Ask questions on the official Q&A site at https://ask.datomic.com!
onetom 2020-07-22T05:07:39.349400Z

what's the current recommendation for datomic.api/pull-many when using the datomic.client.api? there is a nice comparison of the peer and the client apis on the https://docs.datomic.com/on-prem/clients-and-peers.html#peer-only page, but it doesn't mention datomic.api/pull-many and what should it's equivalent be on datomic.client.api. i know it's possible to provide pull patterns as dc/q, but that couples the queries more to pulls, than it would otherwise, using the q+find-rel + pull-many.

onetom 2020-07-22T05:16:13.349600Z

based on the introduction of this new qseq function, i suspect that's the one I should use instead of pull-many. Is my suspicion correct?


I get this error when adding dev-local as a dependency to a previously working ions project:

Could not locate cognitect/hmac_authn__init.class, cognitect/hmac_authn.clj or cognitect/hmac_authn.cljc on classpath. Please check that namespaces with dashes use underscores in the Clojure file name.
I guess it's a dependency conflict but I've checked with -Stree and I get the same versions of com.cognitect/hmac-authn 0.1.195 in both with and without dev-local. Still trying to track it down, but wanted to ask if anyone else have seen it or something similar?

danieroux 2020-07-22T11:04:18.354200Z

@maxt I had this issue too, and it solved by having latest tools.deps - Upgrade on osx with: brew upgrade clojure/tools/clojure


@danie Thank you for the hint! Just noticed that it works from cli, but not through cursive, which indeed seems to be stuck at an older version of tools deps

alexmiller 2020-07-22T12:51:56.356800Z

You can have cursive use your local version of clj too


@alexmiller that would be great, but when I try I get this

The following errors were found during project resolve: /home/max/wavy/wavy-v2/deps.edn: Coordinate type :mvn not loaded for library org.clojure/clojure in coordinate {:mvn/version "1.10.1"}
I don't yet understand why I see that in cursive but not from cli

alexmiller 2020-07-22T13:06:12.358200Z

That's a weird error

alexmiller 2020-07-22T13:06:19.358400Z

I'd ask in #cursive


Yep, thank you

onetom 2020-07-22T15:11:56.359600Z

@maxt yes, you can specify Cursive to use the installed CLI tools, by pointing it to the clojure executable


@onetom Thank you. That option sadly does not work for me, I get a wierd error when doing so.

staypufd 2020-07-25T04:51:18.436300Z

@maxt What was the work-around?


@staypufd Using the option "Use tools.deps directly" on a updated Cursive.

onetom 2020-07-22T15:13:42.360700Z

i would recommend using nix to manage your projects' dependencies

onetom 2020-07-22T15:14:40.360900Z

that way it's guaranteed that you have the exact version of everything in a read-only folder and it doesn't clash with the needs with any other project

onetom 2020-07-22T15:17:42.361100Z

here is an example of a shell.nix file, which can provide you the exact same environment in a shell, even years later:

# To upgrade pinned versions, get the latest git commit SHAs:
#     git ls-remote <https://github.com/nixos/nixpkgs-channels> nixos-20.03 nixpkgs-unstable

with import (builtins.fetchGit {
    name = "nixos-20.03";
    ref = "refs/heads/nixos-20.03";
    rev = "bb8f0cc2279934cc2274afb6d0941de30b6187ae";
    url = <https://github.com/nixos/nixpkgs-channels/>;
}) {};

    sharedJDK = jdk11;
    clojure = callPackage ../clojure { jdk11 = sharedJDK; };
    maven = maven3.override { jdk = sharedJDK; };

mkShell rec {
    buildInputs = [
        coreutils cacert wget unzip overmind
     	sharedJDK maven clojure
    shellHook = ''
        export LC_CTYPE="UTF-8"

onetom 2020-07-22T15:19:23.361300Z

the ../clojure folder contains a copy of https://github.com/NixOS/nixpkgs/blob/99afbadaca7a7edead14dc5f930aff4ca4636608/pkgs/development/interpreters/clojure/default.nix and i just adjusted the cli tool version and sha in it.

onetom 2020-07-22T15:20:30.361600Z

the Nix pkg manager works great under any Linux or macOS, but Windows is not really supported or might never be supported.

onetom 2020-07-22T15:21:16.361800Z

im happy to hop on a https://screen.so/ session and help you to set nix up or i can show it in action on my machine

onetom 2020-07-22T15:21:30.362100Z

maybe i should do a screencast about it... πŸ˜•


I did not know about Nix, thank you for mentioning it.


In this case, It works from my command line but not from inside IntelliJ, and I don't think a package manager would help me then.


Using tools.deps version 0.8.709 from inside Cursive finally did allow me to use dev-local. Thank you again @danie


And thank you for offering help. In this case, I just found a workaround that solves my current issue.

joshkh 2020-07-22T17:50:59.371200Z

hello! i am attempting to get a handle on the AWS_ACCESS_KEY_ID environment variable from within my Ion lambda -- something that is typically available based on the execution role. however, listing the environment variables from within my Ion returns the environment variables of the query group, which is expected but not very helpful in my case. is there another way to retrieve the execution role credentials?

marshall 2020-07-22T17:51:30.371600Z

usually you would use the instance role credentials

marshall 2020-07-22T17:51:36.371800Z

one sec - let me get you an example

ghadi 2020-07-22T17:52:41.372400Z

@joshkh you shouldn't need AWS_ACCESS_KEY_ID to use an AWS SDK

ghadi 2020-07-22T17:53:26.373400Z

all AWS SDKs detect that they are running in an EC2 machine with an instance role, and transparently fetch and remember credentials

ghadi 2020-07-22T17:53:52.374Z

but I'm not sure what you're trying to do

ghadi 2020-07-22T17:54:21.374600Z

if it's "use an aws API" just call the constructor function for whatever SDK you're using, and don't pass any explicit credentials

ghadi 2020-07-22T17:55:12.375400Z

EC2 machines don't have that env var unless you've explicitly set it -- which is not recommended

joshkh 2020-07-22T17:55:15.375600Z

thanks for the feedback ghadi. in my case i need to manually sign an HTTP request

ghadi 2020-07-22T17:55:27.375800Z

for an AWS API?

joshkh 2020-07-22T17:55:38.376Z


joshkh 2020-07-22T17:56:53.376100Z

specifically, a raw GraphQL query to an AppSync endpoint

joshkh 2020-07-22T17:57:47.376300Z

ie a server side mutation from an ion

ghadi 2020-07-22T17:59:09.376900Z

hmm which sdk ?

joshkh 2020-07-22T17:59:51.377700Z

^ i started a thread above πŸ™‚

ghadi 2020-07-22T18:00:07.377800Z

if manually signing, you could ask an sdk for credentials

ghadi 2020-07-22T18:00:22.378Z

credentials periodically rotate in ec2 machines, and the sdk's handle this for you

ghadi 2020-07-22T18:00:31.378200Z

would love to see some sample code

joshkh 2020-07-22T18:04:31.378400Z

i'm using cognitect's aws-api, although there is no "server side" appsync client or API to perform mutations, so it appears that manually posting signed requests to AppSync is the way to go. i'm drawing some inspiration from the code at the end of this article: https://adrianhall.github.io/cloud/2018/10/26/backend-graphql-trigger-appsync/ nodejs has the benefit of using the AWS AppSync client, but that's not an option in the JVM

ghadi 2020-07-22T18:04:59.378700Z

cool you are in luck, I am a maintainer of that sdk πŸ™‚

joshkh 2020-07-22T18:05:22.378900Z

it's my lucky day!

ghadi 2020-07-22T18:06:14.379100Z

interesting, I didn't realize the aws js sdk exposes sigv4 as an API

ghadi 2020-07-22T18:07:59.379600Z

that is not the same thing

ghadi 2020-07-22T18:08:06.379800Z

that is a code signing api for IOT

ghadi 2020-07-22T18:08:14.380300Z

an actual service

ghadi 2020-07-22T18:08:39.380500Z

what you are looking for is a thing that signs HTTP maps with AWS credentials

ghadi 2020-07-22T18:11:09.380700Z

we don't yet have v4 request signing a la carte in cognitect labs' aws-api

ghadi 2020-07-22T18:11:18.380900Z

but I think @kenny may have done it

ghadi 2020-07-22T18:11:32.381100Z

it's useful for API Gateway, as well as GraphQL

joshkh 2020-07-22T18:12:31.381300Z

(re: AWS Signer, yes thanks for pointing that out. i was crossing wires)

ghadi 2020-07-22T18:13:06.381500Z

in any case: don't rely on the datomic machine to have static credentials in the env vars

joshkh 2020-07-22T18:13:53.381700Z

for sure. i didn't really expect them to be there as with a typical lambda.

ghadi 2020-07-22T18:14:10.382200Z

but that doesn't solve your larger problem of signing a request

kenny 2020-07-22T18:14:47.383100Z

Haven’t read the background on your issue @joshkh but perhaps this is useful https://gist.github.com/kennyjwilli/aa9e99321d9443a8ae80448974850e79

joshkh 2020-07-22T18:16:03.383300Z

forgive me ghadi, but doesn't that demonstrate a way to provide custom credentials? whereas in my case i need to retrieve the current access-key-id etc.?

ghadi 2020-07-22T18:17:06.383500Z


joshkh 2020-07-22T18:17:11.383700Z

@kenny i think that's exactly what i'm looking for

ghadi 2020-07-22T18:18:02.383900Z

if you call (cognitect.aws.client.shared/credentials-provider) you'll have access to the default provider which will pull and refresh the creds automatically

ghadi 2020-07-22T18:18:15.384100Z

combine that with kenny's script

ghadi 2020-07-22T18:20:02.384300Z

thanks @kenny!

joshkh 2020-07-22T18:20:03.384500Z

yup, this looks great. thank you both for your help. it's always interesting to dive a little deeper into ions / aws api.

joshkh 2020-07-22T18:20:52.385200Z

and thanks for your work on aws-api. it was a game changer when moving from the aws java sdk.

joshkh 2020-07-22T18:25:01.385700Z

on a side note, i wasn't able to sign S3 / CloudFront urls with aws-api in the past (although maybe that has changed), so i ported over an AWS java example to Clojure. might be useful to someone who finds this thread in the future. https://gist.github.com/joshkh/99718bfd4cd95cd48cda8533f162ffbf

joshkh 2020-07-22T18:34:23.385900Z

hi marshall, ghadi and kenny sorted me out with a good example. thanks just the same for investigating