K
Q

How to use two jsons using secrets to authenticate to google in java

1/6/2020

Do to companies restriction, I have to use different service accounts for different google services.

One of the accounts is for pubsub and a second one is for bigquery.

I've gotten the pubsub authentication to work with spring.

Snippet

    @Autowired
private ClientConfiguration clientConfiguration;
private Context context = new Context();
.
.
.
context.setClientConfiguration(clientConfiguration);
String projectId = clientConfiguration.getSubscriptionProjectDefault();
List<ReceivedMessage> receivedMessageList = getPubSubMessages(projectId, clientConfiguration.getSubscriptionNameDefault(), Integer.parseInt(clientConfiguration.getNumMaxOfMessages()));

When doing these steps for bigquery, the path to the secret is "/secret/secret_name". When doing what the URL says, I get a nullpointerexception in the File. Here is the snippet:

log.debug("PATH_BIG_QUERY_CREDENTIALS:"+System.getenv("PATH_BIG_QUERY_CREDENTIALS"));
String pathBigQueryCredentials = System.getenv("PATH_BIG_QUERY_CREDENTIALS");

File credentialsPath = new File(pathBigQueryCredentials);

FileInputStream serviceAccountStream = new FileInputStream(credentialsPath);
GoogleCredentials credentials = ServiceAccountCredentials.fromStream(serviceAccountStream);

BigQuery bigquery = BigQueryOptions.newBuilder().setCredentials(credentials).build().getService();

What is the correct way to use a second service account? This is a non negotiable :(

-- GriffiN
google-authentication
google-bigquery
java
kubernetes-secrets
publish-subscribe

Similar Questions

kubernetes virtual service for Zuul Proxy fails without port forwarding
kubernetes nginx ingress controller weak ciphers
K8s getting error after change gcloud sdk location on Macos
Kuberntes deployment using yaml file

1 Answer

1/8/2020

The answer actually was in the deployment.yaml

To mount multiple secrets it needs to be the following:

---
# POD - API configuration (with Google Endpoints)
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: event-keeper-acl
spec:
  # Number of replicas
  replicas: 1
  template:
    metadata:
      labels:
        app: app_name
        tier: backend
    spec:
      containers:
        - name: app_name
          image: REGISTRY_HOSTNAME/PROJECT_ID/REPOSITORY_NAME:IMAGE_TAG
          imagePullPolicy: Always
          ports:
            - containerPort: 8080
          env:
            - name: GOOGLE_APPLICATION_CREDENTIALS
              value: "/secret/secret_name_1"
            - name: PATH_BIG_QUERY_CREDENTIALS
              value: "/secret/secret_name_2"
          volumeMounts:
            - name: service-secrets
              mountPath: /secret
              readOnly: true
          envFrom:
            - configMapRef:
                name: app-name-config-map
      volumes:
        - name: service-secrets
          projected:                  # <----- THIS ENABLES MULTIPLE SECRETS IN SAME MOUNT POINT
            sources:
            - secret:
                name: secret_name_1
            - secret:
                name: secret_name_2
-- GriffiN
Source: StackOverflow