awsDebugCreds true with IAM authentication breaking lambda

[ganvamsi]

Take a sample lambda producer code and add awsDebugCreds=true after required, with IAMLoginModule authentication enabled. The code stops at "Selecting provider software.amazon.msk.auth.iam.internals.MSKCredentialProvider to load credentials"

Logs:```

Disabling exponential reconnect backoff because reconnect.backoff.ms is set, but reconnect.backoff.max.ms is not.

ProducerConfig values:
acks = -1
batch.size = 16384
bootstrap.servers = [<hostname>:9098, <hostname>:9098, <hostname>:9098]
buffer.memory = 33554432
client.dns.lookup = use_all_dns_ips
client.id = <name>
compression.type = none
connections.max.idle.ms = 60
delivery.timeout.ms = 120000
enable.idempotence = false
interceptor.classes = []
internal.auto.downgrade.txn.commit = false
key.serializer = class org.apache.kafka.common.serialization.StringSerializer
linger.ms = 0
max.block.ms = 20000
max.in.flight.requests.per.connection = 5
max.request.size = 1048576
metadata.max.age.ms = 300000
metadata.max.idle.ms = 300000
metric.reporters = []
metrics.num.samples = 2
metrics.recording.level = INFO
metrics.sample.window.ms = 30000
partitioner.class = class org.apache.kafka.clients.producer.internals.DefaultPartitioner
receive.buffer.bytes = 32768
reconnect.backoff.max.ms = 1000
reconnect.backoff.ms = 1000
request.timeout.ms = 30000
retries = 2147483647
retry.backoff.ms = 100
sasl.client.callback.handler.class = class software.amazon.msk.auth.iam.IAMClientCallbackHandler
sasl.jaas.config = [hidden]
sasl.kerberos.kinit.cmd = /usr/bin/kinit
sasl.kerberos.min.time.before.relogin = 60000
sasl.kerberos.service.name = null
sasl.kerberos.ticket.renew.jitter = 0.05
sasl.kerberos.ticket.renew.window.factor = 0.8
sasl.login.callback.handler.class = null
sasl.login.class = null
sasl.login.refresh.buffer.seconds = 300
sasl.login.refresh.min.period.seconds = 60
sasl.login.refresh.window.factor = 0.8
sasl.login.refresh.window.jitter = 0.05
sasl.mechanism = AWS_MSK_IAM
security.protocol = SASL_SSL
security.providers = null
send.buffer.bytes = 131072
ssl.cipher.suites = null
ssl.enabled.protocols = [TLSv1.2, TLSv1.3]
ssl.endpoint.identification.algorithm = https
ssl.engine.factory.class = null
ssl.key.password = null
ssl.keymanager.algorithm = SunX509
ssl.keystore.location = null
ssl.keystore.password = null
ssl.keystore.type = JKS
ssl.protocol = TLSv1.3
ssl.provider = null
ssl.secure.random.implementation = null
ssl.trustmanager.algorithm = PKIX
ssl.truststore.location = null
ssl.truststore.password = null
ssl.truststore.type = JKS
transaction.timeout.ms = 60000
transactional.id = null
value.serializer = class org.apache.kafka.common.serialization.StringSerializer

Disabling exponential reconnect backoff because reconnect.backoff.ms is set, but reconnect.backoff.max.ms is not.
Number of options to configure credential provider 1
IAMLoginModule initialized
Successfully logged in.
Created SSL context with keystore null, truststore null, provider SunJSSE.
[Producer clientId=<name>] Starting Kafka producer I/O thread.
[Producer clientId=<name>] Initialize connection to node <hostname>:9098 (id: -2 rack: null) for sending metadata request

[Producer clientId=<name>] Initiating connection to node <hostname>:9098 (id: -2 rack: null) using address 
   <hostname>/<1.1.1.1>
Kafka version: 2.6.2
Kafka commitId: da65af02e5856e34 
    Kafka startTimeMs: 1664785039524
[Producer clientId=<name>] Kafka producer started
[Producer clientId=<name>] Set SASL client state to SEND_APIVERSIONS_REQUEST
[Producer clientId=<name>] Creating SaslClient: client=null;service=kafka;serviceHostname=<hostname>;mechs=.[AWS_MSK_IAM]
Setting SASL/AWS_MSK_IAM client state to SEND_CLIENT_FIRST_MESSAGE
[Producer clientId=<name>] Created socket with SO_RCVBUF = 32768, SO_SNDBUF = 131072, SO_TIMEOUT = 0 t node -2
[Producer clientId=<name>] Completed connection to node -2. Fetching API versions.
    [SslTransportLayer channelId=-2 key=channel=java.nio.channels.SocketChannel[connection-pending 
    remote=***.c25.kafka.us-east-1.amazonaws.com/<1.1.1.1>:9098], selector=sun.nio.ch.EPollSelectorImpl@3302f5ac, i 
    nterestOps=8, readyOps=0] SSL handshake completed successfully with peerHost '<hostname>' peerPort 9098 
    peerPrincipal 'CN=*.democluster1.2nspjx.c25.kafka.us-east-1.amazonaws.com' cipherSuite 
   'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'
[Producer clientId=<name>] Set SASL client state to RECEIVE_APIVERSIONS_RESPONSE
[Producer clientId=<name>] Set SASL client state to SEND_HANDSHAKE_REQUEST
[Producer clientId=<name>] Set SASL client state to RECEIVE_HANDSHAKE_RESPONSE
[Producer clientId=<name>] Set SASL client state to INITIAL
     State SEND_CLIENT_FIRST_MESSAGE at start of evaluating challenge
Type information for callback: class: software.amazon.msk.auth.iam.internals.AWSCredentialsCallback classloader: jdk.internal.loader.ClassLoaders$AppClassLoader@483bf400 from class: software.amazon.msk.auth.iam.IAMClientCallbackHandler classloader: jdk.internal.loader.ClassLoaders$AppClassLoader@483bf400
      Selecting provider software.amazon.msk.auth.iam.internals.MSKCredentialProvider to load credentials
[Producer clientId=<name>] Exception occurred during message send:
org.apache.kafka.common.errors.TimeoutException: Topic my-topic not present in metadata after 20000 ms.

java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.TimeoutException: Topic my-topic not present in metadata after 20000 ms. java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.TimeoutException: Topic my-topic not present in metadata after 20000 ms.

[github-actions[bot]]

We have noticed this issue has not received attention in 1 year. We will close this issue for now. If you think this is in error, please feel free to comment and reopen the issue.