As my title states, we are using the AWS .NET SDK and on our web.config configured a profile that points to a credentials file(see: https://docs.aws.amazon.com/sdk-for-net/v2/developer-guide/net-dg-config-creds.html using credentials file) on the disk(so out of the source code). This seems to work fine but we are rotating these keys every x period so we need to change the keys within the file. My question is does de AWS .NET SDK notice that the file is changed and automatically load the new credentials or when does it actually load? In other words, if we change the credentials in this file do we need to do additional steps for the application to actually use them?
What I tried now is start up the application locally, change the credentials to a faulty one and calls are still going thru without a problem. Next, I stopped my application and rebuilded in with the same file having faulty credentials. After doing this the application is still able to make correct calls so I'm wondering how this works as if it is falling back on credentials that did work. Or maybe I just didn't test right.
We are using .net framework 4.6.2 application using the aws sdk version 3.3
Also what i forgot to mention is that for each request we initialize the client like this:
using (AmazonCognitoIdentityProviderClient client = new AmazonCognitoIdentityProviderClient(regionEndpoint))
Short answer is creating a client like that will cause the credentials to be read from the credentials file when the first client is created.
The longer answer is when you create without credentials the client uses the FallbackCredentialsFactory class to find credentials either through the credentials file or environment like EC2 instance metadata. The FallbackCredentialsFactory has a static instance of Amazon.Runtime.CredentialManagement.CredentialProfileStoreChain which is what gets the credentials for a profile.
If you want to something different you could have your code create an instance of CredentialProfileStoreChain before creating a client and use that to get the credentials and pass those credentials into the client.
Related
I have a google workspace addon which is extending gmail and is using app script oauth to connect our own system, https://github.com/googleworkspace/apps-script-oauth2.
Our system has a development environment and a live environment, each uses a different identity client id secret which need to be used when connecting to each. I have stored these as different project properites with the development properties being prefixed with 'dev-' and i have a function that looks like this:
getScriptPropery function. This function has a variable that should let me change the script properties I access.
I have then created a versioned deployment that uses the live project properties and have kept my HEAD deployment using the develpoment properties. My problem is that once someone tries to login on the versioned deployment they seem to be redirected back to the HEAD version of the code which is using development project properties, this then breaks the login attempt and gives the following error: AppScript login error. I have tested this by adding logging that is only in the HEAD version of the getScriptProperty function and you can see the logs swap to using the development properties after redirecting from the login attempt, Logging example.
Is there a better way to manage deployments/project properties to stop this from happening or have a just missed something with how they are meant to work?
When I run Keycloak, I'd like it to load my LDAP configuration (user federation) automatically when it is run, so I don't have to enter it manually. Is there any way to do this with Keycloak? I'm using the containerized version 7.0.0, if it matters. I am also running in standalone mode. Thanks
You should be able to create your realm from a template that has your LDAP configuration in it.
From what I understand from your question, you want to use LDAP as your user Federation server, so you should have an LDAP up and running before starting your Keycloak container, and the container should start with the LDAP configuration.. to do this, I'll suggest a method that is a bit cumbersome at first, but it will give you a better grasp on how to configure Keycloak in the future.
Start by downloading keycloak from the website and run it without putting it in a container.. set up your Realm, clients and everything apart from the LDAP configuration.
Copy the Keycloak.json file outside of the directory, we're going to use that later
Get back to your web interface, configure your LDAP server, and save the configuration.
Now copy the keycloak.json file again, and place both versions in a text comparison tool, Diffmerge for example, and see the difference in the configuration related to your LDAP, that should be added to your container's keycloak.json.
A good practice using keycloak container is to create your whole configuration, and replace the default one, this way your container will start every time with your Realms, clients and all other pre-configured attributes.
OK so I think I figured it out. In Keycloak I had to export the realm via the standalone.sh script as specified in the documentation. Using the kcadm.sh admin CLI did not export the whole realm. Then I could import the realm using the admin CLI later. Thanks for your help it lead me to this answer.
I have a PHP application I am wanting to deploy to Azure via Github. One of the files is a connection to a MySQL DB, which for obvious reasons, I don't want to have tracked on Github. The issue I am running into is getting connected to the DB, and displaying my webpage properly, because the connect.php file isn't in Github. What is the best way to get that to Azure without going through Github?
In your connect.php file, get your values from an environment variable instead of setting it explicitly. Then, in your Azure portal, go to the web app's Application Settings blade & set your environment variables under the App settings section.
Is there a way to change the configuration store location for the OSGi Configuration Admin service? I'd like to have the properties files exist in another bundle so they'd exist in source control & in the deployment rather than the OSGi store.
In the end I decided to use Apache Felix File Install to update the configuration properties of a Configuration Admin ManagedService. This seems to work passably well.
It's a little kludgy because when the files are updated the new configuration properties get pushed to the managed service without regard to their being correct values. This means that on next startup the values will still be bad & need to be set to defaults.
It should work for now.
The Config Admin implementations cannot do this, at least not in a portable way via the specification. Instead you need a "management agent" that pushes configuration data into Config Admin via the API; it can derive that configuration data from any source it wishes.
FileInstall is a very simple example of a management agent. If it does not do exactly what you want then it is not too difficult to write your own.
The ManagedServices will still need to perform validation of incoming configuration data and dynamically react to new configuration data. OSGi is a dynamic platform and Config Admin is designed to allow for on-the-fly reconfiguration of a running system.
how to load the mysql server in android emulator
i.e
Class.forName("com.mysql.jdbc.Driver")
i got the exception java.land.ClassNotFoundException in com.mysql.jdbc.Drive
please reply me.
This assumes MySQL is publicly available from internet, but it is never good idea .
Setup public WebService and connect to it from mobile application.
You won't be able to run MySQL server on an Android device.
What you're doing, however, is trying to load the MySQL client library. That isn't included as part of Android so you cannot load it. You'd need to include the relevant JARs in your project, if you really do want to connect to a remote MySQL database from an Android app.
If you do want to store and access data on your Android device, the awesome SQLite database is included by default, including all the APIs you need to create, upgrade and otherwise interact with SQLite databases.
When I did this I created PHP files for the database operations. I sent data in XML and received data in XML all using PHP scripts. I found this to be the easiest way for me...but you need to know PHP of course.