Following this guide and this code example, I have this in my application-deploy.yaml
:
spring:following
cloud:
gcp:
project-id: ${PROJECT_ID} # Set during build-process (Docker)
sql:
enabled: true
database-name: xxxxxxxxxx
instance-connection-name: ${sm://CLOUD_SQL_INSTANCE_CONNECTION_NAME}
datasource:
driver-class-name: org.postgresql.Driver
username: ${sm://JDBC_DATABASE_USERNAME}
password: ${sm://JDBC_DATABASE_PASSWORD}
name: postgres
and the following dependencies in my pom.xml
:
<dependency>
<groupId>com.google.cloud</groupId>
<artifactId>spring-cloud-gcp-starter</artifactId>
</dependency>
<dependency>
<groupId>com.google.cloud</groupId>
<artifactId>spring-cloud-gcp-starter-sql-postgresql</artifactId>
</dependency>
<dependency>
<groupId>com.google.cloud</groupId>
<artifactId>spring-cloud-gcp-starter-secretmanager</artifactId>
</dependency>
However, after running gcloud run deploy
for the service, it immediatelly crahes because the environment variables are not properly resolved:
Caused by: java.lang.IllegalArgumentException: [//CLOUD_SQL_INSTANCE_CONNECTION_NAME] Cloud SQL connection name is invalid, expected string in the form of "<PROJECT_ID>:<REGION_ID>:<INSTANCE_ID>".
at com.google.common.base.Preconditions.checkArgument(Preconditions.java:145) ~[guava-31.1-jre.jar!/:na]
at com.google.cloud.sql.core.CloudSqlInstance.<init>(CloudSqlInstance.java:135) ~[jdbc-socket-factory-core-1.11.0.jar!/:na]
at com.google.cloud.sql.core.CoreSocketFactory.lambda$getCloudSqlInstance$0(CoreSocketFactory.java:165) ~[jdbc-socket-factory-core-1.11.0.jar!/:na]
at java.base/java.util.concurrent.ConcurrentHashMap.computeIfAbsent(ConcurrentHashMap.java:1708) ~[na:na]
...
The following is in my bootstrap.yaml
spring:
cloud:
gcp:
project-id: ${PROJECT_ID}
secretmanager:
project-id: ${PROJECT_ID}
For good measure, and according to another source, I'm throwing in some additional dependency-management in order to make sure `` is available:
<!-- ... -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-bootstrap</artifactId>
</dependency>
<!-- ... -->
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring.cloud-version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
I have added Secret Manager Admin
roles to the SA principals:
What am I missing here?
It turned out to be a simple issue: I wasn't aware that we have to "import" the sm://
prefix in the application.yaml
(do yourself a favor and use .yaml
instead or .properties
):
spring:
config:
import: "sm://"
You can find a full example here: spring-boot-gcp-secret-manager