Use s3mock over https

This works around an issue in aws-sdk-java-v2: aws/aws-sdk-java-v2#4746
espoon-voltti · Jan 2, 2024 · 03cb1f0 · 03cb1f0
1 parent c3c3610
commit 03cb1f0
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 4 deletions.
diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml
@@ -48,7 +48,7 @@ services:
   s3-mock:
     image: adobe/s3mock
     ports:
-    - "9876:9090"
+    - "9876:9191"
     volumes:
     - s3-data:/data
     environment:

diff --git a/service/src/integrationTest/kotlin/fi/espoo/evaka/FullApplicationTest.kt b/service/src/integrationTest/kotlin/fi/espoo/evaka/FullApplicationTest.kt
@@ -15,6 +15,7 @@ import fi.espoo.evaka.emailclient.MockEmailClient
 import fi.espoo.evaka.shared.ApplicationId
 import fi.espoo.evaka.shared.auth.AuthenticatedUser
 import fi.espoo.evaka.shared.auth.asUser
+import fi.espoo.evaka.shared.config.FuelManagerConfig
 import fi.espoo.evaka.shared.config.SharedIntegrationTestConfig
 import fi.espoo.evaka.shared.config.defaultJsonMapperBuilder
 import fi.espoo.evaka.shared.config.getTestDataSource
@@ -52,7 +53,8 @@ abstract class FullApplicationTest(private val resetDbBeforeEach: Boolean) {
     private lateinit var jdbi: Jdbi
 
     /** HTTP client for testing the application */
-    @Autowired protected lateinit var http: FuelManager
+    @Autowired private lateinit var fuelManagerConfig: FuelManagerConfig
+    protected lateinit var http: FuelManager
 
     @Autowired protected lateinit var env: Environment
 
@@ -70,6 +72,7 @@ abstract class FullApplicationTest(private val resetDbBeforeEach: Boolean) {
     @BeforeAll
     fun beforeAll() {
         assert(httpPort > 0)
+        http = fuelManagerConfig.noCertCheckFuelManager()
         http.forceMethods = true // use actual PATCH requests
         http.basePath = "http://localhost:$httpPort/"
         jdbi = configureJdbi(Jdbi.create(getTestDataSource()))

diff --git a/...ce/src/integrationTest/kotlin/fi/espoo/evaka/shared/config/SharedIntegrationTestConfig.kt b/...ce/src/integrationTest/kotlin/fi/espoo/evaka/shared/config/SharedIntegrationTestConfig.kt
@@ -47,11 +47,14 @@ import org.springframework.boot.test.context.TestConfiguration
 import org.springframework.context.annotation.Bean
 import software.amazon.awssdk.auth.credentials.AwsBasicCredentials
 import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider
+import software.amazon.awssdk.core.internal.http.loader.DefaultSdkHttpClientBuilder
+import software.amazon.awssdk.http.SdkHttpConfigurationOption
 import software.amazon.awssdk.regions.Region
 import software.amazon.awssdk.services.s3.S3Client
 import software.amazon.awssdk.services.s3.S3Configuration
 import software.amazon.awssdk.services.s3.model.CreateBucketRequest
 import software.amazon.awssdk.services.s3.presigner.S3Presigner
+import software.amazon.awssdk.utils.AttributeMap
 
 // Hides Closeable interface from Spring, which would close the shared instance otherwise
 class TestDataSource(pool: HikariDataSource) : DataSource by pool
@@ -111,8 +114,13 @@ class SharedIntegrationTestConfig {
 
     @Bean
     fun s3Client(env: BucketEnv): S3Client {
+        val attrs =
+            AttributeMap.builder()
+                .put(SdkHttpConfigurationOption.TRUST_ALL_CERTIFICATES, true)
+                .build()
         val client =
             S3Client.builder()
+                .httpClient(DefaultSdkHttpClientBuilder().buildWithDefaults(attrs))
                 .region(Region.US_EAST_1)
                 .serviceConfiguration(
                     S3Configuration.builder().pathStyleAccessEnabled(true).build()

diff --git a/service/src/main/kotlin/fi/espoo/evaka/shared/config/AwsConfig.kt b/service/src/main/kotlin/fi/espoo/evaka/shared/config/AwsConfig.kt
@@ -13,12 +13,15 @@ import software.amazon.awssdk.auth.credentials.AwsBasicCredentials
 import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider
 import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider
 import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider
+import software.amazon.awssdk.core.internal.http.loader.DefaultSdkHttpClientBuilder
+import software.amazon.awssdk.http.SdkHttpConfigurationOption
 import software.amazon.awssdk.regions.Region
 import software.amazon.awssdk.services.s3.S3Client
 import software.amazon.awssdk.services.s3.S3Configuration
 import software.amazon.awssdk.services.s3.model.CreateBucketRequest
 import software.amazon.awssdk.services.s3.presigner.S3Presigner
 import software.amazon.awssdk.services.ses.SesClient
+import software.amazon.awssdk.utils.AttributeMap
 
 @Configuration
 class AwsConfig {
@@ -30,8 +33,13 @@ class AwsConfig {
     @Bean
     @Profile("local")
     fun amazonS3Local(env: BucketEnv, credentialsProvider: AwsCredentialsProvider): S3Client {
+        val attrs =
+            AttributeMap.builder()
+                .put(SdkHttpConfigurationOption.TRUST_ALL_CERTIFICATES, true)
+                .build()
         val client =
             S3Client.builder()
+                .httpClient(DefaultSdkHttpClientBuilder().buildWithDefaults(attrs))
                 .region(Region.US_EAST_1)
                 .serviceConfiguration(
                     S3Configuration.builder().pathStyleAccessEnabled(true).build()

diff --git a/service/src/main/kotlin/fi/espoo/evaka/shared/config/FuelManagerConfig.kt b/service/src/main/kotlin/fi/espoo/evaka/shared/config/FuelManagerConfig.kt
@@ -59,7 +59,7 @@ class FuelManagerConfig {
             hostnameVerifier = HostnameVerifier { _, _ -> true }
         }
 
-    private fun noCertCheckFuelManager() =
+    fun noCertCheckFuelManager() =
         FuelManager().apply {
             val trustAllCerts =
                 arrayOf<TrustManager>(

diff --git a/service/src/main/resources/application.yaml b/service/src/main/resources/application.yaml
@@ -11,7 +11,7 @@ evaka:
     enabled: true
   max_attachments_per_user: 100
   s3mock:
-    url: "http://localhost:9876"
+    url: "https://localhost:9876"
 
 spring:
   profiles: