我正在尝试制作一个简单的 REST API 来查询 Redshift 数据库。我被授予访问权限并可以查看 DBeaver 中的表,但是当我尝试以编程方式访问它时,我得到:
Invalid operation: permission denied for relation "account"
这是我在代码中做错了什么,还是我需要获得许可?
对于另一个应用程序,我们必须使用 AWS 凭证和 AWSClientBuilder 等。这是我需要去这里的路线还是我可以只使用我在 SQL 客户端上访问它时使用的用户名和密码来完成我的概念验证?
这是我的代码:
应用程序.properties:
spring.jpa.show-sql=true
spring.datasource.url=jdbc:redshift://mydb.blah.region.redshift.amazonaws.com:5439/dev?currentSchema=myschema
spring.datasource.username=user
spring.datasource.password=pass
spring.datasource.dbcp2.validation-query=SELECT 1
spring.datasource.driver-class-name=com.amazon.redshift.jdbc42.Driver
我也试过在 datasource.url 的末尾添加
;UID=user;PWD=pass;
,但没有改变任何东西。
控制器:
@RestController
@RequestMapping("/")
public class ContactController {
private RedshiftRepo repo;
@Autowired
public ContactController(RedshiftRepo repo) {
this.repo = repo;
}
@GetMapping(value = "/get")
public ResponseEntity<List<Contact>> getTest(){
List<Contact> list = repo.findAll();
return new ResponseEntity<List<Contact>>(list, HttpStatus.OK);
}
@GetMapping(value = "/getByEmail")
public ResponseEntity<List<Contact>> getByEmail(@RequestParam String email){
List<Contact> list = repo.getContactByEmail(email);
return new ResponseEntity<List<Contact>>(list, HttpStatus.OK);
}
}
Redshift回购:
@Repository
public interface RedshiftRepo extends JpaRepository<Contact, Integer>{
@Query("select id, firstname, lastname, accountid from Contact c where c.email = ?1")
public Contact getContactByEmail(String email);
}
实体:
@Entity
@Table(name ="account")
public class Contact {
@Id
private String id;
private String firstname;
private String lastname;
private String accountid;
}
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.0.1</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<groupId>com.contactAPI</groupId>
<artifactId>pocContactAPI</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>pocContactAPI</name>
<description>Contact Getter</description>
<properties>
<java.version>11</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
</dependency>
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-redshift</artifactId>
<version>1.11.999</version>
</dependency>
<dependency>
<groupId>com.amazon.redshift</groupId>
<artifactId>redshift-jdbc42-no-awssdk</artifactId>
<version>1.2.41.1065</version>
</dependency>
</dependencies>
<repositories>
<repository>
<id>redshift</id>
<url>http://redshift-maven-repository.s3-website-us-east-1.amazonaws.com/release</url>
</repository>
</repositories>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
当我写这篇文章时,我试图将代码放入一个 Lambda 函数中,该函数位于与它试图访问的 Redshift 不同的 AWS 账户上。当我把它放在同一个帐户中时,相同的代码工作正常。
所以,问题可能是 Lambda 需要 IAM/安全组权限才能访问 Redshift,即使我没有使用 RedShiftClient。 (另外,我听说我应该使用 RedShiftClient)
不确定这是否是唯一的解决方案,但这对我有用。