search

aws / aws-msk-iam-auth

Enables developers to use AWS Identity and Access Management (IAM) to connect to their Amazon Managed Streaming for Apache Kafka (Amazon MSK) clusters.
Apache License 2.0
145 stars 67 forks source link

MSKCredentialProvider generates a bad URI if stsRegion is specified #174

Closed taer closed 4 months ago

taer commented 6 months ago

This is from 2.1.0 of the java aws-msk-iam-auth module

If you configure the SASL config like this software.amazon.msk.auth.iam.IAMLoginModule required awsRoleArn="$role" awsRoleSessionName="producer" awsStsRegion="$region";

on startup, you'll get this exception

     Caused by: java.lang.NullPointerException: The URI scheme of endpointOverride must not be null.
     at software.amazon.awssdk.utils.Validate.paramNotNull(Validate.java:156)
     at software.amazon.awssdk.core.client.builder.SdkDefaultClientBuilder.endpointOverride(SdkDefaultClientBuilder.java:502)

It looks like the following code is making a URI that the SDK doesn't like

https://github.com/aws/aws-msk-iam-auth/blob/v2.1.0/src/main/java/software/amazon/msk/auth/iam/internals/MSKCredentialProvider.java#L278-L280

        public URI buildEndpointConfiguration(String stsRegion){
            return URI.create("sts." + stsRegion + ".amazonaws.com");
        }

I removed the region to the SASL arg, and it starts up.

taer commented 6 months ago

Looks like this has been semi-addressed in the tip of main

        public URI buildEndpointConfiguration(Region stsRegion) {
            StsEndpointParams params = StsEndpointParams.builder()
                .region(stsRegion)
                .build();

            try {
                return StsEndpointProvider.defaultProvider()
                    .resolveEndpoint(params)
                    .get()
                    .url();
            } catch (InterruptedException | ExecutionException e) {
                throw new RuntimeException(e);
            }
        }

That's at least not the same code.

Could this be released?

sidyag commented 5 months ago

This was fixed in https://github.com/aws/aws-msk-iam-auth/commit/d064c9a84e61e73e0d833f1f560aeee1c02814b2

We plan on releasing by the end of June.

github-actions[bot] commented 4 months ago

This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one.