Spring boot app with JDBC SA mitigating Short lived credentials - IAM based
See https://cloud.google.com/alloydb/docs/connect-external
For this sample, I had set up an intermediary virtual machine (VM) to connect to my cluster, as follows:
- Create a sample-vm
- Using SSH install the alloydb proxy. Here more details.
- Run the proxy inside the VM:
./alloydb-auth-proxy \
"projects/<PROJECT-ID>/locations/us-central1/clusters/pagilacls/instances/pagila"
- At the local machine create a tunnel. Here more details.
gcloud compute ssh vm-sample \
--tunnel-through-iap \
--zone=us-central1-b \
--ssh-flag="-L 5432:localhost:5432"
- Set your variables on CloudSaApplication.java:
@Bean
DataSource getDataSource() {
HikariConfig config = new HikariConfig();
config.setJdbcUrl("jdbc:postgresql://127.0.0.1:5432/pagila");
config.setUsername("[email protected]");
config.addDataSourceProperty("ssl", "true");
config.addDataSourceProperty("sslmode", "disable");
return new CloudSqlAutoIamAuthnDataSource(config);
}
- Using another terminal, run:
./mvnw spring-boot:run
Output:
(...)
023-09-12 16:30:41.798 INFO 3023838 --- [ restartedMain] o.s.b.d.a.OptionalLiveReloadServer : LiveReload server is running on port 35729
2023-09-12 16:30:41.838 INFO 3023838 --- [ restartedMain] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path ''
2023-09-12 16:30:41.854 INFO 3023838 --- [ restartedMain] b.c.x.cloudSA.CloudSaApplication : Started CloudSaApplication in 5.913 seconds (JVM running for 6.45)
Credits: Thanks Eno Compton for support me