Kafka Streams and have a need to set the truststore and keystore for my app. Below is a very small snippet:
spring:
cloud:
stream:
kafka:
binder:
brokers: blah
configuration:
security.protocol: SSL
I put breakpoints on the setConfiguration and setBrokers methods of KafkaBinderConfigurationProperties class and setBrokers method get hit but not setConfiguration, thus causing my security config to not get read. Does anyone know what's going on?
Spring Boot: 2.4.4
Spring Cloud: 2020.0.2

Never mind, it needs to be
spring:
cloud:
stream:
kafka:
binder:
brokers: blah
streams:
binder:
configuration:
security.protocol: SSL

Related

Ansible Hetzner Cloud - Create a server in private network

I am using Ansible to create a server in the Hetzner Cloud, the playbook reads:
- name: create the server at Hetzner
hetzner.hcloud.hcloud_server:
name: "{{server_hostname}}"
enable_ipv4: false
enable_ipv6: false
server_type: cx11
location: "{{server_location}}"
image: ubuntu-22.04
ssh_keys:
- "mykey"
state: present
api_token: "{{hetzner_secret}}"
private_networks: ipfire
register: server
My aim is to integrate the new server into the private network named 'ipfire' that I have previously created. The server should not be accessible via the internet, so I have disabled ipv4 and ipv6. Rather, I'd like to access the server by connecting via OpenVPN to the private network 'ipfire' and connect by use of ssh from there.
Unfortunately, I get an error message as follows:
PLAY [Order servers] ********************************************************************************************************
TASK [hetznerserver : create the server at Hetzner] *************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (hetzner.hcloud.hcloud_server) module: private_networks. Supported parameters include: rebuild_protection, api_token, location, enable_ipv6, upgrade_disk, ipv4, endpoint, ipv6, firewalls, server_type, state, force, labels, ssh_keys, delete_protection, image, id, name, enable_ipv4, placement_group, force_upgrade, user_data, datacenter, rescue_mode, allow_deprecated_image, volumes, backups."}
PLAY RECAP ******************************************************************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
The module private_networks does not seem to work like this?
Error messages like Unsupported parameters for (<moduleName>) module: <givenParameter>. Supported parameters include: <supportedParametersList> are usually syntax errors of the module used.
Therefore one may need to look up the respective documentation, in the example case hcloud_server module – Create and manage cloud servers on the Hetzner Cloud.
If the documentation shows the Parameters in question are available, it indicates
either a version mismatch of module used, means the used version is too old and an update is necessary
or an bug within the module code and further debugging and investigation within the module code is necessary
Code and Documentation Links
Community Authors> hetzner> hcloud
ansible-collections / hetzner.hcloud
After further investigation it might turn out that the parameter in question was introduced recently, in example
Github hetzner.hcloud Issue #150 "Unable to create cloud server without public ipv4 and ipv6"
Github hetzner.hcloud Pull #160 "Add possibility to specify private network when creating or updating servers"
which indicates in your example case that you'll need to update the Ansible Collection module in question since the parameter wasn't introduced in your used version of the module but as of v1.9.0.

Enabling account deletion on nats server

I was trying to prune some users from my nats server by doing:
nsc push --system-account SYS -u nats://localhost:4222 -P
but I got the following error:
server nats-comm-2 responded with error: delete accounts request by SOME_KEY_VALUE failed - delete must be enabled in server config
The meaning of the error is pretty obvious, when I examine the help documentation for nsc push -P:
Only works with nats-resolver enabled nats-server. Mutually exclusive of account-removal/diff
But I'm not sure how to enable this in my nats server config. How do I allow for account pruning?
I found documentation in the resolver section, here, showing that I could add allow_delete: true to the config, but as the YAML format is in camel-case, I had to modify it to be allowDelete: true instead.
nats:
auth:
enabled: true
resolver:
type: full
allowDelete: true

Spring Cloud Data Flow Server OAuth2 with Azure AD

I am trying to setup OAuth authentication (OpenID Connect) with Azure AD and Spring Cloud Data Flow server. Following below documentation reference but no help.
https://docs.spring.io/spring-cloud-dataflow/docs/current/reference/htmlsingle/#appendix-identity-provider-azure
https://docs.spring.io/spring-cloud-dataflow/docs/current/reference/htmlsingle/#configuration-security-oauth2
When I push data flow server in open source cloud foundry, i get below error (if OAuth2 config is removed from application.yml, it gets deployed without issue):
redentials/instance.key and /etc/cf-instance-credentials/instance.crt
18:16:57.512: [HEALTH.0] Failed to make TCP connection to port 8080: connection refused
18:16:57.512: [CELL.0] Timed out after 1m0s: health check never passed.
18:16:57.515: [CELL/SSHD.0] Exit status 0
18:17:07.588: [APP/PROC/WEB.0] Exit status 137 (exceeded 10s graceful shutdown interval)
18:17:07.857: [API.3] Process has crashed with type: "web"
18:17:07.931: [API.3] App instance exited with guid ff60a149-d91f-4d9c-90b9-661c3bb8ad0f payload: {"instance"=>"e35f4a5d-a4f0-433d-6546-82ed", "index"=>0, "cell_id"=>"231ab214-d841-46ba-b20f-243aeac9bbfa", "reason"=>"CRASHED", "exit_description"=>"Instance never healthy after 1m0s: Failed to make TCP connection to port 8080: connection refused", "crash_count"=>3, "crash_timestamp"=>1622845027800626529, "version"=>"3a0686fb-a43a-4528-a425-21a544
From the logs, I do not see any hint of OAuth2.0 setup is taking effect by data flow server. Here is my application.yml entries related to OAuth2 config:
spring:
cloud:
dataflow:
security:
authorization:
provider-role-mappings:
dataflow-server:
map-oauth-scopes: true
role-mappings:
ROLE_VIEW: dataflow.view
ROLE_CREATE: dataflow.create
ROLE_MANAGE: dataflow.manage
ROLE_DEPLOY: dataflow.deploy
ROLE_DESTROY: dataflow.destroy
ROLE_MODIFY: dataflow.modify
ROLE_SCHEDULE: dataflow.schedule
security:
oauth2:
client:
registration:
dataflow-server:
provider: azure
redirect-uri: 'https://data-flow-server/dashboard'
client-id: 977-95bc-4f3645d77f43
client-secret: ~02K-5pf182_E-x-PWn
authorization-grant-type: authorization_code
scope:
- openid
- profile
- email
- offline_access
- api://dataflow-server/dataflow.view
- api://dataflow-server/dataflow.deploy
- api://dataflow-server/dataflow.destroy
- api://dataflow-server/dataflow.manage
- api://dataflow-server/dataflow.modify
- api://dataflow-server/dataflow.schedule
- api://dataflow-server/dataflow.create
provider:
azure:
issuer-uri: https://login.microsoftonline.com/sdf3s-3244f65-b82d-5ec2fd32d5aa/v2.0
user-name-attribute: name
access-token-uri: https://login.microsoftonline.com/sdf3s-3244f65-b82d-5ec2fd32d5aa/oauth2/v2.0/token
token-uri: https://login.microsoftonline.com/sdf3s-3244f65-b82d-5ec2fd32d5aa/oauth2/v2.0/token
user-authorization-uri: https://login.microsoftonline.com/sdf3s-3244f65-b82d-5ec2fd32d5aa/oauth2/v2.0/authorize
authorization-uri: https://login.microsoftonline.com/sdf3s-3244f65-b82d-5ec2fd32d5aa/oauth2/v2.0/authorize
resourceserver:
jwt:
jwk-set-uri: https://login.microsoftonline.com/sdf3s-3244f65-b82d-5ec2fd32d5aa/discovery/v2.0/keys

Got numberformatexception For input string: "0:0:0:0:0:0:0:1" for wso2

I have one API that have been published in WSO2 API gateway.
When I test API, I got this error message from console.
Exception in thread "pool-65-thread-1"
java.lang.NumberFormatException: For input string: "0:0:0:0:0:0:0:1"
at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
at java.lang.Long.parseLong(Long.java:589)
at java.lang.Long.parseLong(Long.java:631)
at org.wso2.carbon.apimgt.impl.utils.APIUtil.ipToLong_aroundBody512(APIUtil.java:7851)
at org.wso2.carbon.apimgt.impl.utils.APIUtil.ipToLong(APIUtil.java:7847)
at org.wso2.carbon.apimgt.gateway.throttling.publisher.DataProcessAndPublishingAgent.run_aroundBody4(DataProcessAndPublishingAgent.java:155)
at org.wso2.carbon.apimgt.gateway.throttling.publisher.DataProcessAndPublishingAgent.run(DataProcessAndPublishingAgent.java:141)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
According to the blog, they say it need to disable IPv6.
I just disable by registry for IPv6 and add IPV6support only at JAVA_OPTS at wso2server.bat file.
Then I restart again, it still show as IPv6 address.
[2020-01-15 14:40:21,171] INFO - PassThroughListeningIOReactorManager
Pass-through HTTP Listener started on 0:0:0:0:0:0:0:0:8280
[2020-01-15 14:40:21,172] INFO - PassThroughHttpMultiSSLListener Starting
Pass-through HTTPS Listener...
[2020-01-15 14:40:21,192] INFO -
PassThroughListeningIOReactorManager Pass-through HTTPS Listener
started on 0:0:0:0:0:0:0:0:8243
[2020-01-15 14:40:21,449] INFO -
TaskServiceImpl Task service starting in STANDALONE mode...
[2020-01-15 14:40:21,509] INFO - RegistryEventingServiceComponent
Successfully Initialized Eventing on Registry
[2020-01-15 14:40:21,652] INFO - JMXServerManager JMX Service URL :
service:jmx:rmi://localhost:11111/jndi/rmi://localhost:9999/jmxrmi
When I run again, I got same error.
Please help to answer?
In the latest API Manager versions, we have provided IPv6 support for throttling usecases. If you take the latest pack or a WUM updated pack of your current version
, you should not get this issue.
Also as a workaround, you could set an IPv4 address using X-Forwarded-For header and invoke the API

Symfony2 and RabbitMqBundle. Can't publish a message

I am trying to use syfmony2 framework with RabbitMqBundle from here
I am sure that my rabbitmq server is up and running and I am doing the configuration and publishers code accordingly to the docs delivered on github. Unfortunately I can`t add any message to the queue.
I am sure that my rabbitmq server is up and running. I have queue named accordingly to the symfony configuration file.
Have anyone got any clue what is wrong?
Thanks in advance for any suggestions.
well... try this simple example
# app/config.yml
old_sound_rabbit_mq:
connections: %rabbitmq_connections%
producers: %rabbitmq_producers%
consumers: %rabbitmq_consumers%
parameters:
# connection parameters
rabbitmq_connections:
default: { host: 'localhost', port: 5672, user: 'guest', password: 'guest', vhost: '/' }
# define producers
rabbitmq_producers:
sample:
connection: default
exchange_options: {name: 'exchange_name', type: direct, auto_delete: false, durable: true}
# define consumers
rabbitmq_consumers:
sample:
connection: default
exchange_options: {name: 'exchange_name', type: direct, auto_delete: false, durable: true}
queue_options: {name: 'sample', auto_delete: false}
callback: rabbitmq.callback.service
then you should define your callback service. feel free to put it in app/config.yml
services:
rabbitmq.callback.service:
class: RabbitMQ\Callback\Service
and yes. you should write this callback service. here is simple implementation. should be enough for understanding and check is it works for you.
namespace RabbitMQ\Callback;
use OldSound\RabbitMqBundle\RabbitMq\ConsumerInterface;
use PhpAmqpLib\Channel\AMQPChannel;
use PhpAmqpLib\Message\AMQPMessage;
class Service implements ConsumerInterface
{
public function execute(AMQPMessage $msg)
{
var_dump(unserialize($msg->body));
}
}
then you should start rabbitmq server, run consumer and check was new exchange and queue added.
to run test consumer you should run
app/console rabbitmq:consumer sample --route="sample"
in your controller (where you want to send message to rabbitMQ put next code
# get producer service
$producer = $this->get('old_sound_rabbit_mq.sample_producer');
# publish message
$producer->publish(serialize(array('foo'=>'bar','_FOO'=>'_BAR')), 'sample');
Hope it's more or less clear and will help you with rabbitmq.
PS: it's easier to debug if you have rabbitmq management plugin. if you have no, use console commands like rabbitmqctl to check queues/exchanges/consumers and so on...
and also would be nice to see your configuration for producers/consumers. callback services code as well.
I also had some issue to send messages with this bundle, i recommend you to try SonataNotificationBundle instead.
You can also install the RabbitMq management plugin to see the queued messages.

Resources