hajlaoui-nader
commented
1 year ago hello @ricardkollcaku, we're facing the same problem, have you found a solution ?
Open ricardkollcaku opened 1 year ago
hajlaoui-nader
commented
1 year ago hello @ricardkollcaku, we're facing the same problem, have you found a solution ?
ricardkollcaku
commented
1 year ago @hajlaoui-nader currently i have manually added reflection configuration in resources using native-agent I have cleansed the unnecessary stuff that was added by the agent and now it works ok.
hajlaoui-nader
commented
1 year ago thanks @ricardkollcaku. we've done the same and it works:
@RegisterForReflection( targets = {IAMLoginModule.class, IAMClientCallbackHandler.class, IAMSaslClient.ClassLoaderAwareIAMSaslClientFactory.class, IAMSaslClient.IAMSaslClientFactory.class, AuthenticationResponse.class})
PS: we're not using spring-boot
sivabalachandran
commented
1 year ago @hajlaoui-nader I am facing same issue and could you tell me what version of aws-msk-iam-auth did you use? I seem to run into build issues one after another. Thanks a ton.
hajlaoui-nader
commented
1 year ago hello @sivabalachandran, we used the version 1.1.9
sivabalachandran
commented
1 year ago hello @sivabalachandran, we used the version
1.1.9
@hajlaoui-nader With 1.1.9, do you have to initialize anything at runtime using quarkus.native.additional-build-args=--initialize-at-run-time=? I am running into all sort of build issues with java.util.Random being initialized at build time. Thanks again for the help.
matthenry87
commented
11 months ago thanks @ricardkollcaku. we've done the same and it works:
@RegisterForReflection( targets = {IAMLoginModule.class, IAMClientCallbackHandler.class, IAMSaslClient.ClassLoaderAwareIAMSaslClientFactory.class, IAMSaslClient.IAMSaslClientFactory.class, AuthenticationResponse.class})PS: we're not using
spring-boot
Hello all! Couple things -
You will want to add awsDebugCreds=true to your sasl.jaas.config, and you want to turn on DEBUG logging for the software.amazon.msk package. This way you see the full errors+stack traces if/when you need to add hints. Otherwise it just fails silently leaving you scratching your head (typical for security related packages).
I am using EKS IAM Roles for Service Accounts, so I also had to add a hint for com.amazonaws.auth.AWS4Signer (default constructor). I'm going to get with my company to see what hoops I need to jump to contribute native hints to this project.
ShakeelHussain
commented
10 months ago Hi Team, we are facing the same issue? will adding the above hints solve runtime/unknown issues?
or something else needed to be done.
cmtoan
commented
8 months ago I have the same probleme with the build native of aws-msk-iam-auth. I configure with @RegisterForReflection( targets = { IAMLoginModule.class, IAMClientCallbackHandler.class, IAMSaslClient.ClassLoaderAwareIAMSaslClientFactory.class, IAMSaslClient.IAMSaslClientFactory.class, IAMSaslClient.class, IAMSaslClientProvider.class, AuthenticationResponse.class, } )
and "-H:AdditionalSecurityProviders=software.amazon.msk.auth.iam.internals.IAMSaslClientProvider"
but I have following errors in AWS, do you have the same probleme ? Caused by: org.apache.kafka.common.errors.SaslAuthenticationException: Failed to configure SaslClientAuthenticator Caused by: org.apache.kafka.common.errors.SaslAuthenticationException: Failed to create SaslClient with mechanism AWS_MSK_IAM
jvdadda
commented
6 months ago The current library is completely unusable with native (GraalVM / Quarkus), probably because of aws sdk v1 that does not support native
matthenry87
commented
6 months ago The current library is completely unusable with native (GraalVM / Quarkus), probably because of aws sdk v1 that does not support native
I've got it all working. I can share my hints once I'm at my desk.
jvdadda
commented
6 months ago The current library is completely unusable with native (GraalVM / Quarkus), probably because of aws sdk v1 that does not support native
I've got it all working. I can share my hints once I'm at my desk.
It would be wonderful 🙌
jvdadda
commented
6 months ago Hi @matthenry87 can you share you working configuration to make it work ? Thanks a lot
joseiedo
commented
4 weeks ago Hey! What do you guys think would be the best path to completely solve this issue? I'm not very familiar with migrating these applications to work with native, but I'm willing to help.
Should we try to use Features or this wouldn't work?
I noticed there were some PRs updating the aws sdk, but these issues with reflection are still happening. Maybe we can build an wrapper supporting native...
jvdadda
commented
3 weeks ago Hi @joseiedo , indeed, with full migration to AWS SDK v2, it is easier to use it with Quarkus. I need to add some configuration (in Kotlin for me):
@RegisterForReflection(
targets = [
IAMLoginModule::class,
IAMClientCallbackHandler::class,
IAMSaslClient.ClassLoaderAwareIAMSaslClientFactory::class,
IAMSaslClient.IAMSaslClientFactory::class,
AuthenticationResponse::class,
],
)
class Registration_IamMskAuthclass Feature_IamMskAuth : Feature {
override fun afterRegistration(access: Feature.AfterRegistrationAccess?) {
val rci = ImageSingletons.lookup(
RuntimeClassInitializationSupport::class.java,
)
rci.initializeAtRunTime(IAMLoginModule::class.java, "To reconciliate class hashcode")
}
}And in Quarkus config (src/main/resources/application.yml):
quarkus:
native:
additional-build-args: >
--features=ly.wide.config.Feature_IamMskAuthHey @jvdadda thank you. This worked for me!
I'm gonna search how to make this a default config in this library. Not sure where to start but here we go 😂
Currently if we use msk kafka and we want to build a native image (spring boot app) it will not work because reflected classes are not declared for graalvm to include them in compile time Would be nice that this configuration would be included in the library