Google Secret Manager client fails to retrieve secret when executed from native image

[montesmoci]

Expected Behavior

Successful retrieval and reading of a secret stored in Secret Manager.

Actual Behaviour

The following stack trace is generated when attempting to retrieve a secret:

Mar 02, 2023 9:47:30 AM io.grpc.auth.GoogleAuthLibraryCallCredentials createJwtHelperOrNull
WARNING: Failed to create JWT helper. This is unexpected
java.lang.NoSuchMethodException: com.google.auth.oauth2.ServiceAccountCredentials.getQuotaProjectId()
        at java.lang.Class.getMethod(DynamicHub.java:2227)
        at io.grpc.auth.GoogleAuthLibraryCallCredentials$JwtHelper.<init>(GoogleAuthLibraryCallCredentials.java:318)
        at io.grpc.auth.GoogleAuthLibraryCallCredentials.createJwtHelperOrNull(GoogleAuthLibraryCallCredentials.java:224)
        at io.grpc.auth.GoogleAuthLibraryCallCredentials.<clinit>(GoogleAuthLibraryCallCredentials.java:53)
        at io.grpc.auth.MoreCallCredentials.from(MoreCallCredentials.java:35)
        at com.google.api.gax.grpc.GrpcCallContext.withCredentials(GrpcCallContext.java:160)
        at com.google.api.gax.grpc.GrpcCallContext.withCredentials(GrpcCallContext.java:67)
        at com.google.api.gax.rpc.ClientContext.create(ClientContext.java:206)
        at com.google.cloud.secretmanager.v1.stub.GrpcSecretManagerServiceStub.create(GrpcSecretManagerServiceStub.java:248)
        at com.google.cloud.secretmanager.v1.stub.SecretManagerServiceStubSettings.createStub(SecretManagerServiceStubSettings.java:349)
        at com.google.cloud.secretmanager.v1.SecretManagerServiceClient.<init>(SecretManagerServiceClient.java:180)
        at com.google.cloud.secretmanager.v1.SecretManagerServiceClient.create(SecretManagerServiceClient.java:162)
        at com.google.cloud.secretmanager.v1.SecretManagerServiceClient.create(SecretManagerServiceClient.java:153)
        at bug.nativeCompile.googleSecretManager.ApplicationSecretsClient.onStartup(ApplicationSecretsClient.java:35)
        at bug.nativeCompile.googleSecretManager.$ApplicationSecretsClient$Definition$Exec.dispatch(Unknown Source)
        at io.micronaut.context.AbstractExecutableMethodsDefinition$DispatchedExecutableMethod.invoke(AbstractExecutableMethodsDefinition.java:371)
        at io.micronaut.context.DefaultBeanContext$BeanExecutionHandle.invoke(DefaultBeanContext.java:3828)
        at io.micronaut.aop.chain.AdapterIntroduction.intercept(AdapterIntroduction.java:83)
        at io.micronaut.aop.chain.MethodInterceptorChain.proceed(MethodInterceptorChain.java:137)
        at bug.nativeCompile.googleSecretManager.ApplicationSecretsClient$ApplicationEventListener$onStartup1$Intercepted.onApplicationEvent(Unknown Source)
        at io.micronaut.context.event.ApplicationEventPublisherFactory.notifyEventListeners(ApplicationEventPublisherFactory.java:262)
        at io.micronaut.context.event.ApplicationEventPublisherFactory.access$200(ApplicationEventPublisherFactory.java:60)
        at io.micronaut.context.event.ApplicationEventPublisherFactory$2.publishEvent(ApplicationEventPublisherFactory.java:229)
        at io.micronaut.context.DefaultBeanContext.publishEvent(DefaultBeanContext.java:1703)
        at io.micronaut.context.DefaultBeanContext.start(DefaultBeanContext.java:356)
        at io.micronaut.context.DefaultApplicationContext.start(DefaultApplicationContext.java:194)
        at io.micronaut.runtime.Micronaut.start(Micronaut.java:75)
        at io.micronaut.runtime.Micronaut.run(Micronaut.java:323)
        at io.micronaut.runtime.Micronaut.run(Micronaut.java:309)
        at bug.nativeCompile.googleSecretManager.Application.main(Application.java:8)

Steps To Reproduce

1. Assuming one has a GCP account and has the following secret with the name secret_txt (see line 16 of bug/nativeCompile/googleSecretManager/ApplicationSecretsClient.java).
2. Change the gcp.project-id in application.yml to the relevant value.
3. Use GraalVM via sdk man or some other means. On my end, I enable GraalVM via sdk use java 22.2.r17-grl
4. Execute ./gradlew nativeCompile.
5. Run the generated native image ./build/native/nativeCompile/bug-nativeCompile-googleSecretManager
6. Observe that io.grpc.auth.GoogleAuthLibraryCallCredentials createJwtHelperOrNull WARNING: Failed to create JWT helper. This is unexpected java.lang.NoSuchMethodException: com.google.auth.oauth2.ServiceAccountCredentials.getQuotaProjectId() error is generated. The above error is not generated whenever ./gradlew run is executed.

Environment Information

• OS Ventura - 13.1 (22C65)
• Apple M1 Pro
• Java 22.2.r17-gr

Example Application

https://github.com/montesmoci/bug-nativeCompile-googleSecretsManager

Version

3.8.6

[graemerocher]

did you add the necessary library https://micronaut-projects.github.io/micronaut-gcp/latest/guide/#nativeImage

[montesmoci]

Not initially, no. I've added the dependency and the error still persists.
Perhaps I'm using an incompatible Java GraalVM?

https://github.com/GoogleCloudPlatform/native-image-support-java#:~:text=the%20Cloud%20Client%20Libraries%20for%20Java%20come%20with%20the%20native%20image%20configurations%20built%2Din.%20This%20means%20that%20the%20Cloud%20Client%20libraries%20can%20be%20compiled%20into%20native%20images%20without%20the%20need%20for%20adding%20the%20native%2Dimage%2Dsupport%20dependency.

[montesmoci]

FYI: Adding implementation("com.google.cloud:google-cloud-secretmanager:2.12.0") resolves the issue.