Quarkus: S3 AWS Client does not work with quarkus in native mode
After working around a couple minor issues (ie included and setting the HTTP client) it appears that there is still an issue when trying to leverage the AWS S3 client 2.x SDK in Quarkus Native
Expected behavior
When leveraging the S3 client:
SdkHttpClient httpClient = ApacheHttpClient.builder().
maxConnections(50).
build();
S3Client.builder().httpClient(httpClient).build();
I would expect to get a successfully created client to run commands against S3.
Actual behavior
During creation I am getting the following error:
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:89)
at sun.security.validator.Validator.getInstance(Validator.java:181)
at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:300)
at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:176)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:189)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:625)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:460)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:360)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
at sun.security.ssl.TransportContext.dispatch(TransportContext.java:177)
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1151)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
... 60 more
To Reproduce
Steps to reproduce the behavior:
- Create a lambda quarkus project
- Including the following dependencies:
<dependency> <groupId>software.amazon.awssdk</groupId> <artifactId>s3</artifactId> </dependency> <dependency> <groupId>software.amazon.awssdk</groupId> <artifactId>apache-client</artifactId> </dependency> - Create a dynamic-proxies.json with the following:
[ ["org.apache.http.conn.HttpClientConnectionManager", "org.apache.http.pool.ConnPoolControl","software.amazon.awssdk.http.apache.internal.conn.Wrapped"] ] - Create a simple function that tries to connect to S3:
SdkHttpClient httpClient = ApacheHttpClient.builder(). maxConnections(50). build(); S3Client.builder().httpClient(httpClient).build(); - Run a mvn clean package -Pnative
- Run the lambda function leveraging SAM
Configuration
```properties
Add your application.properties here, if applicable.
quarkus.native.additional-build-args =-H:DynamicProxyConfigurationResources=dynamic-proxies.json
Screenshots
(If applicable, add screenshots to help explain your problem.)
Environment (please complete the following information):
- Output of
uname -aorver: - Output of
java -version: - GraalVM version (if different from Java): 19.3.1
- Quarkus version or git rev: 1.2.0.final
- Build tool (ie. output of
mvnw --versionorgradlew --version):
Apache Maven 3.6.0 (97c98ec64a1fdfee7767ce5ffb20918da4f719f3; 2018-10-24T14:41:47-04:00)
Maven home: /Users/weissmi/apps/apache-maven-3.6.0
Java version: 11.0.1, vendor: Oracle Corporation, runtime: /Library/Java/JavaVirtualMachines/openjdk-11.0.1.jdk/Contents/Home
Default locale: en_US, platform encoding: UTF-8
OS name: "mac os x", version: "10.15.3", arch: "x86_64", family: "mac"
Additional context
(Add any other context about the problem here.)
gboro54
All 8 comments
FWIW I have been able to get this working using the URL Connection client instead (faced similar issues with the Apache HTTP client).
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>url-connection-client</artifactId>
</dependency>
reflect-config.json
[
{
"name":"com.sun.xml.internal.stream.XMLInputFactoryImpl",
"methods":[{"name":"<init>","parameterTypes":[] }]
}
]
application.properties (with similar dynamic-proxy.json as you have above):
quarkus.native.additional-build-args=-H:ReflectionConfigurationFiles=reflect-config.json,-H:DynamicProxyConfigurationResources=dynamic-proxy.json
Mine was with SQS, yet S3 client should be similar, I forced the client as below:
client = SqsClient.builder().region(Region.AP_SOUTHEAST_1).httpClient(software.amazon.awssdk.http.urlconnection.UrlConnectionHttpClient.builder().build()).build()
oztimpower
on 14 Mar 2020
Thanks! That seems to work.
gboro54
on 14 Mar 2020
/cc @gsmet
oztimpower
on 19 Mar 2020
I have wrote a very basic Quarkus Extension about it and works fine for me. The extension can be found here .
tpenakov
on 25 Mar 2020
There is S3 client fully quarkified (including support for native), PR #4968 just merged - to be part of 1.5.0
marcinczeczko
on 7 May 2020
Thanks @marcinczeczko I am looking forward to giving it a whirl.
oztimpower
on 7 May 2020
Suggest this one can be closed. A workaround was proven above (which is documented), and now there is the S3 extension.
/cc @geoand
oztimpower
on 27 May 2020
In case someone stumbles on this in the future and has not / can not, upgrade to the 1.5.0 AWS services extensions, be advised that this issue seems related to graal 19.3.1.
Without changing from apache or netty client, I am able compile and run s3 clients in native using 20.0.0 when they fail with the xml issue described above in 19.3.1.
Have not tested 20.1.0.
sherl0cks
on 4 Jun 2020
Related issues
mswiderski
路
3Comments
rodrigofujioka
路
3Comments
Rashmini
路
3Comments
MossabTN
路
3Comments
pipinet
路
3Comments