Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Problems using jdbc-wrapper in Spring Boot native image to connect to RDS via IAM #1184

Open
rickie opened this issue Nov 10, 2024 · 7 comments
Assignees
Labels
bug Something isn't working

Comments

@rickie
Copy link

rickie commented Nov 10, 2024

Describe the bug

To start with some context, we are creating a Spring Boot project with Spring Cloud Functions that uses GraalVM to build a native image and deploy this to AWS Lambda. Here it will connect with API Gateway and has to connect with an RDS instance using IAM authentication.

First of all we noticed that this library doesn't provide reachability metadata for GraalVM out-of-the-box yet, as seen here: https://www.graalvm.org/native-image/libraries-and-frameworks/.
This made us create a few extra config files to ensure the native image works as expected. However, now we have some problems with setting up the AWS advanced JDBC Wrapper to connect to Postgres RDS.

We tried following many different instructions from the docs. For example, this one and this one.

The problem is that we are not able to connect to RDS without any runtime issues. There are problems with packages missing and before connecting that we expect to be provided or done by the jdbc-wrapper. Sometimes we can prevent the problems by being creative and extending our Native image reflection setup. However, there is always a next error. To us, it feels like we are trying to make something work, that perhaps should work out of the box when starting to use this wrapper.

Can you help us identify what is going wrong in our setup and how we can connect to RDS from our Lambda? Your help would be kindly appreciated.

Expected Behavior

We would expect the application to connect to the database.

Right now the logs mention Aurora in the logs as well, why we are not configuring that. Probably there is something going wrong there as well.

What plugins are used? What other connection properties were set?

IAM. And the connection properties user and wrapperPlugins

Current Behavior

We invoke the Lambda via API Gateway to trigger the lambda to start up. Then via CloudWatch we get the logs.

Please see the error logs in this file (from the reproduction case repository).

To summarize the errors we are currently experiencing problems with:

Unable to load connection plugin factory: 'software.amazon.jdbc.plugin.AuroraConnectionTrackerPluginFactory'
....
org.hibernate.exception.GenericJDBCException: unable to obtain isolated JDBC connection [Unable to load connection plugin factory: 'software.amazon.jdbc.plugin.AuroraConnectionTrackerPluginFactory'.] 
...
Caused by: java.sql.SQLException: Unable to load connection plugin factory: 'software.amazon.jdbc.plugin.AuroraConnectionTrackerPluginFactory'

Reproduction Steps

Here is a link to a reproducible case in a repository: https://github.com/ExpressMe/aws-report

Please note that if you actually want to deploy it via the provided CDK files, you'll need to set the environment variables in .env.dev in apps/aws/. The steps to reproduce are listed in the README.

Possible Solution

Additional Information/Context

Some context on why we set things in our project up like this; we want to be able to do two things:

  • Deploy a native image to AWS Lambda that can connect with RDS.
  • Run the application locally so we can test everything on our PC.

Besides our subproject uppercase we have an even simpler version of a lambda without database things that works like expected when we deploy it to AWS Lambda.

If you have any further questions, please let us know what we can do to help. We would really like to get to the core of the issue such that we can connect to RDS 😄.

The AWS Advanced JDBC Driver version used

2.5.0

JDK version used

21.0.2-graalce

Operating System and version

Linux Ubuntu 22.04

@rickie rickie added the bug Something isn't working label Nov 10, 2024
@niek-dewit
Copy link

@sergiyvamz @aaron-congo

We investigated this issue a bit further, but this time from a different angle. Instead of building with native image, we tried to connect to the RDS instance via a jar deployment. This worked and you can find it on this branch.

After that, we tried to get the native image setup to work and we made some progress. This takes many cycles because we need to update the reflection-config.json for missing classes. In the commits first commit and second commit you can find our approach. I'm sure we can keep adding missing classes but it feels like we shouldn't be doing this. Can you help us out here? We added our cloudflare log dumps in the referenced commits.

There a few things we changed in the reproducible example:

  • Instead of setting values manually in the .env files, now we hardcoded it in the AwsDataSourceConfiguration file.
  • Hardcoded the values in the property file spring.datasource.url. While we were trying things, we wanted to make sure everything was configured as simple as possible.
  • As we disabled Flyway during the investigation to get to the "core" of the problem. So we manually added a table called users with columns id, name, and email. When running this, make sure to create the table and columns.
  • To be able to run the application, we created a TODO.sql file, that contains some statements that need to be executed.

We hope that having this working case without native image makes it easier to troubleshoot the issue. It would be awesome if we can figure out the issue and run the setup with Native Image :D.

@davecramer
Copy link
Contributor

We can probably add reachability data.

@aaron-congo
Copy link
Contributor

Hi @niek-dewit and @rickie,

Thanks for reaching out and raising this issue. We'll take a look at this and keep you updated as we investigate.

@aaron-congo
Copy link
Contributor

aaron-congo commented Nov 29, 2024

Just an update, I was unfamiliar with native image and reachability metadata, but I've been spending time this week familiarizing myself and am currently in the process of creating/testing our reachability metadata. We use a fair bit of reflection so there's a number of cases to test. I'll continue working on this next week.

@aaron-congo
Copy link
Contributor

Hi @niek-dewit and @rickie,

I've created a branch with the reachability metadata. I believe it should cover all our cases, but please let me know if you run into any problems using it. Could you please follow the instructions here and let me know if it works for you?

@rickie
Copy link
Author

rickie commented Dec 6, 2024

Thanks @aaron-congo. We are probably gonna take a look tomorrow! We'll update you once we checked it out.

@rickie
Copy link
Author

rickie commented Dec 10, 2024

Hello @aaron-congo.

We managed to get it to work!
Thanks for all the effort on your side.

In the end we had quite an extensive reflection-config.json to actually get everything to work. There are also some project specific things in there, but you might find it interesting to see.

`reflection-config.json`

[
{
"name": "com.amazonaws.services.lambda.runtime.events.APIGatewayV2HTTPEvent",
"allDeclaredConstructors": true,
"allDeclaredMethods": true,
"allDeclaredFields": true
},
{
"name": "com.amazonaws.services.lambda.runtime.events.APIGatewayV2HTTPEvent$RequestContext",
"allDeclaredConstructors": true,
"allDeclaredMethods": true,
"allDeclaredFields": true
},
{
"name": "com.amazonaws.services.lambda.runtime.events.APIGatewayV2HTTPEvent$RequestContext$Authorizer",
"allDeclaredConstructors": true,
"allDeclaredMethods": true,
"allDeclaredFields": true
},
{
"name": "com.amazonaws.services.lambda.runtime.events.APIGatewayV2HTTPEvent$RequestContext$Authorizer$JWT",
"allDeclaredConstructors": true,
"allDeclaredMethods": true,
"allDeclaredFields": true
},
{
"name": "com.amazonaws.services.lambda.runtime.events.APIGatewayV2HTTPEvent$RequestContext$Http",
"allDeclaredConstructors": true,
"allDeclaredMethods": true,
"allDeclaredFields": true
},
{
"name": "com.amazonaws.services.lambda.runtime.events.APIGatewayV2HTTPEvent$RequestContext$IAM",
"allDeclaredConstructors": true,
"allDeclaredMethods": true,
"allDeclaredFields": true
},
{
"name": "com.amazonaws.services.lambda.runtime.events.APIGatewayV2HTTPEvent$RequestContext$CognitoIdentity",
"allDeclaredConstructors": true,
"allDeclaredMethods": true,
"allDeclaredFields": true
},
{
"name": "com.amazonaws.services.lambda.runtime.events.APIGatewayV2HTTPResponse",
"allDeclaredConstructors": true,
"allDeclaredMethods": true,
"allDeclaredFields": true
},
{
"name": "software.amazon.jdbc.Driver",
"allDeclaredConstructors": true,
"allPublicConstructors": true,
"allDeclaredMethods": true,
"allPublicMethods": true
},
{
"name": "software.amazon.jdbc.plugin.iam.IamAuthConnectionPlugin",
"allDeclaredConstructors": true,
"allPublicConstructors": true,
"allDeclaredMethods": true,
"allPublicMethods": true
},
{
"name": "software.amazon.jdbc.util.Messages",
"allDeclaredConstructors": true,
"allPublicConstructors": true,
"allDeclaredMethods": true,
"allPublicMethods": true,
"allDeclaredFields": true,
"allPublicFields": true
},
{
"name": "software.amazon.jdbc.AwsWrapperProperty",
"allDeclaredConstructors": true,
"allPublicConstructors": true,
"allDeclaredMethods": true,
"allPublicMethods": true,
"allDeclaredFields": true,
"allPublicFields": true
},
{
"name": "software.amazon.jdbc.PropertyDefinition",
"allDeclaredConstructors": true,
"allPublicConstructors": true,
"allDeclaredMethods": true,
"allPublicMethods": true,
"allDeclaredFields": true,
"allPublicFields": true
},
{
"name": "software.amazon.jdbc.HikariPooledConnectionProvider",
"allDeclaredConstructors": true,
"allDeclaredMethods": true,
"allDeclaredFields": true
},
{
"name": "com.zaxxer.hikari.HikariConfig",
"allDeclaredConstructors": true,
"allDeclaredMethods": true,
"allDeclaredFields": true
},
{
"name": "software.amazon.jdbc.plugin.DriverMetaDataConnectionPluginFactory",
"allPublicConstructors": true
},
{
"name": "software.amazon.jdbc.plugin.DataCacheConnectionPluginFactory",
"allPublicConstructors": true
},
{
"name": "software.amazon.jdbc.plugin.AuroraInitialConnectionStrategyPluginFactory",
"allPublicConstructors": true
},
{
"name": "software.amazon.jdbc.plugin.AuroraConnectionTrackerPluginFactory",
"allPublicConstructors": true
},
{
"name": "software.amazon.jdbc.plugin.staledns.AuroraStaleDnsPluginFactory",
"allPublicConstructors": true
},
{
"name": "software.amazon.jdbc.plugin.readwritesplitting.ReadWriteSplittingPluginFactory",
"allPublicConstructors": true
},
{
"name": "software.amazon.jdbc.plugin.failover.FailoverConnectionPluginFactory",
"allPublicConstructors": true
},
{
"name": "software.amazon.jdbc.plugin.failover2.FailoverConnectionPluginFactory",
"allPublicConstructors": true
},
{
"name": "software.amazon.jdbc.plugin.efm.HostMonitoringConnectionPluginFactory",
"allPublicConstructors": true
},
{
"name": "software.amazon.jdbc.plugin.efm2.HostMonitoringConnectionPluginFactory",
"allPublicConstructors": true
},
{
"name": "software.amazon.jdbc.plugin.strategy.fastestresponse.FastestResponseStrategyPluginFactory",
"allPublicConstructors": true
},
{
"name": "software.amazon.jdbc.plugin.limitless.LimitlessConnectionPluginFactory",
"allPublicConstructors": true
},
{
"name": "software.amazon.jdbc.plugin.LogQueryConnectionPluginFactory",
"allPublicConstructors": true
},
{
"name": "software.amazon.jdbc.plugin.ConnectTimeConnectionPluginFactory",
"allPublicConstructors": true
},
{
"name": "software.amazon.jdbc.plugin.ExecutionTimeConnectionPluginFactory",
"allPublicConstructors": true
},
{
"name": "software.amazon.jdbc.plugin.dev.DeveloperConnectionPluginFactory",
"allPublicConstructors": true
},
{
"name": "software.amazon.jdbc.plugin.customendpoint.CustomEndpointPluginFactory",
"allPublicConstructors": true
},
{
"name": "software.amazon.jdbc.plugin.iam.IamAuthConnectionPluginFactory",
"allPublicConstructors": true
},
{
"name": "software.amazon.jdbc.plugin.AwsSecretsManagerConnectionPluginFactory",
"allPublicConstructors": true
},
{
"name": "software.amazon.jdbc.plugin.federatedauth.FederatedAuthPluginFactory",
"allPublicConstructors": true
},
{
"name": "software.amazon.jdbc.plugin.federatedauth.OktaAuthPluginFactory",
"allPublicConstructors": true
},
{
"condition": {
"typeReachable": "java.sql.CallableStatement"
},
"name": "software.amazon.jdbc.wrapper.CallableStatementWrapper",
"allPublicConstructors": true
},
{
"condition": {
"typeReachable": "java.sql.PreparedStatement"
},
"name": "software.amazon.jdbc.wrapper.PreparedStatementWrapper",
"allPublicConstructors": true
},
{
"condition": {
"typeReachable": "java.sql.Statement"
},
"name": "software.amazon.jdbc.wrapper.StatementWrapper",
"allPublicConstructors": true
},
{
"condition": {
"typeReachable": "java.sql.ResultSet"
},
"name": "software.amazon.jdbc.wrapper.ResultSetWrapper",
"allPublicConstructors": true
},
{
"condition": {
"typeReachable": "java.sql.Array"
},
"name": "software.amazon.jdbc.wrapper.ArrayWrapper",
"allPublicConstructors": true
},
{
"condition": {
"typeReachable": "java.sql.Blob"
},
"name": "software.amazon.jdbc.wrapper.BlobWrapper",
"allPublicConstructors": true
},
{
"condition": {
"typeReachable": "java.sql.NClob"
},
"name": "software.amazon.jdbc.wrapper.NClobWrapper",
"allPublicConstructors": true
},
{
"condition": {
"typeReachable": "java.sql.Clob"
},
"name": "software.amazon.jdbc.wrapper.ClobWrapper",
"allPublicConstructors": true
},
{
"condition": {
"typeReachable": "java.sql.Ref"
},
"name": "software.amazon.jdbc.wrapper.RefWrapper",
"allPublicConstructors": true
},
{
"condition": {
"typeReachable": "java.sql.Struct"
},
"name": "software.amazon.jdbc.wrapper.StructWrapper",
"allPublicConstructors": true
},
{
"condition": {
"typeReachable": "java.sql.Savepoint"
},
"name": "software.amazon.jdbc.wrapper.SavepointWrapper",
"allPublicConstructors": true
},
{
"condition": {
"typeReachable": "java.sql.DatabaseMetaData"
},
"name": "software.amazon.jdbc.wrapper.DatabaseMetaDataWrapper",
"allPublicConstructors": true
},
{
"condition": {
"typeReachable": "java.sql.ParameterMetaData"
},
"name": "software.amazon.jdbc.wrapper.ParameterMetaDataWrapper",
"allPublicConstructors": true
},
{
"condition": {
"typeReachable": "java.sql.ResultSetMetaData"
},
"name": "software.amazon.jdbc.wrapper.ResultSetMetaDataWrapper",
"allPublicConstructors": true
},
{
"condition": {
"typeReachable": "java.sql.SQLData"
},
"name": "software.amazon.jdbc.wrapper.SQLDataWrapper",
"allPublicConstructors": true
},
{
"condition": {
"typeReachable": "java.sql.SQLInput"
},
"name": "software.amazon.jdbc.wrapper.SQLInputWrapper",
"allPublicConstructors": true
},
{
"condition": {
"typeReachable": "java.sql.SQLOutput"
},
"name": "software.amazon.jdbc.wrapper.SQLOutputWrapper",
"allPublicConstructors": true
},
{
"condition": {
"typeReachable": "java.sql.SQLType"
},
"name": "software.amazon.jdbc.wrapper.SQLTypeWrapper",
"allPublicConstructors": true
},
{
"condition": {
"typeReachable": "software.amazon.jdbc.ds.AwsWrapperDataSource"
},
"name": "software.amazon.jdbc.ds.AwsWrapperDataSourceFactory",
"allPublicConstructors": true
},
{
"name": "java.sql.SQLClientInfoException",
"allPublicConstructors": true
},
{
"condition": {
"typeReachable": "java.sql.SQLType"
},
"name": "java.lang.RuntimeException",
"allPublicConstructors": true
},
{
"name": "java.sql.SQLException",
"allPublicConstructors": true
},
{
"condition": {
"typeReachable": "software.amazon.jdbc.plugin.AwsSecretsManagerConnectionPluginFactory"
},
"name": "software.amazon.jdbc.plugin.AwsSecretsManagerConnectionPlugin$Secret",
"allDeclaredConstructors": true,
"allDeclaredFields": true,
"allDeclaredClasses": true
},
{
"name": "org.postgresql.ds.PGSimpleDataSource",
"allPublicConstructors": true
},
{
"name": "java.util.UUID[]",
"unsafeAllocated": true
},
{
"name": "java.util.UUID",
"unsafeAllocated": true
},
{
"name": "org.joda.time.DateTime",
"allDeclaredConstructors": true,
"allPublicConstructors": true,
"allDeclaredMethods": true,
"allPublicMethods": true
},
{
"name": "org.joda.time.DateTimeZone",
"allDeclaredConstructors": true,
"allPublicConstructors": true,
"allDeclaredMethods": true,
"allPublicMethods": true
},
{
"name": "org.joda.time.LocalDate",
"allDeclaredConstructors": true,
"allPublicConstructors": true,
"allDeclaredMethods": true,
"allPublicMethods": true
},
{
"name": "org.joda.time.LocalTime",
"allDeclaredConstructors": true,
"allPublicConstructors": true,
"allDeclaredMethods": true,
"allPublicMethods": true
},
{
"name": "org.joda.time.LocalDateTime",
"allDeclaredConstructors": true,
"allPublicConstructors": true,
"allDeclaredMethods": true,
"allPublicMethods": true
},
{
"name": "org.joda.time.format.DateTimeFormatter",
"allDeclaredConstructors": true,
"allPublicConstructors": true,
"allDeclaredMethods": true,
"allPublicMethods": true
},
{
"name": "org.joda.time.format.DateTimeFormat",
"allDeclaredConstructors": true,
"allPublicConstructors": true,
"allDeclaredMethods": true,
"allPublicMethods": true
},
{
"name": "org.joda.time.Instant",
"allDeclaredConstructors": true,
"allPublicConstructors": true,
"allDeclaredMethods": true,
"allPublicMethods": true
},
{
"name": "org.joda.time.base.BaseDateTime",
"allDeclaredConstructors": true,
"allPublicConstructors": true,
"allDeclaredMethods": true,
"allPublicMethods": true
},
{
"name": "org.joda.time.chrono.ISOChronology",
"allDeclaredConstructors": true,
"allPublicConstructors": true,
"allDeclaredMethods": true,
"allPublicMethods": true
}
]

Because we use Flyway, we also had to do this:

{
  "bundles": [
    {
      "name": "aws_advanced_jdbc_wrapper_messages"
    }
  ],
  "includes": [
    {
      "pattern": "db/migration/.*\\.sql"
    }
  ]
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

5 participants