Cant get hierarchic properties by S3 Backend spring config server - amazon-s3

I created spring config server with s3 backend as it described here:
https://cloud.spring.io/spring-cloud-config/reference/html/#_aws_s3_backend
I created 4 files in my-config-server s3 bucket:
app-default.properties
app-dev.properties
client-app-default.properties
client-app-dev.properties
When I ran client-app application with dev profile, I got only client-app-dev.properties properties.
I am interested if it is possible to get also client-app-default.properties, app-dev.properties and app-default.properties properties, if its were not defined in client-app-dev.properties
In another words, Is it possible to support following hierarchic:
application.properties # Applicable for all environments.
application-dev.properties # Environment level commons across all services.
client-app-dev.properties # Overrides specific to the service for one environment.
client-app2-dev.properties
for example:
client-app-dev.properties
my.property1="my-propertyDev1"
client-app-default.properties
my.property1="my-propertyDefault1"
my.property2="my-property2Default"
app-default.properties
my.property3="my-propertyAppDefault3"
when I am running client-app application with dev profile I what to get:
#Value("${my.property1}")
private String property1; //"my-propertyDev1"
#Value("${my.property2}")
private String property2; //"my-property2Default"
#Value("${my.property3}")
private String property3; //"my-propertyAppDefault3"
It works so with regular spring config server but I didn't succeed with s3 backed. It goes directly to specific app and specific profile

Related

.NET Core 3.x setting development AWS credentials

I have EC2 instances (via Elastic Beanstalk) running my ASP.Net Core 3.1 web app without a problem. AWS credentials are included in the key pair configured with the instance.
I want to now store my Data Protection keys in a S3 bucket that I created for them, so I can share the keys among all of the EC2 instances. However, when I add this service in my Startup.ConfigureServices, I get a runtime error locally:
services.AddDefaultAWSOptions(Configuration.GetAWSOptions("AWS"));
services.AddAWSService<IAmazonS3>();
services.AddDataProtection()
.SetApplicationName("Crums")
.PersistKeysToAWSSystemsManager("/CrumsWeb/DataProtection");
My app runs fine locally if I comment out the .PersistKeysToAWSSystemsManager("/CrumsWeb/DataProtection"); line above. When I uncomment the line, the error occurs. So it has something to do with that, but I can't seem to figure it out.
I was going to use PersistKeysToAwsS3 by hotchkj, but it was deprecated when AWS came out with PersistKeysToAWSSystemsManager.
The runtime error AmazonClientException: No RegionEndpoint or ServiceURL configured happens on CreateHostBuilder in my Program.cs:
I've spent many hours on this trying just to get Visual Studio 2019 to run my app locally, using suggestions from these sites:
https://aws.amazon.com/blogs/developer/configuring-aws-sdk-with-net-core/
https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/net-dg-config-netcore.html
ASP NET Core AWS No RegionEndpoint or ServiceURL configured when deployed to Heroku
No RegionEndpoint or ServiceURL configured
https://github.com/secretorange/aws-aspnetcore-environment-startup
https://www.youtube.com/watch?v=C4AyfV3Z3xs&ab_channel=AmazonWebServices
My appsettings.Development.json (and I also tried it in appsettings.json) contains:
"AWS": {
"Profile": "default",
"Region": "us-east-1",
"ProfilesLocation": "C:\\Users\\username\\.aws\\credentials"
}
And the credentials file contains:
[default]
aws_access_key_id = MY_ACCESS_KEY
aws_secret_access_key = MY_SECRET_KEY
region = us-east-1
toolkit_artifact_guid=GUID
I ended up abandoning PersistKeysToAWSSystemsManager for storing my Data Protection keys because I don't want to set up yet another AWS service just to store keys in their Systems Manager. I am already paying for an S3 account, so I chose to use the deprecated NuGet package AspNetCore.DataProtection.Aws.S3.
I use server-side encryption on the bucket I created for the keys. This is the code in Startup.cs:
services.AddDataProtection()
.SetApplicationName("AppName")
.PersistKeysToAwsS3(new AmazonS3Client(RegionEndpoint.USEast1), new S3XmlRepositoryConfig("S3BucketName")
{
KeyPrefix = "DataProtectionKeys/", // Folder in the S3 bucket for keys
});
Notice the RegionEndpoint parameter in the PersistKeysToAwsS3, which resolved the No RegionEndpoint or ServiceURL Configured error.
I added the AmazonS3FullAccess policy to the IAM role that's running in all my instances.
This gives the instance the permissions to access the S3 bucket. My local development computer also seems to be able to access the S3 bucket, although I don't know where it's getting credentials from. I tried several iterations of appsettings.json and credentials file changes to locally set region and credentials, but nothing worked. Maybe it's using credentials I entered when I set up the AWS Toolkit in Visual Studio.

Azure web app for containers (aspnetcore 2.2) not reading azure appsettings values on startup

I've got a webapp for containers running in Azure that I have working locally with a local appsettings file.
once I deploy to Azure, I want the container to pull appsettings values from the azure settings. These are set via AzureDevops and appear correctly when I check the portal.
However, the site is not pulling the appsettings values from Azure once deployed. It is using the ones from the file. I am using the double-underscore names as specified.
I have created a testcontroller to output the appsettings values. This is an a snippet of what the test view outputs:
Build version: 2019.1.23.1
Location: local
Database__DatabaseConnectionString: Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=application;Data Source=.
---
-------
Env vars: Key WEBSITE_AUTH_SIGNING_KEY Value ASDS*(&*&*(SDSD05C29
Key DOTNET_RUNNING_IN_CONTAINER Value true
Key WEBSITE_ROLE_INSTANCE_ID Value 0
Key Database__DatabaseConnectionString Value Server=tcp:servername01.database.windows.net,1433;Initial Catalog=application;Persist Security Info=False;User ID=applicationUser;Password=password;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;
Key APPSETTING_Database__DatabaseConnectionString Value Server=tcp:servername01.database.windows.net,1433;Initial Catalog=application;Persist Security Info=False;User ID=applicationUser;Password=password;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;
As can be seen, the Database__DatabaseConnectionString should be consumed by the app. But it's not being.
What could be the problem here? This should be standard functionality according to the aspnetcore documentation.
Turns out this was a bug in the application. The controllers in question has an injected IOptions being injected into the constructor. Unfortunately, one of the controllers had different behaviour as a concrete instance was being inject in instead. As this object was not being correctly initialised in Startup.cs, this has the effect of passing empty values into the constructor.
Finally as empty values were found, this mean the default appsettings.json values were used.
Having fixed this above bug (by ensuring all controller use the same IOptions values), the azure appsettings values are being picked up and used correctly by the application at startup time.

NServiceBus endpoint is not starting on Azure Service Fabric local cluster

I have a .NetCore stateless WebAPI service running inside Service Fabric local cluster.
return Endpoint.Start(endpointConfiguration).GetAwaiter().GetResult();
When I'm trying to start NServiceBus endpoint, I'm getting this exception :
Access to the path 'C:\SfDevCluster\Data_App_Node_0\AppType_App10\App.APIPkg.Code.1.0.0.diagnostics' is denied.
How can it be solved ? VS is running under administrator.
The issue you are having is because the folder you are trying to write to is not supposed to be written by your application.
The package folder is used to store you application binaries and can be recreated dynamically whenever an application is hosted in the node.
Also, the binaries are reused by multiple service instances running on same node, so it might compete to use the files by different instances.
You should instead instruct your application to write to the WorkFolder,
public Stateless1(StatelessServiceContext context): base(context)
{
string workdir = context.CodePackageActivationContext.WorkDirectory;
}
The code above will give you a path like this:
'C:\SfDevCluster\Data_App_Node_0\AppType_App10\App.APIPkg.Code.1.0.0.diagnostics\work'
This folder is dynamic, will change depending on the node or instance of your application is running, when created, your application should already have permission to write to it.
For more info, see:
how-do-i-get-files-into-the-work-directory-of-a-stateless-service?forum=AzureServiceFabric
Open folder properties Security tab
Select ServiceFabricAllowedUsers
Add Write permission

Shared config file for all mobilefirst server adapters

Can i get config for all adapters at one place ? For example, i need store connection strings, httpserver addresses that needed across my mobilefirst server.
Mobilefirst version 8.0.
Thank you for advance!
In MobileFirst Foundation 8.0 you have the following options:
If using JavaScript adapters:
Edit the connectivity settings from the MobileFirst Console,
Or create a config file and use Maven commands (or the MobileFirst CLI in an upcoming CLI update), or other tools, to push the file to each adapter that requires that same set of connection settings.
Using this method there is no downtime to the server.
See the "Pull and Push Configurations" topic here: https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/8.0/adapters/javascript-adapters/
Customized adapter properties can be shared using the adapter configuration file found in the Configuration files tab.
To do so, use the pull and push commands described below. For the properties to be shared, you need to change the default values given to the properties.
Replace the DmfpfConfigFile placeholder with the actual value, for example: config.json. Then, run the command from the root folder of the adapter Maven project:
To pull the configurations file - mvn adapter:configpull -DmfpfConfigFile=<path to a file that will store the configuration>.
To push the configurations file - mvn adapter:configpush -DmfpfConfigFile=<path to the file that stores the configuration>.
If using Java adapters,
You can add JNDI properties to the server.xml of your application server, and using the configurationAPI (getServerJNDIProperty) you can read those properties in each of your adapters. However note that by using server.xml this will incur a downtime whenever you will want to update your list of connection properties.

Can AzureReader2 read Azure storage configuration settings from the service config rather than the web.config?

Is there any way for the AzureReader2 plugin to read its connection string and endpoint config values from the service config file rather than just the web.config?
The problem is that we build Azure package files (.cspkg) and web.config files are embedded within the package. Therefore we strive to keep our web.config files constant across all different deployments (test, dev, and production). We normally deploy using a package file and a service config file.
Install AzureReader 2 via code during application startup instead, and you can pass it the connection string directly:
var nvc = new NameValueCollection();
nvc["endpoint"] = "http://127.0.0.1:10000/devstoreaccount1/";
nvc["connectionString"] = "UseDevelopmentStorage=true";
new AzureReader2Plugin(nvc).Install(Config.Current);