-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Google Clould KMS call hangs #42
Comments
Hi @ShahNewazKhan, My best guess is to look in the Google Cloud audit log to see if there are failing events. It looks like the service client is being created with whatever the default credentials are in your environment (the You might want to consider creating a logstash-filter plugin rather than modifying this one, that gives a few benefits:
Let me know if that helps! |
Hi @josephlewis42, Thanks for the input! I will try and resolve this as an extension for this plugin with the Regarding the auth method, I tried passing in the public byte[] decryptWrappedKey(String wrappedKey, String cid, FixedCredentialsProvider creds)
throws IOException {
if (this.testMode) { logger.log(Level.INFO, "Decrypting wrapped key");}
byte[] wrappedKeyBytes = Base64.decodeBase64(wrappedKey);
// Create the KeyManagementServiceClient using try-with-resources to manage client cleanup.
if (this.testMode) { logger.log(Level.INFO, "Creating KMS Client");}
try {
if (this.testMode) { logger.log(Level.INFO, "Creating KMS settings");}
KeyManagementServiceSettings keyManagementServiceSettings =
KeyManagementServiceSettings.newBuilder()
.setCredentialsProvider(creds)
.build();
if (this.testMode) { logger.log(Level.INFO, "Creating KMS settings");}
KeyManagementServiceClient client =
KeyManagementServiceClient.create(keyManagementServiceSettings);
logger.log(Level.INFO, "ENTERED KEY CREATION");
String keyResourceName = CryptoKeyName.format(
this.projectId,
this.locationId,
this.keyRingId,
cid);
// Decrypt the ciphertext with Cloud KMS.
if (this.testMode) { logger.log(Level.INFO, "Decrypting KMS response"); }
DecryptResponse response = client.decrypt(keyResourceName, ByteString.copyFrom(wrappedKeyBytes));
if (this.testMode) { logger.log(Level.INFO, "Returning decrypted wraped key"); }
client.close();
logger.log(Level.INFO, "**************CLOSING KMS CLIENT ***********");
return response.getPlaintext().toByteArray();
}catch (Exception e) {
throw new RuntimeException(e);
}
} I will try to take the |
@josephlewis42 an update: EDIT I was able to find the relevant by instantiating the java.lang.NoClassDefFoundError: com/google/cloud/kms/v1/ListKeyRingsRequest
at com.google.cloud.kms.v1.stub.GrpcKeyManagementServiceStub.<clinit>(com/google/cloud/kms/v1/stub/GrpcKeyManagementServiceStub.java:88)
at com.google.cloud.kms.v1.stub.KeyManagementServiceStubSettings.createStub(com/google/cloud/kms/v1/stub/KeyManagementServiceStubSetting
s.java:292)
at com.google.cloud.kms.v1.KeyManagementServiceClient.<init>(com/google/cloud/kms/v1/KeyManagementServiceClient.java:154)
at com.google.cloud.kms.v1.KeyManagementServiceClient.create(com/google/cloud/kms/v1/KeyManagementServiceClient.java:135)
at com.google.cloud.kms.v1.KeyManagementServiceClient.create(com/google/cloud/kms/v1/KeyManagementServiceClient.java:126)
I have checked |
Hello,
I am extending this plugin to include a GCP KMS decryption procedure inside the
pubsub subscribe handler
by creating adecrypt.java
jar file that stalls when I call thedecrpytWrappedKey
method as described below:The unit tests for this method runs fine, however when I jar it up and call it from within the
subscribe handler
in this plugin, it hangs at the client create portion.I can see the
ENTERED KEY CREATION
log and then it just hangs, any ideas how I can go about debugging this?The text was updated successfully, but these errors were encountered: