Background
The 1.11-to-1.12 migration guide states: "Make sure athenz-server-aws-common module along with all of its dependencies is deployed as part of your application."
However, the ZMS and ZTS assembly tarballs (assembly/zms/target/athenz-zms-*-bin.tar.gz and assembly/zts/target/athenz-zts-*-bin.tar.gz) do not include athenz-server-aws-common or its transitive dependencies (AWS SDK v2 rds, sts, ssm, s3, kms, etc.). Neither assembly/zms/pom.xml nor assembly/zts/pom.xml declares athenz-server-aws-common as a dependency, and servers/zms/servers/zts also don't depend on it.
This means the factory classes (AWSObjectStoreFactory, AWSCertRecordStoreFactory) are loaded dynamically via config properties, but the JARs they live in are not in the classpath when using the assembly tarballs.
What we had to do
We build Athenz from source and use the assembly tarballs to deploy ZMS/ZTS on EC2. To make the AWS factories work with v1.12.x, we had to:
- Run
mvn dependency:copy-dependencies on the server_aws_common module after the main build
- Manually copy
athenz-server-aws-common-*.jar and all resolved transitive JARs into the ZMS/ZTS lib directories
Question
Is this the intended workflow for users deploying from the assembly tarballs? Or would it make sense to include athenz-server-aws-common (and its deps) in the assembly when building for AWS deployments?
Background
The 1.11-to-1.12 migration guide states: "Make sure athenz-server-aws-common module along with all of its dependencies is deployed as part of your application."
However, the ZMS and ZTS assembly tarballs (
assembly/zms/target/athenz-zms-*-bin.tar.gzandassembly/zts/target/athenz-zts-*-bin.tar.gz) do not includeathenz-server-aws-commonor its transitive dependencies (AWS SDK v2 rds, sts, ssm, s3, kms, etc.). Neitherassembly/zms/pom.xmlnorassembly/zts/pom.xmldeclaresathenz-server-aws-commonas a dependency, andservers/zms/servers/ztsalso don't depend on it.This means the factory classes (
AWSObjectStoreFactory,AWSCertRecordStoreFactory) are loaded dynamically via config properties, but the JARs they live in are not in the classpath when using the assembly tarballs.What we had to do
We build Athenz from source and use the assembly tarballs to deploy ZMS/ZTS on EC2. To make the AWS factories work with v1.12.x, we had to:
mvn dependency:copy-dependencieson theserver_aws_commonmodule after the main buildathenz-server-aws-common-*.jarand all resolved transitive JARs into the ZMS/ZTS lib directoriesQuestion
Is this the intended workflow for users deploying from the assembly tarballs? Or would it make sense to include
athenz-server-aws-common(and its deps) in the assembly when building for AWS deployments?