Quarkus: Is there a way to make SSL work with amazon-lambda-http ?

Created on 5 Dec 2019  路  3Comments  路  Source: quarkusio/quarkus

Hello,

I would like to create a AWS lambda that calls other services with https protocol.
I would like to know how to embed the sunec library in the lambda and reproduce the options
-Djava.library.path=/work/lib", "-Djavax.net.ssl.trustStore=/work/cacerts" explained here https://quarkus.io/guides/native-and-ssl in the context of a AWS lambda.

Thanks a lot.

areamazon-lambda triagout-of-date
Source
picture jbourbo

Most helpful comment

Hi,

I have the same issue. My current solution is to modify the assembly to include the necessary files and use a custom bootstrap script. Additionally I had to add many things to proxy and reflection configuration for GraalVM depending on the services used. I wonder if there is an easier approach or if we need to wait for the rewrite of the AWS plugins.

<assembly xmlns="http://maven.apache.org/ASSEMBLY/2.0.0"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                    xsi:schemaLocation="http://maven.apache.org/ASSEMBLY/2.0.0 http://maven.apache.org/xsd/assembly-2.0.0.xsd">
    <id>lambda-package</id>
    <formats>
        <format>zip</format>
    </formats>
    <includeBaseDirectory>false</includeBaseDirectory>
    <files>
        <file>
            <source>${project.build.directory}${file.separator}${artifactId}-${version}-runner</source>
            <outputDirectory>/</outputDirectory>
            <destName>server</destName>
            <fileMode>755</fileMode>
        </file>
        <file>
            <source>${project.build.scriptSourceDirectory}${file.separator}bootstrap</source>
            <outputDirectory>/</outputDirectory>
            <destName>bootstrap</destName>
            <fileMode>755</fileMode>
        </file>
        <file>
            <source>${env.GRAALVM_HOME}${file.separator}jre${file.separator}lib${file.separator}security${file.separator}cacerts</source>
            <outputDirectory>/</outputDirectory>
        </file>
        <file>
            <source>${env.GRAALVM_HOME}${file.separator}jre${file.separator}lib${file.separator}amd64${file.separator}libsunec.so</source>
            <outputDirectory>/</outputDirectory>
        </file>
    </files>
</assembly>

#!/bin/sh
set -euo pipefail

cd $LAMBDA_TASK_ROOT

./server -Djavax.net.ssl.trustStore=cacerts \
    -Djavax.net.ssl.trustAnchors=cacerts \
    -Djavax.net.ssl.trustStorePassword=changeit
picture pschyma on 6 Dec 2019
👍9

All 3 comments

Hi,

I have the same issue. My current solution is to modify the assembly to include the necessary files and use a custom bootstrap script. Additionally I had to add many things to proxy and reflection configuration for GraalVM depending on the services used. I wonder if there is an easier approach or if we need to wait for the rewrite of the AWS plugins.

<assembly xmlns="http://maven.apache.org/ASSEMBLY/2.0.0"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                    xsi:schemaLocation="http://maven.apache.org/ASSEMBLY/2.0.0 http://maven.apache.org/xsd/assembly-2.0.0.xsd">
    <id>lambda-package</id>
    <formats>
        <format>zip</format>
    </formats>
    <includeBaseDirectory>false</includeBaseDirectory>
    <files>
        <file>
            <source>${project.build.directory}${file.separator}${artifactId}-${version}-runner</source>
            <outputDirectory>/</outputDirectory>
            <destName>server</destName>
            <fileMode>755</fileMode>
        </file>
        <file>
            <source>${project.build.scriptSourceDirectory}${file.separator}bootstrap</source>
            <outputDirectory>/</outputDirectory>
            <destName>bootstrap</destName>
            <fileMode>755</fileMode>
        </file>
        <file>
            <source>${env.GRAALVM_HOME}${file.separator}jre${file.separator}lib${file.separator}security${file.separator}cacerts</source>
            <outputDirectory>/</outputDirectory>
        </file>
        <file>
            <source>${env.GRAALVM_HOME}${file.separator}jre${file.separator}lib${file.separator}amd64${file.separator}libsunec.so</source>
            <outputDirectory>/</outputDirectory>
        </file>
    </files>
</assembly>

#!/bin/sh
set -euo pipefail

cd $LAMBDA_TASK_ROOT

./server -Djavax.net.ssl.trustStore=cacerts \
    -Djavax.net.ssl.trustAnchors=cacerts \
    -Djavax.net.ssl.trustStorePassword=changeit
pschyma picture pschyma on 6 Dec 2019
👍9

Nice approach @pschyma, it works for me.

Besides it, I was having a problem with libsunec.so file version. I'm using MacOS, and I was trying to package de Lambda with different versions of libsunec.so for Linux. And finally, my Lambda works with the libsunec.so file from the OpenJ9 version

stachera picture stachera on 9 Dec 2019

Please close. It predates updates to the Amazon Lambda extension, and documentation.

/cc @geoand

oztimpower picture oztimpower on 27 May 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

enbohm picture enbohm  路  3Comments
mswiderski picture mswiderski  路  3Comments
ge0ffrey picture ge0ffrey  路  3Comments
gsmet picture gsmet  路  3Comments
emmanuelbernard picture emmanuelbernard  路  3Comments