search

aws / aws-msk-iam-auth

Enables developers to use AWS Identity and Access Management (IAM) to connect to their Amazon Managed Streaming for Apache Kafka (Amazon MSK) clusters.
Apache License 2.0
145 stars 67 forks source link

unable to connect to aws-msk using library #64

Open ahsan-n opened 2 years ago

ahsan-n commented 2 years ago

error getting :

Exception in thread "main" org.apache.kafka.common.config.ConfigException: Invalid value software.amazon.msk.auth.iam.IAMClientCallbackHandler for configuration sasl.client.callback.handler.class: Class software.amazon.msk.auth.iam.IAMClientCallbackHandler could not be found.
    at org.apache.kafka.common.config.ConfigDef.parseType(ConfigDef.java:728)
    at org.apache.kafka.common.config.ConfigDef.parseValue(ConfigDef.java:474)
    at org.apache.kafka.common.config.ConfigDef.parse(ConfigDef.java:467)
    at org.apache.kafka.common.config.AbstractConfig.<init>(AbstractConfig.java:108)
    at org.apache.kafka.common.config.AbstractConfig.<init>(AbstractConfig.java:142)
    at org.apache.kafka.clients.admin.AdminClientConfig.<init>(AdminClientConfig.java:216)
    at org.apache.kafka.clients.admin.Admin.create(Admin.java:61)
    at kafka.admin.TopicCommand$AdminClientTopicService$.createAdminClient(TopicCommand.scala:212)
    at kafka.admin.TopicCommand$AdminClientTopicService$.apply(TopicCommand.scala:216)
    at kafka.admin.TopicCommand$.main(TopicCommand.scala:57)
    at kafka.admin.TopicCommand.main(TopicCommand.scala)

how i loaded classpath:

export CLASSPATH=/home/ec2-user/aws-msk-iam-auth-1.1.3-all.jar

logged in as user root. Using instance profile with kafka full access.

client.properties:

# Sets up TLS for encryption and SASL for authN.
security.protocol = SASL_SSL

# Identifies the SASL mechanism to use.
sasl.mechanism = AWS_MSK_IAM

# Binds SASL client implementation.
sasl.jaas.config = software.amazon.msk.auth.iam.IAMLoginModule required;

# Encapsulates constructing a SigV4 signature based on extracted credentials.
# The SASL client bound by "sasl.jaas.config" invokes this class.
sasl.client.callback.handler.class = software.amazon.msk.auth.iam.IAMClientCallbackHandler

executing from dir:

/home/ec2-user/kafka_2.13-2.5.0/bin

home/ec-user:

rw-r--r-- 1 root root      669 Apr 24 08:15 aws-msk-iam-auth-1.1.3-all.jar
drwxr-xr-x 6 root root       89 Apr  8  2020 kafka_2.13-2.5.0
-rw-r--r-- 1 root root 61459093 Jul  6  2020 kafka_2.13-2.5.0.tgz

java version:

[root@ip-192-168-130-35 bin]# java --version
openjdk 11.0.14.1 2022-02-08 LTS
OpenJDK Runtime Environment Corretto-11.0.14.10.1 (build 11.0.14.1+10-LTS)
OpenJDK 64-Bit Server VM Corretto-11.0.14.10.1 (build 11.0.14.1+10-LTS, mixed mode)

command:

 ./kafka-topics.sh --bootstrap-server b-1.qa-msk.grzo233b.c151223.kafka.ap-southeast-1.amazonaws.com:9098 --create --replication-factor 2 --partitions 3 --topic my-topic --command-config client.properties

not sure what I am mistaking here.

OneCricketeer commented 2 years ago

The files in /home/ec-user should not be owned by the root user

chown -R ec2-user /home/ec2-user then logout from root account and try again

m1mohamad commented 2 years ago

facing the same issue on on macOS it was working then stopped suddenly with no changes ./kafka-topics.sh --bootstrap-server b-1.stage.kafka.eu-west-1.amazonaws.com:9096 --command-config ~/kafka/config/config.properties --list
Exception in thread "main" org.apache.kafka.common.config.ConfigException: Invalid value software.amazon.msk.auth.iam.IAMClientCallbackHandler for configuration sasl.client.callback.handler.class: Class software.amazon.msk.auth.iam.IAMClientCallbackHandler could not be found. at org.apache.kafka.common.config.ConfigDef.parseType(ConfigDef.java:744) at org.apache.kafka.common.config.ConfigDef.parseValue(ConfigDef.java:490) at org.apache.kafka.common.config.ConfigDef.parse(ConfigDef.java:483) at org.apache.kafka.common.config.AbstractConfig.(AbstractConfig.java:113) at org.apache.kafka.common.config.AbstractConfig.(AbstractConfig.java:146) at org.apache.kafka.clients.admin.AdminClientConfig.(AdminClientConfig.java:231) at org.apache.kafka.clients.admin.Admin.create(Admin.java:133) at kafka.admin.TopicCommand$TopicService$.createAdminClient(TopicCommand.scala:205) at kafka.admin.TopicCommand$TopicService$.apply(TopicCommand.scala:209) at kafka.admin.TopicCommand$.main(TopicCommand.scala:50) at kafka.admin.TopicCommand.main(TopicCommand.scala)

RajasGujarathi commented 1 year ago

Facing the same issue on a Amazon Linux EC2

MichalMoravik commented 1 year ago

Had a similar issue. The aws-msk-iam-auth-1.1.3-all.jar should be in the Kafka directory. In my case: ./kafka_2.12-2.8.1.

From your example, you placed it in the root:

rw-r--r-- 1 root root 669 Apr 24 08:15 aws-msk-iam-auth-1.1.3-all.jar drwxr-xr-x 6 root root 89 Apr 8 2020 kafka_2.13-2.5.0 -rw-r--r-- 1 root root 61459093 Jul 6 2020 kafka_2.13-2.5.0.tgz

In order to get the file and place it inside this folder, I simply ran the following command in kafka/libs folder: wget https://github.com/aws/aws-msk-iam-auth/releases/download/v1.1.1/aws-msk-iam-auth-1.1.1-all.jar

Make sure you're in kafka/libs when executing this command.

You should now have aws-msk-iam-auth-1.1.3-all.jar in your Kafka folder.

Find more here, step number 7: https://docs.aws.amazon.com/msk/latest/developerguide/create-topic.html

shayneoneill commented 1 year ago

Anyone work out where to put this thing on a macos homebrew install?

jeffreygolden commented 10 months ago

@shayneoneill I got this working by adding the file to this homebrew path: /opt/homebrew/Cellar/kafka/{$KAFKA_VERSION}/libexec/libs/

vrmare commented 10 months ago

@jeffreygolden I'm trying to do the same on my MAC but dint have success yet. Here's what I have:

current working dir:

/opt/homebrew/Cellar/kafka/kafka_2.13-3.6.0
❯ java -version

openjdk version "21.0.1" 2023-10-17
OpenJDK Runtime Environment Homebrew (build 21.0.1)
OpenJDK 64-Bit Server VM Homebrew (build 21.0.1, mixed mode, sharing)

I have the jar file in this dir:

/opt/homebrew/Cellar/kafka/kafka_2.13-3.6.0
❯ ls libs/ | grep aws
aws-msk-iam-auth-1.1.1-all.jar

my client.properties

security.protocol=SASL_SSL
sasl.mechanism=AWS_MSK_IAM
sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;
sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler

Trying to connect but still same issue:

./bin/kafka-topics.sh --command-config ./config/client.properties --bootstrap-server $server --list

What could I be missing here?

Devarsh23 commented 9 months ago

We are facing the same issue when we are trying to use the IAM authentication from kafka connect. We are getting Invalid value software.amazon.msk.auth.iam.IAMClientCallbackHandler for configuration sasl.client.callback.handler.class: Class software.amazon.msk.auth.iam.IAMClientCallbackHandler could not be found.

We are using the confluentinc/cp-kafka-connect-base image with version 7.5.0. So, while creating our image, which will use the IAM auth, we are using the latest jar of version 2.0.3. In this image, we are copying this jar into the following path

  1. /usr/share/java/
  2. /etc-kafka-connect/jars
  3. /usr/share/java/cp-base-new

We are running our kafka-connect in the distributed mode. We have also set the CLASSPATH in the docker file as an environment variable to this path /usr/share/java/. Also, we have set the plugin path for our kafka-connect to /usr/share/java,/usr/share/confluent-hub-components But after all this, we still get the same error mentioned above. Do you guys have any idea on how to resolve this issue?

nieldejonghe commented 3 months ago

@Devarsh23 we are facing the same issue, have you found a solution for this?