amazon-web-services - Localstack 抛出请求中包含的安全令牌无效
问题描述
我使用 Localstack 和 Testcontainers((testcontainers:localstack:1.15.2 )) 进行集成测试,并在测试设置中设置秘密,如下所示:代码示例
import com.amazonaws.services.secretsmanager.AWSSecretsManager;
import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
import com.amazonaws.services.secretsmanager.model.CreateSecretRequest;
import org.junit.Rule;
import org.junit.Test;
import org.testcontainers.containers.localstack.LocalStackContainer;
import org.testcontainers.utility.DockerImageName;
import static org.testcontainers.containers.localstack.LocalStackContainer.Service.SECRETSMANAGER;
public class QueueServiceTest {
DockerImageName localstackImage = DockerImageName.parse("localstack/localstack:0.11.3");
@Rule
public LocalStackContainer localstack = new LocalStackContainer(localstackImage)
.withServices(SECRETSMANAGER).withEnv("LOCALSTACK_HOSTNAME", "localhost").withEnv("HOSTNAME", "localhost");
@Test
public void someTestMethod() {
AWSSecretsManager secretsManager = AWSSecretsManagerClientBuilder.standard()
.withCredentials(localstack.getDefaultCredentialsProvider()).withRegion(localstack.getRegion())
.build();
String secretString = "usrnme";
CreateSecretRequest request = new CreateSecretRequest().withName("test")
.withSecretString(secretString)
.withRequestCredentialsProvider(localstack.getDefaultCredentialsProvider());
secretsManager.createSecret(request);
}
}
现在测试因错误而崩溃:
com.amazonaws.services.secretsmanager.model.AWSSecretsManagerException:请求中包含的安全令牌无效。(服务:AWSSecretsManager;状态代码:400;错误代码:UnrecognizedClientException;请求 ID:314b0dee-69ed-4b08-9cd0-2618b8e14b25;代理:null)
在 com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1819) 在 com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1403) 在 com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest (AmazonHttpClient.java:1372) 在 com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1145) 在 com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:802) 在 com.amazonaws。 http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java :704) 在 com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl。在 com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550) 在 com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530) 在 com.amazonaws.services.secretsmanager 执行(AmazonHttpClient.java:686) .AWSSecretsManagerClient.doInvoke(AWSSecretsManagerClient.java:2625) 在 com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.invoke(AWSSecretsManagerClient.java:2594) 在 com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.invoke(AWSSecretsManagerClient.java:2583) 在com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.executeCreateSecret(AWSSecretsManagerClient.java:557) 在 com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.createSecret(AWSSecretsManagerClient.java:528)AmazonHttpClient.execute(AmazonHttpClient.java:530) 在 com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.doInvoke(AWSSecretsManagerClient.java:2625) 在 com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.invoke(AWSSecretsManagerClient.java:2594) 在 com .amazonaws.services.secretsmanager.AWSSecretsManagerClient.invoke(AWSSecretsManagerClient.java:2583) 在 com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.executeCreateSecret(AWSSecretsManagerClient.java:557) 在 com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.createSecret(AWSSecretsManagerClient .java:528)AmazonHttpClient.execute(AmazonHttpClient.java:530) 在 com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.doInvoke(AWSSecretsManagerClient.java:2625) 在 com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.invoke(AWSSecretsManagerClient.java:2594) 在 com .amazonaws.services.secretsmanager.AWSSecretsManagerClient.invoke(AWSSecretsManagerClient.java:2583) 在 com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.executeCreateSecret(AWSSecretsManagerClient.java:557) 在 com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.createSecret(AWSSecretsManagerClient .java:528)在 com.amazonaws.services.secretsmanager 调用(AWSSecretsManagerClient.java:2594)在 com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.invoke(AWSSecretsManagerClient.java:2583) 在 com.amazonaws.AWSSecretsManagerClient.executeCreateSecret(AWSSecretsManagerClient.java:557) .services.secretsmanager.AWSSecretsManagerClient.createSecret(AWSSecretsManagerClient.java:528)在 com.amazonaws.services.secretsmanager 调用(AWSSecretsManagerClient.java:2594)在 com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.invoke(AWSSecretsManagerClient.java:2583) 在 com.amazonaws.AWSSecretsManagerClient.executeCreateSecret(AWSSecretsManagerClient.java:557) .services.secretsmanager.AWSSecretsManagerClient.createSecret(AWSSecretsManagerClient.java:528)
我想我错过了一些参数,谁能帮我弄清楚。
解决方案
AWSSecretsManagerClientBuilder缺少端点配置。现在您的客户端以真正的 AWS 端点为目标,例如:https ://secretsmanager.us-east-1.amazonaws.com:443
public class LocalStackSecretsManagerTest {
DockerImageName localstackImage = DockerImageName.parse("localstack/localstack:0.11.3");
@Rule
public LocalStackContainer localstack = new LocalStackContainer(localstackImage)
.withServices(SECRETSMANAGER)
.withEnv("LOCALSTACK_HOSTNAME", "localhost")
.withEnv("HOSTNAME", "localhost");
@Test
void someTestMethod() {
AWSSecretsManager secretsManager = AWSSecretsManagerClientBuilder.standard()
.withCredentials(localstack.getDefaultCredentialsProvider())
.withEndpointConfiguration(localstack.getEndpointConfiguration(SECRETSMANAGER)) // this is the important line
.build();
String secretString = "usrnme";
CreateSecretRequest request = new CreateSecretRequest()
.withName("test")
.withSecretString(secretString);
secretsManager.createSecret(request);
}
}
指定端点时,您可以删除区域配置。
额外.withRequestCredentialsProvider(localstack.getDefaultCredentialsProvider());的 onCreateSecretRequest 是多余的,只有在您想要覆盖凭证提供程序时才需要CreateSecretRequest 。
推荐阅读
- bash - Bash遍历数组 - 获取索引
- python - xlwings 错误:未打开 excel 工作簿在调用 wb.open 时出现错误
- html - 在 html 表上结合锚点偏移和目标样式
- reactjs - 状态未在 React Router v5 中传递
- typescript - 打字稿模数不起作用:测试失败
- reactjs - React Axios 调用返回整个函数
- haskell - 给定类型级别的起始 KnownNat,查找 KnownNat 的下一个因子
- java - 上下文表单循环中的多个 RestTemplateBuilders
- excel - 基于带有宏的模板创建第二个文档后文件损坏
- ios - 当应用程序进入后台时,您的应用程序中有 FaceID 或 touchID 是否会停止在后台播放音频?