You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@camel.apache.org by GitBox <gi...@apache.org> on 2021/07/21 15:07:19 UTC

[GitHub] [camel-quarkus] tstuber opened a new issue #2925: Adding proxy support for AWS components working with Web Identity Tokens

tstuber opened a new issue #2925:
URL: https://github.com/apache/camel-quarkus/issues/2925


   I try to use Camel AWS S3 with Web Identity Token on Quarkus 2.0.2-Final. I also included AWS STS in the classpath. For local development I need to work with a proxy. 
   
   It seems that the proxy settings are taken into account for S3, but are not working for the STS connectivity. The Quarkus start-up finally crashes with a timeout exception:
   ````
   Unable to execute HTTP request: Connect to sts.eu-central-1.amazonaws.com:443 [sts.eu-central-1.amazonaws.com/54.239.54.197] failed: connect timed out
   ````
   
   I used the following setup:
   
   Route:
   ````java
   from(aws2S3("{{bucketName}}"))
       .log("body received: ${body}");
   ````
   
   application.properties
   ````ini
   # S3 Component
   bucketName=my-bucket
   camel.component.aws2-s3.region=eu-central-1
   camel.component.aws2-s3.useDefaultCredentialsProvider=true
   camel.component.aws2-s3.deleteAfterRead=false
   camel.component.aws2-s3.prefix=file/path/
   %dev.camel.component.aws2-s3.proxyHost=localhost
   %dev.camel.component.aws2-s3.proxyPort=3100
   %dev.camel.component.aws2-s3.proxyProtocol=http
   ````
   
   It would be nice if the proxy support could be added (to STS?) for this use case. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel-quarkus] ppalaga commented on issue #2925: Adding proxy support for AWS components working with Web Identity Tokens

Posted by GitBox <gi...@apache.org>.

ppalaga commented on issue #2925:
URL: https://github.com/apache/camel-quarkus/issues/2925#issuecomment-884815790


   That's a hammer-and-nails workaround and I am all for allowing to set the proxy in a more user friendly way


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel-quarkus] tstuber commented on issue #2925: Adding proxy support for AWS components working with Web Identity Tokens

Posted by GitBox <gi...@apache.org>.

tstuber commented on issue #2925:
URL: https://github.com/apache/camel-quarkus/issues/2925#issuecomment-884901601


   hey @ppalaga , thanks a lot for your support and the code snippets. I quickly tried it, but I was not able to setup a STS credential provider with proxy settings.
   However, I can workaround it by using API keys locally. that works for me for now.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel-quarkus] tstuber commented on issue #2925: Adding proxy support for AWS components working with Web Identity Tokens

Posted by GitBox <gi...@apache.org>.

tstuber commented on issue #2925:
URL: https://github.com/apache/camel-quarkus/issues/2925#issuecomment-884966370


   I just realized that I could use the system properties (see: https://github.com/aws/aws-sdk-java-v2/issues/751#issuecomment-429384558). And that works. Its actually simple and clean that way.
   
   My code looks now like:
   ```
           from(aws2S3("{{bucketName}}").delay(5000L))
                   .log("body received: ${body}");
   ```
   
   ```
   # S3 Component
   bucketName=my-bucket
   camel.component.aws2-s3.region=eu-central-1
   camel.component.aws2-s3.useDefaultCredentialsProvider=true
   camel.component.aws2-s3.deleteAfterRead=false
   camel.component.aws2-s3.fileName=my/path/key
   ```
   
   And I start the project locally with `./mvnw clean compile quarkus:dev -Dhttp.proxyHost=localhost -Dhttp.proxyPort=3100-Dhttp.proxyScheme=http`


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel-quarkus] ppalaga commented on issue #2925: Adding proxy support for AWS components working with Web Identity Tokens

Posted by GitBox <gi...@apache.org>.

ppalaga commented on issue #2925:
URL: https://github.com/apache/camel-quarkus/issues/2925#issuecomment-884962379


   > I was not able to setup a STS credential provider with proxy settings.
   
   Hm... if it cannot be set up programmatically, I doubt @oscerd can improve the component in any way.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel-quarkus] ppalaga commented on issue #2925: Adding proxy support for AWS components working with Web Identity Tokens

Posted by GitBox <gi...@apache.org>.

ppalaga commented on issue #2925:
URL: https://github.com/apache/camel-quarkus/issues/2925#issuecomment-884765941


   I see, sorry for confusing you then!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel-quarkus] ppalaga commented on issue #2925: Adding proxy support for AWS components working with Web Identity Tokens

Posted by GitBox <gi...@apache.org>.

ppalaga commented on issue #2925:
URL: https://github.com/apache/camel-quarkus/issues/2925#issuecomment-884813394


   @tstuber if you are able to construct an instance of S3Client manually (with proxy set on its http client and with a proper STS credentials provider with properly set proxy again), then you can pass the S3 client instance to Camel via CDI like this:
   
   ```
   import java.net.URI;
   import javax.inject.Named;
   import javax.inject.Singleton;
   
   import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
   import software.amazon.awssdk.http.apache.ApacheHttpClient;
   import software.amazon.awssdk.http.apache.ProxyConfiguration;
   import software.amazon.awssdk.services.s3.S3Client;
   
   @Singleton
   public class Producers extends EndpointRouteBuilder{
   
       @Named("myS3Client")
       S3Client s3Client() {
           ProxyConfiguration.Builder proxyConfig = ProxyConfiguration.builder().endpoint(URI.create("http://localhost:1234"));
           ApacheHttpClient.Builder httpClientBuilder = ApacheHttpClient.builder().proxyConfiguration(proxyConfig.build());
   
           AwsCredentialsProvider credsProvider = null; // your STS based creds provider with proxy set
           return S3Client.builder()
                   .httpClientBuilder(httpClientBuilder)
                   .credentialsProvider(credsProvider)
                   .build();
       }
   }
   ```
   
   ```
   class Routes extends EndpointRouteBuilder {
       @Override
       public void configure() throws Exception {
           from(aws2S3("{{bucketName}}")
           .amazonS3Client("#myS3Client"))
           .log("body received: ${body}");
       }
   }
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel-quarkus] tstuber commented on issue #2925: Adding proxy support for AWS components working with Web Identity Tokens

Posted by GitBox <gi...@apache.org>.

tstuber commented on issue #2925:
URL: https://github.com/apache/camel-quarkus/issues/2925#issuecomment-884760327


   Hi @ppalaga, I also tested those configs as follows:
   ```
   #camel.component.aws2-sts.useDefaultCredentialsProvider=true
   #camel.component.aws2-sts.region=eu-central-1
   #%dev.camel.component.aws2-sts.proxyHost=localhost
   #%dev.camel.component.aws2-sts.proxyPort=3128
   #%dev.camel.component.aws2-sts.proxyProtocol=http
   ```
   
   But the proxy settings are not taken into account for STS (see also [this ](https://camel.zulipchat.com/#narrow/stream/257302-camel-quarkus/topic/Issue.20with.20AWS.20S3.20with.20web.20identity.20token.20and.20proxy)zulip discussion).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel-quarkus] oscerd commented on issue #2925: Adding proxy support for AWS components working with Web Identity Tokens

Posted by GitBox <gi...@apache.org>.

oscerd commented on issue #2925:
URL: https://github.com/apache/camel-quarkus/issues/2925#issuecomment-884761904


   Essentially he's not using the camel-component, he is just using the sts JAR for referencing the needed bits for web identity token. So setting options or parameters on STS component doesn't have any effect, because he's not really using the sts scheme. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel-quarkus] ppalaga commented on issue #2925: Adding proxy support for AWS components working with Web Identity Tokens

Posted by GitBox <gi...@apache.org>.

ppalaga commented on issue #2925:
URL: https://github.com/apache/camel-quarkus/issues/2925#issuecomment-885444378


   Good to know, thanks for reporting, @tstuber!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel-quarkus] ppalaga commented on issue #2925: Adding proxy support for AWS components working with Web Identity Tokens

Posted by GitBox <gi...@apache.org>.

ppalaga commented on issue #2925:
URL: https://github.com/apache/camel-quarkus/issues/2925#issuecomment-884757964


   I think you need to configure the proxy for STS separately. Would you plz try to add the following?
   
   ```
   %dev.camel.component.aws2-sts.proxyHost=localhost
   %dev.camel.component.aws2-sts.proxyPort=3100
   %dev.camel.component.aws2-sts.proxyProtocol=http
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org