Clojurians Log v2
datomic
what's the current recommendation for datomic.api/pull-many when using the datomic.client.api?
there is a nice comparison of the peer and the client apis on the https://docs.datomic.com/on-prem/clients-and-peers.html#peer-only page, but it doesn't mention datomic.api/pull-many and what should it's equivalent be on datomic.client.api.
i know it's possible to provide pull patterns as dc/q, but that couples the queries more to pulls, than it would otherwise, using the q+find-rel + pull-many.
based on the introduction of this new qseq function, i suspect that's the one I should use instead of pull-many.
Is my suspicion correct?
I get this error when adding dev-local as a dependency to a previously working ions project:
Could not locate cognitect/hmac_authn__init.class, cognitect/hmac_authn.clj or cognitect/hmac_authn.cljc on classpath. Please check that namespaces with dashes use underscores in the Clojure file name.com.cognitect/hmac-authn 0.1.195 in both with and without dev-local.
Still trying to track it down, but wanted to ask if anyone else have seen it or something similar?
@maxt I had this issue too, and it solved by having latest tools.deps - 1.10.1.561
Upgrade on osx with:
brew upgrade clojure/tools/clojure
@danie Thank you for the hint! Just noticed that it works from cli, but not through cursive, which indeed seems to be stuck at an older version of tools deps
You can have cursive use your local version of clj too
@alexmiller that would be great, but when I try I get this
The following errors were found during project resolve: /home/max/wavy/wavy-v2/deps.edn: Coordinate type :mvn not loaded for library org.clojure/clojure in coordinate {:mvn/version "1.10.1"}That's a weird error
I'd ask in #cursive
Yep, thank you
@maxt yes, you can specify Cursive to use the installed CLI tools, by pointing it to the clojure executable
@onetom Thank you. That option sadly does not work for me, I get a wierd error when doing so.
i would recommend using nix to manage your projects' dependencies
that way it's guaranteed that you have the exact version of everything in a read-only folder and it doesn't clash with the needs with any other project
here is an example of a shell.nix file, which can provide you the exact same environment in a shell, even years later:
# To upgrade pinned versions, get the latest git commit SHAs:
# git ls-remote <https://github.com/nixos/nixpkgs-channels> nixos-20.03 nixpkgs-unstable
with import (builtins.fetchGit {
name = "nixos-20.03";
ref = "refs/heads/nixos-20.03";
rev = "bb8f0cc2279934cc2274afb6d0941de30b6187ae";
url = <https://github.com/nixos/nixpkgs-channels/>;
}) {};
let
sharedJDK = jdk11;
clojure = callPackage ../clojure { jdk11 = sharedJDK; };
maven = maven3.override { jdk = sharedJDK; };
in
mkShell rec {
buildInputs = [
coreutils cacert wget unzip overmind
sharedJDK maven clojure
];
shellHook = ''
export LC_CTYPE="UTF-8"
'';
}the ../clojure folder contains a copy of https://github.com/NixOS/nixpkgs/blob/99afbadaca7a7edead14dc5f930aff4ca4636608/pkgs/development/interpreters/clojure/default.nix and i just adjusted the cli tool version and sha in it.
the Nix pkg manager works great under any Linux or macOS, but Windows is not really supported or might never be supported.
im happy to hop on a https://screen.so/ session and help you to set nix up or i can show it in action on my machine
maybe i should do a screencast about it... π
I did not know about Nix, thank you for mentioning it.
In this case, It works from my command line but not from inside IntelliJ, and I don't think a package manager would help me then.
Using tools.deps version 0.8.709 from inside Cursive finally did allow me to use dev-local. Thank you again @danie
And thank you for offering help. In this case, I just found a workaround that solves my current issue.
hello! i am attempting to get a handle on the AWS_ACCESS_KEY_ID environment variable from within my Ion lambda -- something that is typically available based on the execution role. however, listing the environment variables from within my Ion returns the environment variables of the query group, which is expected but not very helpful in my case. is there another way to retrieve the execution role credentials?
usually you would use the instance role credentials
one sec - let me get you an example
@joshkh you shouldn't need AWS_ACCESS_KEY_ID to use an AWS SDK
all AWS SDKs detect that they are running in an EC2 machine with an instance role, and transparently fetch and remember credentials
but I'm not sure what you're trying to do
if it's "use an aws API" just call the constructor function for whatever SDK you're using, and don't pass any explicit credentials
EC2 machines don't have that env var unless you've explicitly set it -- which is not recommended
thanks for the feedback ghadi. in my case i need to manually sign an HTTP request
for an AWS API?
correct
specifically, a raw GraphQL query to an AppSync endpoint
ie a server side mutation from an ion
hmm which sdk ?
^ i started a thread above π
if manually signing, you could ask an sdk for credentials
credentials periodically rotate in ec2 machines, and the sdk's handle this for you
would love to see some sample code
i'm using cognitect's aws-api, although there is no "server side" appsync client or API to perform mutations, so it appears that manually posting signed requests to AppSync is the way to go. i'm drawing some inspiration from the code at the end of this article: https://adrianhall.github.io/cloud/2018/10/26/backend-graphql-trigger-appsync/ nodejs has the benefit of using the AWS AppSync client, but that's not an option in the JVM
cool you are in luck, I am a maintainer of that sdk π
it's my lucky day!
interesting, I didn't realize the aws js sdk exposes sigv4 as an API
https://github.com/cognitect-labs/aws-api/blob/master/latest-releases.edn#L531
that is not the same thing
that is a code signing api for IOT
an actual service
what you are looking for is a thing that signs HTTP maps with AWS credentials
we don't yet have v4 request signing a la carte in cognitect labs' aws-api
but I think @kenny may have done it
it's useful for API Gateway, as well as GraphQL
(re: AWS Signer, yes thanks for pointing that out. i was crossing wires)
in any case: don't rely on the datomic machine to have static credentials in the env vars
for sure. i didn't really expect them to be there as with a typical lambda.
but that doesn't solve your larger problem of signing a request
Havenβt read the background on your issue @joshkh but perhaps this is useful https://gist.github.com/kennyjwilli/aa9e99321d9443a8ae80448974850e79
forgive me ghadi, but doesn't that demonstrate a way to provide custom credentials? whereas in my case i need to retrieve the current access-key-id etc.?
yeah
@kenny i think that's exactly what i'm looking for
if you call (cognitect.aws.client.shared/credentials-provider) you'll have access to the default provider which will pull and refresh the creds automatically
combine that with kenny's script
thanks @kenny!
yup, this looks great. thank you both for your help. it's always interesting to dive a little deeper into ions / aws api.
and thanks for your work on aws-api. it was a game changer when moving from the aws java sdk.
on a side note, i wasn't able to sign S3 / CloudFront urls with aws-api in the past (although maybe that has changed), so i ported over an AWS java example to Clojure. might be useful to someone who finds this thread in the future. https://gist.github.com/joshkh/99718bfd4cd95cd48cda8533f162ffbf
hi marshall, ghadi and kenny sorted me out with a good example. thanks just the same for investigating