Localstack 抛出请求中包含的安全令牌无效
Localstack throws The security token included in the request is invalid
我使用带有 Testcontainers((testcontainers:localstack:1.15.2 )) 的 Localstack 进行集成测试,并在测试设置中设置秘密,如下所示:
代码示例
import com.amazonaws.services.secretsmanager.AWSSecretsManager;
import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
import com.amazonaws.services.secretsmanager.model.CreateSecretRequest;
import org.junit.Rule;
import org.junit.Test;
import org.testcontainers.containers.localstack.LocalStackContainer;
import org.testcontainers.utility.DockerImageName;
import static org.testcontainers.containers.localstack.LocalStackContainer.Service.SECRETSMANAGER;
public class QueueServiceTest {
DockerImageName localstackImage = DockerImageName.parse("localstack/localstack:0.11.3");
@Rule
public LocalStackContainer localstack = new LocalStackContainer(localstackImage)
.withServices(SECRETSMANAGER).withEnv("LOCALSTACK_HOSTNAME", "localhost").withEnv("HOSTNAME", "localhost");
@Test
public void someTestMethod() {
AWSSecretsManager secretsManager = AWSSecretsManagerClientBuilder.standard()
.withCredentials(localstack.getDefaultCredentialsProvider()).withRegion(localstack.getRegion())
.build();
String secretString = "usrnme";
CreateSecretRequest request = new CreateSecretRequest().withName("test")
.withSecretString(secretString)
.withRequestCredentialsProvider(localstack.getDefaultCredentialsProvider());
secretsManager.createSecret(request);
}
}
现在测试崩溃并出现错误:
com.amazonaws.services.secretsmanager.model.AWSSecretsManagerException:
The security token included in the request is invalid. (Service:
AWSSecretsManager; Status Code: 400; Error Code:
UnrecognizedClientException; Request ID:
314b0dee-69ed-4b08-9cd0-2618b8e14b25; Proxy: null)
at
com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1819)
at
com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1403)
at
com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1372)
at
com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1145)
at
com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:802)
at
com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770)
at
com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744)
at
com.amazonaws.http.AmazonHttpClient$RequestExecutor.access0(AmazonHttpClient.java:704)
at
com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686)
at
com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550)
at
com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530)
at
com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.doInvoke(AWSSecretsManagerClient.java:2625)
at
com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.invoke(AWSSecretsManagerClient.java:2594)
at
com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.invoke(AWSSecretsManagerClient.java:2583)
at
com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.executeCreateSecret(AWSSecretsManagerClient.java:557)
at
com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.createSecret(AWSSecretsManagerClient.java:528)
我想我缺少一些参数,谁能帮我解决一下。
缺少 AWSSecretsManagerClientBuilder 的端点配置。现在您的客户端以真正的 AWS 端点为目标,例如:https://secretsmanager.us-east-1.amazonaws.com:443
public class LocalStackSecretsManagerTest {
DockerImageName localstackImage = DockerImageName.parse("localstack/localstack:0.11.3");
@Rule
public LocalStackContainer localstack = new LocalStackContainer(localstackImage)
.withServices(SECRETSMANAGER)
.withEnv("LOCALSTACK_HOSTNAME", "localhost")
.withEnv("HOSTNAME", "localhost");
@Test
void someTestMethod() {
AWSSecretsManager secretsManager = AWSSecretsManagerClientBuilder.standard()
.withCredentials(localstack.getDefaultCredentialsProvider())
.withEndpointConfiguration(localstack.getEndpointConfiguration(SECRETSMANAGER)) // this is the important line
.build();
String secretString = "usrnme";
CreateSecretRequest request = new CreateSecretRequest()
.withName("test")
.withSecretString(secretString);
secretsManager.createSecret(request);
}
}
指定端点时,您可以删除区域配置。
CreateSecretRequest 上的附加 .withRequestCredentialsProvider(localstack.getDefaultCredentialsProvider()); 是多余的,仅当您想要覆盖每个 CreateSecretRequest 的凭据提供程序时才需要。
我使用带有 Testcontainers((testcontainers:localstack:1.15.2 )) 的 Localstack 进行集成测试,并在测试设置中设置秘密,如下所示: 代码示例
import com.amazonaws.services.secretsmanager.AWSSecretsManager;
import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
import com.amazonaws.services.secretsmanager.model.CreateSecretRequest;
import org.junit.Rule;
import org.junit.Test;
import org.testcontainers.containers.localstack.LocalStackContainer;
import org.testcontainers.utility.DockerImageName;
import static org.testcontainers.containers.localstack.LocalStackContainer.Service.SECRETSMANAGER;
public class QueueServiceTest {
DockerImageName localstackImage = DockerImageName.parse("localstack/localstack:0.11.3");
@Rule
public LocalStackContainer localstack = new LocalStackContainer(localstackImage)
.withServices(SECRETSMANAGER).withEnv("LOCALSTACK_HOSTNAME", "localhost").withEnv("HOSTNAME", "localhost");
@Test
public void someTestMethod() {
AWSSecretsManager secretsManager = AWSSecretsManagerClientBuilder.standard()
.withCredentials(localstack.getDefaultCredentialsProvider()).withRegion(localstack.getRegion())
.build();
String secretString = "usrnme";
CreateSecretRequest request = new CreateSecretRequest().withName("test")
.withSecretString(secretString)
.withRequestCredentialsProvider(localstack.getDefaultCredentialsProvider());
secretsManager.createSecret(request);
}
}
现在测试崩溃并出现错误:
com.amazonaws.services.secretsmanager.model.AWSSecretsManagerException: The security token included in the request is invalid. (Service: AWSSecretsManager; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: 314b0dee-69ed-4b08-9cd0-2618b8e14b25; Proxy: null)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1819) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1403) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1372) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1145) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:802) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access0(AmazonHttpClient.java:704) at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686) at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550) at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530) at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.doInvoke(AWSSecretsManagerClient.java:2625) at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.invoke(AWSSecretsManagerClient.java:2594) at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.invoke(AWSSecretsManagerClient.java:2583) at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.executeCreateSecret(AWSSecretsManagerClient.java:557) at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.createSecret(AWSSecretsManagerClient.java:528)
我想我缺少一些参数,谁能帮我解决一下。
缺少 AWSSecretsManagerClientBuilder 的端点配置。现在您的客户端以真正的 AWS 端点为目标,例如:https://secretsmanager.us-east-1.amazonaws.com:443
public class LocalStackSecretsManagerTest {
DockerImageName localstackImage = DockerImageName.parse("localstack/localstack:0.11.3");
@Rule
public LocalStackContainer localstack = new LocalStackContainer(localstackImage)
.withServices(SECRETSMANAGER)
.withEnv("LOCALSTACK_HOSTNAME", "localhost")
.withEnv("HOSTNAME", "localhost");
@Test
void someTestMethod() {
AWSSecretsManager secretsManager = AWSSecretsManagerClientBuilder.standard()
.withCredentials(localstack.getDefaultCredentialsProvider())
.withEndpointConfiguration(localstack.getEndpointConfiguration(SECRETSMANAGER)) // this is the important line
.build();
String secretString = "usrnme";
CreateSecretRequest request = new CreateSecretRequest()
.withName("test")
.withSecretString(secretString);
secretsManager.createSecret(request);
}
}
指定端点时,您可以删除区域配置。
CreateSecretRequest 上的附加 .withRequestCredentialsProvider(localstack.getDefaultCredentialsProvider()); 是多余的,仅当您想要覆盖每个 CreateSecretRequest 的凭据提供程序时才需要。