Fix API key auth #2438
Fix API key auth #2438
Conversation
|
|
||
| // Workers check and require that Temporal Server is available during start to fail-fast in case | ||
| // of configuration issues. | ||
| workflowClient.getWorkflowServiceStubs().connect(null); |
There was a problem hiding this comment.
connect was already calling getServerCapabilities but then made a gRPC health check call after which is unnecessary and failed with API keys since it didn't have a namespace
|
|
||
| if (connectionProperties.getApiKey() != null && connectionProperties.getApiKey().isEmpty()) { | ||
| if (connectionProperties.getApiKey() != null && !connectionProperties.getApiKey().isEmpty()) { | ||
| stubsOptionsBuilder.addApiKey(() -> connectionProperties.getApiKey()); |
There was a problem hiding this comment.
With Spring Boot (v1.28.1), for this to work, I have to configure TemporalOptionsCustomizer<WorkflowServiceStubsOptions.Builder> as follows :
@Bean
public TemporalOptionsCustomizer<WorkflowServiceStubsOptions.Builder>
customServiceStubsOptions() {
return optionsBuilder -> {
try {
optionsBuilder.setSslContext(
SimpleSslContextBuilder.noKeyOrCertChain().setUseInsecureTrustManager(false).build());
} catch (SSLException e) {
throw new RuntimeException(e);
}
return optionsBuilder;
};
}To force the use of Java's default Trust Managers. I confess I don't understand why you need to do this (although with Temporal SDK directly I don't need it).
I based this on the configuration used on Quarkus : https://github.com/quarkiverse/quarkus-temporal/blob/6beb65c18520699577eb2682704bb01fc0d81566/extension/runtime/src/main/java/io/quarkiverse/temporal/WorkflowServiceStubsRecorder.java#L88
Without this configuration I have this stacktrace :
2025-03-18T07:09:26.876+01:00 ERROR 69044 --- [ main] o.s.boot.SpringApplication : Application run failed
io.grpc.StatusRuntimeException: UNAVAILABLE: io exception
at io.grpc.stub.ClientCalls.toStatusRuntimeException(ClientCalls.java:268) ~[grpc-stub-1.58.1.jar:1.58.1]
at io.grpc.stub.ClientCalls.getUnchecked(ClientCalls.java:249) ~[grpc-stub-1.58.1.jar:1.58.1]
at io.grpc.stub.ClientCalls.blockingUnaryCall(ClientCalls.java:167) ~[grpc-stub-1.58.1.jar:1.58.1]
at io.temporal.api.workflowservice.v1.WorkflowServiceGrpc$WorkflowServiceBlockingStub.getSystemInfo(WorkflowServiceGrpc.java:6065) ~[temporal-serviceclient-1.28.1.jar:1.28.1]There was a problem hiding this comment.
This is already fixed 48b7223 just not released yet
3 participants
Fix some issues with API key auth: