first commit

dedeco · Sep 12, 2023 · b69717e · b69717e
commit b69717e
Show file tree

Hide file tree

Showing 11 changed files with 803 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,33 @@
+HELP.md
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
diff --git a/.mvn/wrapper/maven-wrapper.jar b/.mvn/wrapper/maven-wrapper.jar
diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties
@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.7/apache-maven-3.8.7-bin.zip
+wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar
diff --git a/README.md b/README.md
@@ -0,0 +1,56 @@
+#  Spring boot app connecting to AlloyDb by JDBC using SA mitigating Short lived credentials - IAM based
+
+## Install Java 17
+See https://sdkman.io/usage
+
+## If you connect from external for a private ip database cluster.
+See https://cloud.google.com/alloydb/docs/connect-external
+
+For this sample, I had set up an intermediary virtual machine (VM) to connect to my cluster, as follows:
+1. Create a sample-vm
+2. Using SSH install the alloydb proxy. [Here more details](https://cloud.google.com/alloydb/docs/auth-proxy/connect)
+3. Run the proxy inside the VM:
+```bash
+./alloydb-auth-proxy \
+"projects/<PROJECT-ID>/locations/us-central1/clusters/pagilacls/instances/pagila"
+```
+4. At the local machine create a tunnel. [Here mode details](https://cloud.google.com/iap/docs/using-tcp-forwarding)
+```bash
+gcloud compute ssh vm-sample \
+    --tunnel-through-iap \
+    --zone=us-central1-b \
+    --ssh-flag="-L 5432:localhost:5432"
+```
+5. Set your variables on CloudSaApplication.java:
+```java
+@Bean
+DataSource getDataSource() {
+
+        HikariConfig config = new HikariConfig();
+
+        config.setJdbcUrl("jdbc:postgresql://127.0.0.1:5432/pagila");
+        config.setUsername("[email protected]");
+        config.addDataSourceProperty("ssl", "true");
+        config.addDataSourceProperty("sslmode", "disable");
+
+        return new CloudSqlAutoIamAuthnDataSource(config);
+}
+```
+5. Using another terminal, run:
+```bash
+./mvnw spring-boot:run
+```
+Output:
+```
+(...)
+023-09-12 16:30:41.798  INFO 3023838 --- [  restartedMain] o.s.b.d.a.OptionalLiveReloadServer       : LiveReload server is running on port 35729
+2023-09-12 16:30:41.838  INFO 3023838 --- [  restartedMain] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8080 (http) with context path ''
+2023-09-12 16:30:41.854  INFO 3023838 --- [  restartedMain] b.c.x.cloudSA.CloudSaApplication         : Started CloudSaApplication in 5.913 seconds (JVM running for 6.45)
+
+```
+
+Credits: Thanks Eno Compton for support me
+
+
+
+