WSO2 SP, Is there any limitation in JSON event length? - wso2

WSO2 SP 4.3.0 seems not to work with JSON events bigger than 1024 characters. Is there any limitation?
I'm using WSO2 Stream Processor version 4.3.0. I have a Shiddi application deployed using an HTTP source with JSON mapping. Everything works ok as long as the JSON event is less than 1024 characters. If the JSON's lenght is more than 1024 characters, then it looks like SP is splitting the message into several different events, and it fails when trying to parse the JSON content.
It is easy to reproduce using the included samples, "ReceiveHTTPInJsonFormatWithDefaultMapping".
#Source(type = 'http', receiver.url='http://localhost:8006/productionStream', basic.auth.enabled='false',
#map(type='json'))
define stream SweetProductionStream (name string, amount double);
#sink(type='log')
define stream LowProductionAlertStream (name string, amount double);
-- passthrough data in the SweetProductionStream into LowProducitonAlertStream
#info(name='query1')
from SweetProductionStream
select *
insert into LowProductionAlertStream;
Then try to send a small event:
curl -X POST -d "{\"event\": {\"name\":\"sugar\",\"amount\": 20.5}}" http://localhost
:8006/productionStream --header "Content-Type:application/json"
This will work. Then send a long event (more than 1024 characters)
curl -X POST -d "{\"event\": {\"name\":\"sugarlongggggggggggggggggg....gggggg\",\"amount\": 20.5}}" http://localhost
:8006/productionStream --header "Content-Type:application/json"
In the logs you can see:
ERROR {org.wso2.extension.siddhi.map.json.sourcemapper.JsonSourceMapper} - Invalid Json String :{"event": {"name":"sugarlonggggggggggggggggggggggggggggggggggggggggggggggggggggggggg
26/3/2019 20:38:15[2019-03-26 19:38:15,789] ERROR {org.wso2.extension.siddhi.map.json.sourcemapper.JsonSourceMapper} - Invalid Json String :gggggggggggggggggggggggggggggggggggggggggggggggggggggggg","amount": 20.5}}
26/3/2019 20:38:15[2019-03-26 19:38:15,791] ERROR {org.wso2.transport.http.netty.common.Util} - Remote client closed the connection before completing outbound response io.netty.handler.codec.EncoderException: java.lang.IllegalStateException: cannot send more responses than requests
26/3/2019 20:38:15 at io.netty.handler.codec.MessageToMessageEncoder.write(MessageToMessageEncoder.java:106)
26/3/2019 20:38:15 at io.netty.handler.codec.MessageToMessageCodec.write(MessageToMessageCodec.java:116)
26/3/2019 20:38:15 at io.netty.channel.AbstractChannelHandlerContext.invokeWrite0(AbstractChannelHandlerContext.java:738)
26/3/2019 20:38:15 at io.netty.channel.AbstractChannelHandlerContext.invokeWrite(AbstractChannelHandlerContext.java:730)
26/3/2019 20:38:15 at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:816)
26/3/2019 20:38:15 at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:723)
26/3/2019 20:38:15 at io.netty.handler.stream.ChunkedWriteHandler.doFlush(ChunkedWriteHandler.java:304)
26/3/2019 20:38:15 at io.netty.handler.stream.ChunkedWriteHandler.flush(ChunkedWriteHandler.java:137)
26/3/2019 20:38:15 at io.netty.channel.AbstractChannelHandlerContext.invokeFlush0(AbstractChannelHandlerContext.java:776)
26/3/2019 20:38:15 at io.netty.channel.AbstractChannelHandlerContext.invokeFlush(AbstractChannelHandlerContext.java:768)
26/3/2019 20:38:15 at io.netty.channel.AbstractChannelHandlerContext.flush(AbstractChannelHandlerContext.java:749)
26/3/2019 20:38:15 at io.netty.channel.ChannelDuplexHandler.flush(ChannelDuplexHandler.java:117)
26/3/2019 20:38:15 at io.netty.channel.AbstractChannelHandlerContext.invokeFlush0(AbstractChannelHandlerContext.java:776)
26/3/2019 20:38:15 at io.netty.channel.AbstractChannelHandlerContext.invokeWriteAndFlush(AbstractChannelHandlerContext.java:802)
26/3/2019 20:38:15 at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:814)
26/3/2019 20:38:15 at io.netty.channel.AbstractChannelHandlerContext.writeAndFlush(AbstractChannelHandlerContext.java:794)
26/3/2019 20:38:15 at io.netty.channel.AbstractChannelHandlerContext.writeAndFlush(AbstractChannelHandlerContext.java:831)
26/3/2019 20:38:15 at org.wso2.transport.http.netty.contractimpl.HttpOutboundRespListener.writeOutboundResponseHeaderAndBody(HttpOutboundRespListener.java:186)
26/3/2019 20:38:15 at org.wso2.transport.http.netty.contractimpl.HttpOutboundRespListener.writeOutboundResponse(HttpOutboundRespListener.java:138)
26/3/2019 20:38:15 at org.wso2.transport.http.netty.contractimpl.HttpOutboundRespListener.lambda$null$35(HttpOutboundRespListener.java:94)
26/3/2019 20:38:15 at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:163)
26/3/2019 20:38:15 at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:403)
26/3/2019 20:38:15 at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:463)
26/3/2019 20:38:15 at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858)
26/3/2019 20:38:15 at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:138)
26/3/2019 20:38:15 at java.lang.Thread.run(Thread.java:748)
26/3/2019 20:38:15Caused by: java.lang.IllegalStateException: cannot send more responses than requests
26/3/2019 20:38:15 at io.netty.handler.codec.http.HttpContentEncoder.encode(HttpContentEncoder.java:110)
26/3/2019 20:38:15 at io.netty.handler.codec.http.HttpContentEncoder.encode(HttpContentEncoder.java:51)
26/3/2019 20:38:15 at io.netty.handler.codec.MessageToMessageCodec$1.encode(MessageToMessageCodec.java:67)
26/3/2019 20:38:15 at io.netty.handler.codec.MessageToMessageEncoder.write(MessageToMessageEncoder.java:88)
26/3/2019 20:38:15 ... 25 more


It is a known issue and is fixed from the siddhi-io-http-1.0.40.
In order to apply the latest version on your Stream Processor pack, please follow the below steps,
Download siddhi-io-http-1.0.40.jar from the following link.
https://store.wso2.com/store/assets/analyticsextension/details/63a5db75-586e-48d0-8244-4c16774e8846
Replace the existing siddhi-io-http-1.0.39.jar which can be found in the /lib directory with the latest siddhi-io-http-1.0.40.jar.


This issue has been already identified[1] and fixed in the latest version.
In order to apply the latest version to SP, please follow the steps given below.
Download the new version of siddhi-io-http extension from WSO2 Extension Store[2].
Replace the existing siddhi-io-http-x.x.x.jar which is in SP-HOME/lib directory with the above downloaded one.
Restart the server.
[1] https://github.com/wso2-extensions/siddhi-io-http/issues/84
[2] https://store.wso2.com/store/assets/analyticsextension/details/63a5db75-586e-48d0-8244-4c16774e8846

Related

gsutil timeout in every call refreshing access_token

This might be a duplicate but none of the previous answers match my conditions.
I installed gsutil as part of the google-cloud-sdk following https://cloud.google.com/sdk/docs/install. I could configure gcloud properly without errors.
Every time I try to use gsutil, like for example with gsutil -D ls, I get
INFO 0518 14:52:16.412453 base_api.py] Body: (none)
INFO 0518 14:52:16.412517 transport.py] Attempting refresh to obtain initial access_token
DEBUG 0518 14:52:16.412719 multiprocess_file_storage.py] Read credential file
DEBUG 0518 14:52:16.412842 multiprocess_file_storage.py] Read credential file
INFO 0518 14:52:16.412883 reauth_creds.py] Refreshing access_token
INFO 0518 14:53:16.546304 retry_util.py] Retrying request, attempt #1...
DEBUG 0518 14:53:16.546867 http_wrapper.py] Caught socket error, retrying: timed out
DEBUG 0518 14:53:16.547127 http_wrapper.py] Retrying request to url https://storage.googleapis.com/storage/v1/b?alt=blablabla after exception timed out
and more and more of those retries.
I see some users here that experienced the same, for instance this points out to a WAN Blocking setting enabled, that is not my case. Here the OP says that it was a human error regarding proxy settings, but I don't have any
➜ set | grep -i proxy
The same proxy thing seems to have solved it for another OP
In the same question another user says that it might be due to a conflicting ~/.boto config file, so I deleted it and tried, with the same results.
I tried reinstalling google SDK several times with the same result.
I tried configuring gsutil as a standalone application setting gcloud config set pass_credentials_to_gsutil false and running gsutil config. Again, without luck
This user seems to be experiencing my same problem, but he ends up saying that his solution was to restart the shell (exec -l $SHELL) and quitting/reopening the command line and keep trying until it works...
So my question is, does anyone know a reliable non-proxy related way to solve this retrying issue in gsutil?
EDIT 1:
The output of curl -v https://storage.googleapis.com/storage/v1/b is
* Trying 2800:3f0:4002:800::2010:443...
* TCP_NODELAY set
* Trying 172.217.30.240:443...
* TCP_NODELAY set
* Connected to storage.googleapis.com (172.217.30.240) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=California; L=Mountain View; O=Google LLC; CN=*.storage.googleapis.com
* start date: Apr 13 10:15:35 2021 GMT
* expire date: Jul 6 10:15:34 2021 GMT
* subjectAltName: host "storage.googleapis.com" matched cert's "*.googleapis.com"
* issuer: C=US; O=Google Trust Services; CN=GTS CA 1O1
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x564e279b8e10)
> GET /storage/v1/b HTTP/2
> Host: storage.googleapis.com
> user-agent: curl/7.68.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 400
< x-guploader-uploadid: ABg5-Ux5VPhppIWB7G_da1ydkOJWv1BqXepMdpyJDPZ3zbTSRwPoqE44IqaPQMzLvWbSOab0bePewJXiwBXPpus9JDs
< content-type: application/json; charset=UTF-8
< date: Tue, 18 May 2021 19:41:52 GMT
< vary: Origin
< vary: X-Origin
< cache-control: no-cache, no-store, max-age=0, must-revalidate
< expires: Mon, 01 Jan 1990 00:00:00 GMT
< pragma: no-cache
< content-length: 297
< server: UploadServer
< alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
<
{
"error": {
"code": 400,
"message": "Required parameter: project",
"errors": [
{
"message": "Required parameter: project",
"domain": "global",
"reason": "required",
"locationType": "parameter",
"location": "project"
}
]
}
}
* Connection #0 to host storage.googleapis.com left intact
EDIT 2:
The complete output of gsutil -D ls is:
➜ gsutil -D ls
***************************** WARNING *****************************
*** You are running gsutil with debug output enabled.
*** Be aware that debug output includes authentication credentials.
*** Make sure to remove the value of the Authorization header for
*** each HTTP request printed to the console prior to posting to
*** a public medium such as a forum post or Stack Overflow.
***************************** WARNING *****************************
gsutil version: 4.62
checksum: fe14a00285d4702ed626050d0f9ae955 (OK)
boto version: 2.49.0
python version: 3.8.5 (default, Jan 27 2021, 15:41:15) [GCC 9.3.0]
OS: Linux 5.8.0-50-generic
multiprocessing available: True
using cloud sdk: True
pass cloud sdk credentials to gsutil: True
config path(s): /home/username/.config/gcloud/legacy_credentials/username#mail.com/.boto
gsutil path: /home/username/google-cloud-sdk/bin/gsutil
compiled crcmod: False
installed via package manager: False
editable install: False
Command being run: /home/username/google-cloud-sdk/platform/gsutil/gsutil -o GSUtil:default_project_id=default_project -o Credentials:use_client_certificate=False -D ls
config_file_list: ['/home/username/.config/gcloud/legacy_credentials/username#mail.com/.boto']
config: [('working_dir', '/mnt/pyami'), ('debug', '0'), ('https_validate_certificates', 'true'), ('working_dir', '/mnt/pyami'), ('debug', '0'), ('default_project_id', 'default_project')]
DEBUG 0518 17:46:39.910250 multiprocess_file_storage.py] Read credential file
DEBUG 0518 17:46:39.910444 multiprocess_file_storage.py] Read credential file
INFO 0518 17:46:39.910933 base_api.py] Calling method storage.buckets.list with StorageBucketsListRequest: <StorageBucketsListRequest
maxResults: 1000
project: 'default_project'
projection: ProjectionValueValuesEnum(noAcl, 1)>
INFO 0518 17:46:39.911321 base_api.py] Making http GET to https://storage.googleapis.com/storage/v1/b?alt=json&fields=nextPageToken%2Citems%2Fid&maxResults=1000&project=default_project&projection=noAcl
INFO 0518 17:46:39.911495 base_api.py] Headers: {'accept': 'application/json',
'accept-encoding': 'gzip, deflate',
'content-length': '0',
'user-agent': 'apitools Python/3.8.5 gsutil/4.62 (linux) analytics/disabled '
'interactive/True command/ls google-cloud-sdk/341.0.0'}
INFO 0518 17:46:39.911611 base_api.py] Body: (none)
INFO 0518 17:46:39.911687 transport.py] Attempting refresh to obtain initial access_token
DEBUG 0518 17:46:39.911900 multiprocess_file_storage.py] Read credential file
DEBUG 0518 17:46:39.912035 multiprocess_file_storage.py] Read credential file
INFO 0518 17:46:39.912081 reauth_creds.py] Refreshing access_token
INFO 0518 17:47:40.014159 retry_util.py] Retrying request, attempt #1...
DEBUG 0518 17:47:40.014368 http_wrapper.py] Caught socket error, retrying: timed out
DEBUG 0518 17:47:40.014440 http_wrapper.py] Retrying request to url https://storage.googleapis.com/storage/v1/b?alt=json&fields=nextPageToken%2Citems%2Fid&maxResults=1000&project=default_project&projection=noAcl after exception timed out
INFO 0518 17:47:41.531516 transport.py] Attempting refresh to obtain initial access_token
DEBUG 0518 17:47:41.532971 multiprocess_file_storage.py] Read credential file
DEBUG 0518 17:47:41.533422 multiprocess_file_storage.py] Read credential file
INFO 0518 17:47:41.533568 reauth_creds.py] Refreshing access_token
INFO 0518 17:48:41.590354 retry_util.py] Retrying request, attempt #2...
DEBUG 0518 17:48:41.590671 http_wrapper.py] Caught socket error, retrying: timed out
DEBUG 0518 17:48:41.590815 http_wrapper.py] Retrying request to url https://storage.googleapis.com/storage/v1/b?alt=json&fields=nextPageToken%2Citems%2Fid&maxResults=1000&project=default_project&projection=noAcl after exception timed out
INFO 0518 17:48:46.107598 transport.py] Attempting refresh to obtain initial access_token
DEBUG 0518 17:48:46.108518 multiprocess_file_storage.py] Read credential file
DEBUG 0518 17:48:46.108928 multiprocess_file_storage.py] Read credential file
INFO 0518 17:48:46.109037 reauth_creds.py] Refreshing access_token
^CDEBUG: Exception stack trace:
NoneType: None
DEBUG: Caught CTRL-C (signal 2) - Exception stack trace:
File "/home/username/google-cloud-sdk/platform/gsutil/gsutil", line 21, in <module>
gsutil.RunMain()
File "/home/username/google-cloud-sdk/platform/gsutil/gsutil.py", line 122, in RunMain
sys.exit(gslib.__main__.main())
File "/home/username/google-cloud-sdk/platform/gsutil/gslib/__main__.py", line 435, in main
return _RunNamedCommandAndHandleExceptions(
File "/home/username/google-cloud-sdk/platform/gsutil/gslib/__main__.py", line 631, in _RunNamedCommandAndHandleExceptions
return command_runner.RunNamedCommand(command_name,
File "/home/username/google-cloud-sdk/platform/gsutil/gslib/command_runner.py", line 410, in RunNamedCommand
return_code = command_inst.RunCommand()
File "/home/username/google-cloud-sdk/platform/gsutil/gslib/commands/ls.py", line 568, in RunCommand
for blr in self.WildcardIterator(
File "/home/username/google-cloud-sdk/platform/gsutil/gslib/wildcard_iterator.py", line 484, in IterBuckets
for blr in self._ExpandBucketWildcards(bucket_fields=bucket_fields):
File "/home/username/google-cloud-sdk/platform/gsutil/gslib/wildcard_iterator.py", line 400, in _ExpandBucketWildcards
for bucket in self.gsutil_api.ListBuckets(
File "/home/username/google-cloud-sdk/platform/gsutil/gslib/gcs_json_api.py", line 703, in ListBuckets
bucket_list = self.api_client.buckets.List(apitools_request,
File "/home/username/google-cloud-sdk/platform/gsutil/gslib/third_party/storage_apitools/storage_v1_client.py", line 362, in List
return self._RunMethod(
File "/home/username/google-cloud-sdk/platform/gsutil/third_party/apitools/apitools/base/py/base_api.py", line 734, in _RunMethod
http_response = http_wrapper.MakeRequest(
File "/home/username/google-cloud-sdk/platform/gsutil/third_party/apitools/apitools/base/py/http_wrapper.py", line 348, in MakeRequest
return _MakeRequestNoRetry(
File "/home/username/google-cloud-sdk/platform/gsutil/third_party/apitools/apitools/base/py/http_wrapper.py", line 397, in _MakeRequestNoRetry
info, content = http.request(
File "/home/username/google-cloud-sdk/platform/gsutil/gslib/vendored/oauth2client/oauth2client/transport.py", line 159, in new_request
credentials._refresh(orig_request_method)
File "/home/username/google-cloud-sdk/platform/gsutil/gslib/vendored/oauth2client/oauth2client/client.py", line 761, in _refresh
self._do_refresh_request(http)
File "/home/username/google-cloud-sdk/platform/gsutil/third_party/google-reauth-python/google_reauth/reauth_creds.py", line 112, in _do_refresh_request
self._update(*reauth.refresh_access_token(
File "/home/username/google-cloud-sdk/platform/gsutil/third_party/google-reauth-python/google_reauth/reauth.py", line 267, in refresh_access_token
response, content = _reauth_client.refresh_grant(
File "/home/username/google-cloud-sdk/platform/gsutil/third_party/google-reauth-python/google_reauth/_reauth_client.py", line 147, in refresh_grant
response, content = http_request(
File "/home/username/google-cloud-sdk/platform/gsutil/third_party/google-reauth-python/google_reauth/reauth_creds.py", line 105, in http_request
response, content = transport.request(
File "/home/username/google-cloud-sdk/platform/gsutil/gslib/vendored/oauth2client/oauth2client/transport.py", line 280, in request
return http_callable(uri, method=method, body=body, headers=headers,
File "/home/username/google-cloud-sdk/platform/gsutil/third_party/httplib2/python3/httplib2/__init__.py", line 1985, in request
(response, content) = self._request(
File "/home/username/google-cloud-sdk/platform/gsutil/third_party/httplib2/python3/httplib2/__init__.py", line 1650, in _request
(response, content) = self._conn_request(
File "/home/username/google-cloud-sdk/platform/gsutil/third_party/httplib2/python3/httplib2/__init__.py", line 1557, in _conn_request
conn.connect()
File "/home/username/google-cloud-sdk/platform/gsutil/third_party/httplib2/python3/httplib2/__init__.py", line 1324, in connect
sock.connect((self.host, self.port))
File "/home/username/google-cloud-sdk/platform/gsutil/gslib/sig_handling.py", line 92, in _SignalHandler
_final_signal_handlers[signal_num](signal_num, cur_stack_frame)
File "/home/username/google-cloud-sdk/platform/gsutil/gslib/__main__.py", line 519, in _HandleControlC
stack_trace = ''.join(traceback.format_list(traceback.extract_stack()))

I have the same exact error, and I found out that its due to my machine resolving hosts into ipv6 which causes timeouts, so in ubuntu I just have to disable ipv6 and restart, after that YAY! it works now I can gsutil.
for some other to encounter same issue try doing this. :)

After giving up on this I decided to reinstall one last time the whole google-cloud-sdk suite, but this time using the snap version. Installing it via snap solved the issue for me. I think this points to some issue with my environment that was bypassed thanks to the snap containerization.
So no clear answer here, but if anyone is experiencing the same problem giving a chance to snap may solve the issue as it did for me

Unable to mount S3 on EC2 using RIOFS - HTTP error: 400 (Bad Request)

I am trying to mount S3 bucket on AWS EC2 instance using RIOFS. I am unsuccessful.
Here is the logs
12:47:53 [main] (main main.c:753) Using config file: /home/ubuntu/.config/riofs/riofs.conf.xml
12:47:53 [con] (http_connection_init http_connection.c:79) [con: 0x561ff22c2be0] Connecting to s3.amazonaws.com:80
12:47:53 [con] (http_connection_make_request http_connection.c:814) [con: 0x561ff22c2be0] GET /csv-test/?acl bucket: csv-test, host: s3.amazonaws.com, out_len: 0
12:47:53 [con] (http_connection_on_response_cb http_connection.c:464) [con: 0x561ff22c2be0] Got HTTP response from server! (160msec)
12:47:53 [con] (http_connection_on_response_cb http_connection.c:544) [con: 0x561ff22c2be0] New URL: csv-test.s3.amazonaws.com
12:47:53 [con] (http_connection_init http_connection.c:79) [con: 0x561ff22c2be0] Connecting to csv-test.s3.amazonaws.com:80
12:47:53 [con] (http_connection_on_close http_connection.c:196) [con: 0x561ff22c2be0] Connection closed !
12:47:53 [con] (http_connection_make_request http_connection.c:814) [con: 0x561ff22c2be0] GET /?acl bucket: csv-test, host: csv-test.s3.amazonaws.com, out_len: 0
12:47:53 [con] (http_connection_on_close http_connection.c:196) [con: 0x561ff22c2be0] Connection closed !
12:47:53 [con] (http_connection_on_response_cb http_connection.c:464) [con: 0x561ff22c2be0] Got HTTP response from server! (9msec)
12:47:53 [con] (http_connection_on_response_cb http_connection.c:591) [con: 0x561ff22c2be0] Server returned HTTP error: 400 (Bad Request). AWS message: The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.
12:47:53 [con] (http_connection_on_response_cb http_connection.c:602) [con: 0x561ff22c2be0] Server returned HTTP error: 400 (Bad Request)! Retry ID: 1 of 20
Is there a way to enable the use of AWS4-HMAC-SHA256 in RIOFS connection. I am trying this in Frankfurt eu-central-1 and also in London eu-west-2 and unsuccessful in both the regions.
I also tried using s3fs and ended with unable to access bucket error but couldn't get detailed logs like riofs which pointed out the actual error.

AWS4-HMAC-SHA256 is Signature Version 4 and only few regions support it. I tested this against Frankfurt eu-central-1 and London eu-west-2. Both these region doesn't work. It works only on US-EAST-1 N. Virginia region.
I could successfully mount the S3 bucket created on us-east-1 on EC2.

Unable to execute HTTP request: Connect to localhost:4583 for SSM

I run localstack in docker at macOS(Mojave). I can use some other services like s3, DynamoDb, SQS; but I am unable to use SSM.
I tried with aws-cli with command
aws --endpoint-url=http://localhost:4583 --region ap-souteast-1 ssm put-parameter --name dev-param --value df00a020-4937-47be-8ec8-e2a25f45ae2a --type String --overwrite
response I got
Could not connect to the endpoint URL: "http://localhost:4583/"
I tried with java sdk
public SsmService() {
this.ssmClient = AWSSimpleSystemsManagementClientBuilder.standard()
.withEndpointConfiguration( new AwsClientBuilder.EndpointConfiguration(SSM_ENDPOINT,REGION))
.withCredentials(new AWSStaticCredentialsProvider(new BasicAWSCredentials("key", "key")))
.build();
}
public void saveParam(String paramName, String paramValue,boolean overWrite) {
try {
PutParameterRequest putParameterRequest = new PutParameterRequest();
putParameterRequest.setName(paramName);
putParameterRequest.setValue(paramValue);
putParameterRequest.setOverwrite(overWrite);
putParameterRequest.setType("String");
var result = ssmClient.putParameter(putParameterRequest);
System.out.println("result = " + result.toString());
} catch (Exception e) {
e.printStackTrace();
}
}
new SsmService().saveParam("dev-kms-key-id","df00a020-4937-47be-8ec8-e2a25f45ae2a",true);
yet again I got error
com.amazonaws.SdkClientException: Unable to execute HTTP request: Connect to localhost:4583 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused (Connection refused)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleRetryableException(AmazonHttpClient.java:1175)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1121)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:770)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:744)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:726)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:686)
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:668)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:532)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:512)
at com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagementClient.doInvoke(AWSSimpleSystemsManagementClient.java:8446)
at com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagementClient.invoke(AWSSimpleSystemsManagementClient.java:8413)
at com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagementClient.invoke(AWSSimpleSystemsManagementClient.java:8402)
at com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagementClient.executePutParameter(AWSSimpleSystemsManagementClient.java:6626)
at com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagementClient.putParameter(AWSSimpleSystemsManagementClient.java:6598)
at com.bkash.rnd.ssm.SsmService.saveParam(SsmService.java:38)
at com.bkash.rnd.LocalstactAwsApplication.main(LocalstactAwsApplication.java:70)
Caused by: org.apache.http.conn.HttpHostConnectException: Connect to localhost:4583 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused (Connection refused)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:156)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at com.amazonaws.http.conn.ClientConnectionManagerFactory$Handler.invoke(ClientConnectionManagerFactory.java:76)
at com.amazonaws.http.conn.$Proxy51.connect(Unknown Source)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
at com.amazonaws.http.apache.client.impl.SdkHttpClient.execute(SdkHttpClient.java:72)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1297)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1113)
... 14 more
Caused by: java.net.ConnectException: Connection refused (Connection refused)
at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:403)
at java.base/java.net.Socket.connect(Socket.java:591)
at org.apache.http.conn.socket.PlainConnectionSocketFactory.connectSocket(PlainConnectionSocketFactory.java:75)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
... 30 more
It would be very helpful to know how this issue can be resolved and be able to establish connection at localhost:4583

Make sure you are mapping the ports correctly while starting localstack. for example you can use -p4583:4583 to map the ports of your container and host

AWS ACM verified ALB SSL issue

I have used HTTPS for AWS Application Load Balancer listener by using ACM certificate.
I requested the public certificate for a subdomain from ACM: test.example.com and create a CNAME in route 53 for it:
Name: _xxxxxxxxxxx.test.example.com
Type: CNAME
Value: xxxxxx.xxx.acm-validations.aws.
I can use the DNS of ALB (xxxx.us-east-1.elb.amazonaws.com) to call the API successfully in POSTMAN, however, when I use python requests or cURL to call the same API, it will always tell me there is some issue with the SSL.
cURL:
Code:
curl -X POST \
https://xxxxx.us-east-1.elb.amazonaws.com/prod/testapi \
-H 'Content-Type: application/json' \
-H 'cache-control: no-cache' \
-d '{
"paras1": "xxxxx"
}'
Error:
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=test.example.com
* start date: Nov 11 00:00:00 2018 GMT
* expire date: Dec 11 12:00:00 2019 GMT
* subjectAltName does not match xxxx.us-east-1.elb.amazonaws.com
* SSL: no alternative certificate subject name matches target host name 'xxxx.us-east-1.elb.amazonaws.com'
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):
curl: (51) SSL: no alternative certificate subject name matches target host name 'xxxx.us-east-1.elb.amazonaws.com'
Python Requests:
Code:
import requests
url = "https://xxxxx.us-east-1.elb.amazonaws.com/prod/testapi"
payload = "{\"paras1\": \"xxxxx\"}"
headers = {
'Content-Type': "application/json",
'cache-control': "no-cache"
}
response = requests.request("POST", url, data=payload, headers=headers)
print(response.text)
Error:
HTTPSConnectionPool(host='xxxx.us-east-1.elb.amazonaws.com', port=443):
Max retries exceeded with url: /prod/testapi
(Caused by SSLError(CertificateError("hostname 'xxxx.us-east-1.elb.amazonaws.com' doesn't match 'test.example.com'",),))

I can use the DNS of ALB (xxxx.us-east-1.elb.amazonaws.com)
That isn't how this is designed to work. You need to point test.example.com to the ELB in DNS, and then:
url = "https://test.example.com/prod/testapi"

Clearly, you call xxxx.us-east-1.elb.amazonaws.com which is set up with a certificate for test.example.com. Despite the certificate may be valid it does not match the URL you are calling which means that the certificate is NOT valid for THIS call. I think you also must set a custom domain for the API gateway. https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html
Edit: thanks for the comment. I am not sure how I read "elb" as an api gateway. My fault. Still the DNS for the ELB has to match the one in the certificat. You can create a CNAME from your domain to the ELB domain. This should work (at least this is how we do that).

Soap WS Connection refused

I'm trying to connect to a SOAP webserver, I was given a certificate but I get the below exception.
I did:
$openssl pkcs12 -in cert.pfx -out certificate.cer -nodes
$keytool -import -alias webserver -file certificate.cer
Certificate was added to keystore
I have a junit test that calls the remote server with these JVM options:
-ea -Djavax.net.debug=all -Dcom.sun.xml.ws.transport.http.client.HttpTransportPipe.dump=true
-Dcom.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.dump=true
-Dcom.sun.xml.ws.transport.http.HttpAdapter.dump=true
-Dcom.sun.xml.internal.ws.transport.http.HttpAdapter.dump=true
-Djavax.net.ssl.trustStore=certificate.cer
-Djavax.net.ssl.trustStoreType=PEM
-Djavax.net.ssl.trustStorePassword=pwd
-Djavax.net.ssl.keyStore=certificate.cer
-Djavax.net.ssl.keyStoreType=PEM
-Djavax.net.ssl.keyStorePassword=pwd
the remote call is done using:
authenticationService.getAuthenticationServiceSoap().authenticateWithPasswordAuth(clientId, username, password);
where the client I'm using has got these annotations:
#WebServiceClient
public class AuthenticationService extends Service {
and
#WebEndpoint(name = "AuthenticationServiceSoap")
public AuthenticationServiceSoap getAuthenticationServiceSoap()
I don't do anything else code wise, and I get the below Exception:
I don't even understand if java is trying to use https or no.
---[HTTP request - http://..../Soap/AuthenticationService.asmx]--- Accept: [text/xml, multipart/related] Content-Type: [text/xml;
charset=utf-8] SOAPAction:
["http://....../AuthenticateWithPasswordAuth"] User-Agent: [JAX-WS RI
2.2.4-b01]
Caused by: java.net.ConnectException: Connection refused at
java.net.PlainSocketImpl.socketConnect(Native Method) at
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at
java.net.Socket.connect(Socket.java:579) at
java.net.Socket.connect(Socket.java:528) at
sun.net.NetworkClient.doConnect(NetworkClient.java:180) at
sun.net.www.http.HttpClient.openServer(HttpClient.java:432) at
sun.net.www.http.HttpClient.openServer(HttpClient.java:527) at
sun.net.www.http.HttpClient.(HttpClient.java:211) at
sun.net.www.http.HttpClient.New(HttpClient.java:308) at
sun.net.www.http.HttpClient.New(HttpClient.java:326) at
sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:997)
at
sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:976)
at
sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:851)
at
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1092)
at
com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:105)