Inside of Config.groovy i have setup a few environment variables:
def appName = grails.util.Metadata.current.getApplicationName()
def casUrl = "https://login.cas.server/cas"
environments {
development {
grails.logging.jul.usebridge = true
host.address = "12.34.56.78"
host.port = "8080"
}
test {
grails.logging.jul.usebridge = true
host.address = "http://staging.server.somewhere.com/"
host.port = ""
}
production {
grails.logging.jul.usebridge = false
host.address = "http://www.production.com"
host.port = ""
}
}
I'm trying to use those values inside the same configuration file (Config.groovy) like so:
grails.plugin.springsecurity.cas.loginUri = '/login'
grails.plugin.springsecurity.cas.serviceUrl = "${host.address}:${host.port}/${appName}/j_spring_cas_security_check"
grails.plugin.springsecurity.cas.serverUrlPrefix = '${casUrl}'
grails.plugin.springsecurity.cas.proxyCallbackUrl = "/secure/receptor"
grails.plugin.springsecurity.logout.afterLogoutUrl = "${casUrl}/logout?url=${host.address}:${host.port}/${appName}/"
However, the only thing that is getting resolved is the appName variable, everything else is null. Is this something that can be done? It looks like it was used in this post here Grails: Spring Security CAS Working in 2.2.3 but I cant seem to get them to resolve.
If I do something like
def appName = grails.util.Metadata.current.getApplicationName()
def casUrl = "https://login.umt.edu/cas"
host.address = "MyAddress"
environments {
...
The configSlurper resolves that host.address inside the CAS config, why can't I access the enviornment variables?
See the answer here under Basic Configuration.
However, you can't nest after using the dot notation. In other words, this won't work
// Won't work!
foo.bar {
hello = "world"
good = "bye"
}
So try to use nesting like this
foo {
bar {
hello = "world"
good = "bye"
}
}
Move the properties that depend on host.address and host.port inside each environment block:
environments {
development {
grails.logging.jul.usebridge = true
host.address = "12.34.56.78"
host.port = "8080"
grails.plugin.springsecurity.cas.serviceUrl = "${host.address}:${host.port}/${appName}/j_spring_cas_security_check"
grails.plugin.springsecurity.logout.afterLogoutUrl = "${casUrl}/logout?url=${host.address}:${host.port}/${appName}/"
}
test {
grails.logging.jul.usebridge = true
host.address = "http://staging.server.somewhere.com/"
host.port = ""
grails.plugin.springsecurity.cas.serviceUrl = "${host.address}:${host.port}/${appName}/j_spring_cas_security_check"
grails.plugin.springsecurity.logout.afterLogoutUrl = "${casUrl}/logout?url=${host.address}:${host.port}/${appName}/"
}
production {
grails.logging.jul.usebridge = false
host.address = "http://www.production.com"
host.port = ""
grails.plugin.springsecurity.cas.serviceUrl = "${host.address}:${host.port}/${appName}/j_spring_cas_security_check"
grails.plugin.springsecurity.logout.afterLogoutUrl = "${casUrl}/logout?url=${host.address}:${host.port}/${appName}/"
}
}
You can get rid of the host.address and host.port variables altogether:
environments {
development {
grails.logging.jul.usebridge = true
grails.plugin.springsecurity.cas.serviceUrl = "http://12.34.56.78:8080/${appName}/j_spring_cas_security_check"
grails.plugin.springsecurity.logout.afterLogoutUrl = "${casUrl}/logout?url=http://12.34.56.78:8080/${appName}/"
}
test {
grails.logging.jul.usebridge = true
grails.plugin.springsecurity.cas.serviceUrl = "http://staging.server.somewhere.com/${appName}/j_spring_cas_security_check"
grails.plugin.springsecurity.logout.afterLogoutUrl = "${casUrl}/logout?url=http://staging.server.somewhere.com/${appName}/"
}
production {
grails.logging.jul.usebridge = false
grails.plugin.springsecurity.cas.serviceUrl = "http://www.production.com/${appName}/j_spring_cas_security_check"
grails.plugin.springsecurity.logout.afterLogoutUrl = "${casUrl}/logout?url=http://www.production.com/${appName}/"
}
}
Related
In springboot2.X i am able to set hikari connection pool config like maxLifeTime in application.ymal easily.
Similarly i want to to it in groovy. Is it inside dBProperties?
i am using groovy 2.5.4 and grails 2.4.4
dataSource {
pooled = true
dbCreate = "update"
url = "jdbc:mysql://localhost:3306/my_database"
driverClassName = "com.mysql.jdbc.Driver"
dialect = org.hibernate.dialect.MySQL5InnoDBDialect
username = "username"
password = "password"
type = "com.zaxxer.hikari.HikariDataSource"
properties {
....
....
dbProperties {
maxLifeTime=200000
}
}
}
You can add it as bean in conf/spring/resources.groovy
import com.zaxxer.hikari.HikariConfig
import com.zaxxer.hikari.HikariDataSource
import grails.util.Holders
// Place your Spring DSL code here
beans = {
dataSource(HikariDataSource) { bean ->
def ds = Holders.config.dataSource
def hp = new Properties()
hp.username = ds.username
hp.password = ds.password
hp.jdbcUrl = ds.url
hp.driverClassName = ds.driverClassName
hp.connectionTimeout = ds.hikariConnectionTimeout
hp.maximumPoolSize = ds.hikariMaximumPoolSize
hp.maxLifetime = ds.hikariMaxLifetime
hp.idleTimeout = ds.hikariIdleTimeout
hp.minimumIdle = ds.hikariMinimumIdle
hp.connectionTestQuery = "SELECT 1"
HikariConfig hc = new HikariConfig(hp)
bean.constructorArgs = [hc]
}
}
With these added you can define your properties in your Datasoure.groovy like this
dataSource {
dbCreate = "update"
url = "jdbc:postgresql://localhost:5432/db"
username = "username"
password = "password"
hikariMinimumIdle = 5
hikariMaximumPoolSize = 30
hikariIdleTimeout = 600000
hikariConnectionTimeout = 30000
hikariMaxLifetime = 1800000
}
I am creating an application using Docker on ECS. I have the following Terraform file (concatenated for ease of reading):
resource "aws_ecs_cluster" "my-cluster" {
name = "my-cluster"
}
resource "aws_launch_configuration" "ecs" {
name = "ECS Cluster"
image_id = "ami-1c002379"
instance_type = "m4.xlarge"
security_groups = ["sg-4218de2a"]
iam_instance_profile = "${aws_iam_instance_profile.ecs.name}"
# TODO: is there a good way to make the key configurable sanely?
key_name = "my-key"
associate_public_ip_address = true
user_data = "#!/bin/bash\necho ECS_CLUSTER='${aws_ecs_cluster.my-cluster.name}' > /etc/ecs/ecs.config"
}
resource "aws_iam_role" "ecs_host_role" {
name = "ecs_host_role"
assume_role_policy = "${file("policies/ecs-role.json")}"
}
resource "aws_iam_role_policy" "ecs_instance_role_policy" {
name = "ecs_instance_role_policy"
policy = "${file("policies/ecs-instance-role-policy.json")}"
role = "${aws_iam_role.ecs_host_role.id}"
}
resource "aws_iam_policy_attachment" "ecs_for_ec2" {
name = "ecs-for-ec2"
roles = ["${aws_iam_role.ecs_host_role.id}"]
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
}
resource "aws_iam_role" "ecs_service_role" {
name = "ecs_service_role"
assume_role_policy = "${file("policies/ecs-role.json")}"
}
resource "aws_iam_role_policy" "ecs_service_role_policy" {
name = "ecs_service_role_policy"
policy = "${file("policies/ecs-service-role-policy.json")}"
role = "${aws_iam_role.ecs_service_role.id}"
}
resource "aws_iam_instance_profile" "ecs" {
name = "ecs-instance-profile"
path = "/"
role = "${aws_iam_role.ecs_host_role.name}"
}
resource "aws_autoscaling_group" "ecs-cluster" {
availability_zones = ["us-east-2a", "us-east-2b"]
name = "ECS ${aws_ecs_cluster.my-cluster.name}"
min_size = "1"
max_size = "2"
desired_capacity = "1"
health_check_type = "EC2"
launch_configuration = "${aws_launch_configuration.ecs.name}"
vpc_zone_identifier = ["subnet-8e9abce7"]
}
resource "aws_alb" "front-end" {
name = "alb"
internal = false
security_groups = ["sg-4218de2a"]
subnets = ["subnet-8e9abce7", "subnet-e11d779a"]
enable_deletion_protection = true
}
resource "aws_alb_listener" "front_end" {
load_balancer_arn = "${aws_alb.front-end.arn}"
port = "80"
protocol = "HTTP"
default_action {
target_group_arn = "${aws_alb_target_group.fe-tg.arn}"
type = "forward"
}
}
resource "aws_alb_target_group" "fe-tg" {
name = "fe-tg"
port = 8080
protocol = "HTTP"
vpc_id = "vpc-22eeb84b"
health_check {
path = "/poc/healthy.html"
}
}
resource "aws_autoscaling_attachment" "asg_attachment_bar" {
autoscaling_group_name = "${aws_autoscaling_group.ecs-cluster.name}"
alb_target_group_arn = "${aws_alb_target_group.fe-tg.arn}"
}
resource "template_file" "task_container_definition" {
template = "${file("container-defintion.json.tpl")}"
vars {
aws_region = "${var.region}"
aws_account = "${var.account}"
image = "${var.image}"
tag = "${var.tag}"
}
}
resource "aws_ecs_task_definition" "my-td" {
family = "my-task"
container_definitions = "${template_file.task_container_definition.rendered}"
}
resource "aws_ecs_service" "poc" {
name = "poc-v4"
cluster = "${aws_ecs_cluster.my-cluster.name}"
task_definition = "${aws_ecs_task_definition.my-td.arn}"
desired_count = 3
iam_role = "${aws_iam_role.ecs_service_role.arn}"
depends_on = ["aws_iam_role_policy.ecs_service_role_policy", "aws_alb_listener.front_end"]
deployment_maximum_percent = 200
deployment_minimum_healthy_percent = 51
load_balancer {
target_group_arn = "${aws_alb_target_group.fe-tg.id}"
container_name = "greeter"
container_port = 0
}
placement_constraints {
type = "memberOf"
expression = "attribute:ecs.availability-zone in [us-east-2a, us-east-2b]"
}
placement_strategy {
type = "binpack"
field = "cpu"
}
}
Task Definition Template:
[{
"environment": [],
"name": "greeter",
"mountPoints": [],
"image": "${aws_account}.dkr.ecr.${aws_region}.amazonaws.com/${image}:${tag}",
"cpu": 0,
"portMappings": [
{
"containerPort": 8080, "hostPort": 0
}
],
"memory": 2048,
"memoryReservation": 1024,
"essential": true,
"volumesFrom": []
}]
I am asking ECS to spin up at least 3 tasks within my service. But, for some reason, my Application Load Balancer isn't putting the Ephemeral Ports into the health check. It's putting the actually tomcat port (8080).
When I create a service by hand it works just fine, but using Terraform it doesn't. Does anything stick out?
Yes, I saw the setting. the resource aws_alb_listener is only used to define default rule (the last, lowest priority rule)
Please add resource aws_alb_listener_rule, sample codes for you:
resource "aws_alb_listener_rule" "static" {
listener_arn = "${aws_alb_listener.front_end.arn}"
priority = 100
action {
type = "forward"
target_group_arn = "${aws_alb_target_group.fe-tg.arn}"
}
condition {
field = "path-pattern"
values = ["/static/*"]
}
}
You can add more resource aws_alb_listener_rule with different priority (100, 101, 102,...).
With it, you should be fine to get dynamic ports properly.
I have some package to override in my configuration.nix. So I write the code as follows:
nixpkgs.config = {
allowUnfree = true;
packageOverrides = {
pkgs: rec {
#mumble + pulse audio
mumble = pkgs.mumble.override {
pulseSupport = true;
};
#kernel for intel ethernet and Testing e1000e package override
linuxPackages.e1000e = pkgs.linuxPackages.e1000e.overrideDerivation (attrs: {
name = "e1000e-3.3.3-${config.boot.kernelPackages.kernel.version}";
src = fetchurl {
url = "https://www.dropbox.com/s/pxx883hx9763ygn/e1000e-3.3.3.tar.gz?dl=0";
sha256 = "1s2w54927fsxg0f037h31g3qkajgn5jd0x3yi1chxsyckrcr0x80";
};
});
};
};
};
but when I do nixos-rebuild switch, I got the following error:
syntax error, unexpected ':', expecting '.' or '=', at 37,11
which is at pkgs: rec {...
What did I do wrong? At first I write it by separating the pkgs like this:
packageOverrides = {
pkgs: with pkgs: {......}; #this is for mumble
pkgs: rec {...}; #this is for kernel
};
and still got the same error.
The proper solution is:
nixpkgs.config = {
allowUnfree = true;
packageOverrides = super: let self = super.pkgs; in {
mumble = super.mumble.override { pulseSupport = true; };
linuxPackages = super.linuxPackages // {
e1000e = super.linuxPackages.e1000e.overrideDerivation (old: {
name = "e1000e-3.3.3-${config.boot.kernelPackages.kernel.version}";
src = fetchurl {
url = "https://www.dropbox.com/s/pxx883hx9763ygn/e1000e-3.3.3.tar.gz?dl=0";
sha256 = "1s2w54927fsxg0f037h31g3qkajgn5jd0x3yi1chxsyckrcr0x80";
};
});
};
};
}
The variable super refers to the Nixpkgs set before the overrides are applied and self refers to it after the overrides are applied. It's important to distinguish these two explicitly to avoid infinite recursions, etc.
Also, note that your override
linuxPackages.e1000e = pkgs.linuxPackages.e1000e.overrideDerivation ...
replaces the linuxPackages attribute set with one that contains nothing but the (overriden) e1000e derivation. That's probably not what you want.
I'm using Grails 1.3.7 with Jasypt and I have the below in my Config.groovy:
jasypt {
algorithm = "PBEWithMD5AndTripleDES"
password = "password"
keyObtentionIterations = 1
saltSizeBytes = 0
}
How can I set the salt property to ZeroSaltGenerator?
In Config.groovy, change your config for jasypt to:
jasypt {
algorithm = "PBEWithMD5AndTripleDES"
password = "password"
keyObtentionIterations = 1
saltGenerator = new org.jasypt.salt.ZeroSaltGenerator()
}
If you want to use ZeroSaltGenerator then you have to make following changes:
Inside your config.groovy:
jasypt {
encryptorRegisteredName = "gormEncryptor"
}
And in your resources.groovy:
beans = {
hibernateStringEncryptor(HibernatePBEStringEncryptor) {
registeredName = "gormEncryptor"
algorithm = "PBEWithMD5AndTripleDES"
password = "password"
keyObtentionIterations = 1
saltGenerator = new org.jasypt.salt.ZeroSaltGenerator()
}
}
And it will generate the same encrypted values everytime.
Anyone used the JCaptcha grails plugin know if this has a test mode (for use with automated testing, GEB/Selenium), or do I manually have to add a test parameter to my config file and check this in all controllers where the captcha is checked?
Did not find a test mode, but worked around it by defining a test mode variable in the grails config file.
def captchaOK = false
try {
captchaOK = jcaptchaService.validateResponse("captchaImage", session.id, params.captchaText)
}
}
catch(CaptchaServiceException cse) {
captchaOK = false;
}
Was replaced with:
def captchaOK = false
try {
if(grailsApplication.config.capatchaTestMode == true) {
captchaOK = true;
}
else {
captchaOK = jcaptchaService.validateResponse("captchaImage", session.id, params.captchaText)
}
}
catch(CaptchaServiceException cse) {
captchaOK = false;
}