2

I configured my gcloud in local and was able to connect to gcp secrets manager. My springboot project worked fine. I tried to build a docker Image of the same app and tried to run the image in google cloud cli. I am getting the error shown below. I am using Google Secrets Manager for storing secrets and access it. I am trying to avoid the hard coded key in my docker image and trying to configure the Instance I am using to run docker Image with gcloud to access the secrets. I started with gcloud cli itself and faced this error on docker run. Please help me understand Where I went wrong.

pictarise_user@cloudshell:~ (picta-rise)$ docker run pictarise1.jfrog.io/pictarise-docker-local/pictaserv:v0.0.1
2022-06-01 04:16:04.976  INFO 1 --- [           main] c.g.c.s.core.DefaultCredentialsProvider  : Default credentials provider for Google Compute Engine.
2022-06-01 04:16:04.980  INFO 1 --- [           main] c.g.c.s.core.DefaultCredentialsProvider  : Scopes in use by default credentials: [https://www.googleapis.com/auth/cloud-platform]
2022-06-01 04:16:06.404  WARN 1 --- [           main] s.c.a.AnnotationConfigApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'secretManagerClient' defined in class path resource [com/google/cloud/spring/autoconfigure/secretmanager/GcpSecretManagerBootstrapConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.google.cloud.secretmanager.v1.SecretManagerServiceClient]: Factory method 'secretManagerClient' threw exception; nested exception is java.lang.NoClassDefFoundError: com/google/auth/Retryable
2022-06-01 04:16:06.412  INFO 1 --- [           main] ConditionEvaluationReportLoggingListener :

Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2022-06-01 04:16:06.458 ERROR 1 --- [           main] o.s.boot.SpringApplication               : Application run failed

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'secretManagerClient' defined in class path resource [com/google/cloud/spring/autoconfigure/secretmanager/GcpSecretManagerBootstrapConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.google.cloud.secretmanager.v1.SecretManagerServiceClient]: Factory method 'secretManagerClient' threw exception; nested exception is java.lang.NoClassDefFoundError: com/google/auth/Retryable
        at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:658) ~[spring-beans-5.3.18.jar!/:5.3.18]
        at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:638) ~[spring-beans-5.3.18.jar!/:5.3.18]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1352) ~[spring-beans-5.3.18.jar!/:5.3.18]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1195) ~[spring-beans-5.3.18.jar!/:5.3.18]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:582) ~[spring-beans-5.3.18.jar!/:5.3.18]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:542) ~[spring-beans-5.3.18.jar!/:5.3.18]
        at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335) ~[spring-beans-5.3.18.jar!/:5.3.18]
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234) ~[spring-beans-5.3.18.jar!/:5.3.18]
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333) ~[spring-beans-5.3.18.jar!/:5.3.18]
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208) ~[spring-beans-5.3.18.jar!/:5.3.18]
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:953) ~[spring-beans-5.3.18.jar!/:5.3.18]
        at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:918) ~[spring-context-5.3.18.jar!/:5.3.18]
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:583) ~[spring-context-5.3.18.jar!/:5.3.18]
        at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:740) ~[spring-boot-2.6.6.jar!/:2.6.6]
        at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:415) ~[spring-boot-2.6.6.jar!/:2.6.6]
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:303) ~[spring-boot-2.6.6.jar!/:2.6.6]
        at org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:164) ~[spring-boot-2.6.6.jar!/:2.6.6]
        at org.springframework.cloud.bootstrap.BootstrapApplicationListener.bootstrapServiceContext(BootstrapApplicationListener.java:195) ~[spring-cloud-context-3.1.1.jar!/:3.1.1]
        at org.springframework.cloud.bootstrap.BootstrapApplicationListener.onApplicationEvent(BootstrapApplicationListener.java:114) ~[spring-cloud-context-3.1.1.jar!/:3.1.1]
        at org.springframework.cloud.bootstrap.BootstrapApplicationListener.onApplicationEvent(BootstrapApplicationListener.java:77) ~[spring-cloud-context-3.1.1.jar!/:3.1.1]
        at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:176) ~[spring-context-5.3.18.jar!/:5.3.18]
        at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:169) ~[spring-context-5.3.18.jar!/:5.3.18]
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:143) ~[spring-context-5.3.18.jar!/:5.3.18]
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:131) ~[spring-context-5.3.18.jar!/:5.3.18]
        at org.springframework.boot.context.event.EventPublishingRunListener.environmentPrepared(EventPublishingRunListener.java:85) ~[spring-boot-2.6.6.jar!/:2.6.6]
        at org.springframework.boot.SpringApplicationRunListeners.lambda$environmentPrepared$2(SpringApplicationRunListeners.java:66) ~[spring-boot-2.6.6.jar!/:2.6.6]
        at java.base/java.util.ArrayList.forEach(ArrayList.java:1541) ~[na:na]
        at org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:120) ~[spring-boot-2.6.6.jar!/:2.6.6]
        at org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:114) ~[spring-boot-2.6.6.jar!/:2.6.6]
        at org.springframework.boot.SpringApplicationRunListeners.environmentPrepared(SpringApplicationRunListeners.java:65) ~[spring-boot-2.6.6.jar!/:2.6.6]
        at org.springframework.boot.SpringApplication.prepareEnvironment(SpringApplication.java:339) ~[spring-boot-2.6.6.jar!/:2.6.6]
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:297) ~[spring-boot-2.6.6.jar!/:2.6.6]
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:1312) ~[spring-boot-2.6.6.jar!/:2.6.6]
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:1301) ~[spring-boot-2.6.6.jar!/:2.6.6]
        at com.pictarise.main.PictaRiseMonoApplication.main(PictaRiseMonoApplication.java:10) ~[classes!/:0.0.1-SNAPSHOT]
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
        at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
        at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49) ~[PictaRiseMono-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:108) ~[PictaRiseMono-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:58) ~[PictaRiseMono-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
        at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:88) ~[PictaRiseMono-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.google.cloud.secretmanager.v1.SecretManagerServiceClient]: Factory method 'secretManagerClient' threw exception; nested exception is java.lang.NoClassDefFoundError: com/google/auth/Retryable
        at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185) ~[spring-beans-5.3.18.jar!/:5.3.18]
        at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:653) ~[spring-beans-5.3.18.jar!/:5.3.18]
        ... 42 common frames omitted
Caused by: java.lang.NoClassDefFoundError: com/google/auth/Retryable
        at java.base/java.lang.ClassLoader.defineClass1(Native Method) ~[na:na]
        at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1017) ~[na:na]
        at java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:174) ~[na:na]
        at java.base/java.net.URLClassLoader.defineClass(URLClassLoader.java:555) ~[na:na]
        at java.base/java.net.URLClassLoader$1.run(URLClassLoader.java:458) ~[na:na]
        at java.base/java.net.URLClassLoader$1.run(URLClassLoader.java:452) ~[na:na]
        at java.base/java.security.AccessController.doPrivileged(Native Method) ~[na:na]
        at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:451) ~[na:na]
        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:589) ~[na:na]
        at org.springframework.boot.loader.LaunchedURLClassLoader.loadClass(LaunchedURLClassLoader.java:151) ~[PictaRiseMono-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522) ~[na:na]
        at java.base/java.lang.Class.getDeclaredMethods0(Native Method) ~[na:na]
        at java.base/java.lang.Class.privateGetDeclaredMethods(Class.java:3166) ~[na:na]
        at java.base/java.lang.Class.getMethodsRecursive(Class.java:3307) ~[na:na]
        at java.base/java.lang.Class.getMethod0(Class.java:3293) ~[na:na]
        at java.base/java.lang.Class.getMethod(Class.java:2106) ~[na:na]
        at io.grpc.auth.GoogleAuthLibraryCallCredentials$JwtHelper.<init>(GoogleAuthLibraryCallCredentials.java:273) ~[grpc-auth-1.35.0.jar!/:1.35.0]
        at io.grpc.auth.GoogleAuthLibraryCallCredentials.createJwtHelperOrNull(GoogleAuthLibraryCallCredentials.java:220) ~[grpc-auth-1.35.0.jar!/:1.35.0]
        at io.grpc.auth.GoogleAuthLibraryCallCredentials.<clinit>(GoogleAuthLibraryCallCredentials.java:53) ~[grpc-auth-1.35.0.jar!/:1.35.0]
        at io.grpc.auth.MoreCallCredentials.from(MoreCallCredentials.java:35) ~[grpc-auth-1.35.0.jar!/:1.35.0]
        at com.google.api.gax.grpc.GrpcCallContext.withCredentials(GrpcCallContext.java:131) ~[gax-grpc-1.60.1.jar!/:1.60.1]
        at com.google.api.gax.grpc.GrpcCallContext.withCredentials(GrpcCallContext.java:64) ~[gax-grpc-1.60.1.jar!/:1.60.1]
        at com.google.api.gax.rpc.ClientContext.create(ClientContext.java:174) ~[gax-1.60.1.jar!/:1.60.1]
        at com.google.cloud.secretmanager.v1.stub.GrpcSecretManagerServiceStub.create(GrpcSecretManagerServiceStub.java:250) ~[google-cloud-secretmanager-1.2.8.jar!/:1.2.8]
        at com.google.cloud.secretmanager.v1.stub.SecretManagerServiceStubSettings.createStub(SecretManagerServiceStubSettings.java:343) ~[google-cloud-secretmanager-1.2.8.jar!/:1.2.8]
        at com.google.cloud.secretmanager.v1.SecretManagerServiceClient.<init>(SecretManagerServiceClient.java:144) ~[google-cloud-secretmanager-1.2.8.jar!/:1.2.8]
        at com.google.cloud.secretmanager.v1.SecretManagerServiceClient.create(SecretManagerServiceClient.java:125) ~[google-cloud-secretmanager-1.2.8.jar!/:1.2.8]
        at com.google.cloud.spring.autoconfigure.secretmanager.GcpSecretManagerBootstrapConfiguration.secretManagerClient(GcpSecretManagerBootstrapConfiguration.java:78) ~[spring-cloud-gcp-autoconfigure-3.2.0.jar!/:3.2.0]
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
        at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
        at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154) ~[spring-beans-5.3.18.jar!/:5.3.18]
        ... 43 common frames omitted
Caused by: java.lang.ClassNotFoundException: com.google.auth.Retryable
        at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:476) ~[na:na]
        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:589) ~[na:na]
        at org.springframework.boot.loader.LaunchedURLClassLoader.loadClass(LaunchedURLClassLoader.java:151) ~[PictaRiseMono-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522) ~[na:na]
        ... 76 common frames omitted

2022-06-01 04:16:06.478 ERROR 1 --- [           main] o.s.boot.SpringApplication               : Application run failed

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'secretManagerClient' defined in class path resource [com/google/cloud/spring/autoconfigure/secretmanager/GcpSecretManagerBootstrapConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.google.cloud.secretmanager.v1.SecretManagerServiceClient]: Factory method 'secretManagerClient' threw exception; nested exception is java.lang.NoClassDefFoundError: com/google/auth/Retryable
        at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:658) ~[spring-beans-5.3.18.jar!/:5.3.18]
        at 
...
Pictarise User
  • 31
  • 4

2 Answers2

1

Adding this dependency to POM.xml cleared the issue

<dependency>
        <groupId>com.google.auth</groupId>
        <artifactId>google-auth-library-credentials</artifactId>
        <version>1.7.0</version>
    </dependency>
Pictarise User
  • 31
  • 4
0

Your SpringBoot application doesn't have access to the credentials that you have configured locally from inside the docker image. Therefore it is failing to authenticate against the google cloud API.

To fix this, you need to create a service account as described here. This service account need to have all the permissions required to access the secrets on the GCP. Then create keys from that service account (in JSON format) as described here. These keys need to be mounted into the docker image.

Last but not least you need to set the environment variable GOOGLE_APPLICATION_CREDENTIALS as described here inside the docker image and point it to the path to the JSON keyfile inside the docker image.

Randy
  • 1,299
  • 2
  • 10
  • 23
  • still not able to start . I am trying to avoid having the harcoded json key inside container. and trying to configure the instance itself to gcloud. I hoped since I am using gcp console cli and it configured to my project, it will automatically access the secrets. But not able to do that – Pictarise User Jun 01 '22 at 09:03