[
https://issues.apache.org/jira/browse/NIFI-5456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16597052#comment-16597052
]
ASF GitHub Bot commented on NIFI-5456:
--------------------------------------
Github user zenfenan commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2968#discussion_r213901647
--- Diff:
nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSProcessor.java
---
@@ -286,7 +286,7 @@ protected void
initializeRegionAndEndpoint(ProcessContext context) {
final String urlstr =
StringUtils.trimToEmpty(context.getProperty(ENDPOINT_OVERRIDE).evaluateAttributeExpressions().getValue());
if (!urlstr.isEmpty()) {
getLogger().info("Overriding endpoint with {}", new
Object[]{urlstr});
- this.client.setEndpoint(urlstr);
+ this.client.setEndpoint(urlstr,
this.client.getServiceName(), this.region.getName());
--- End diff --
Yep. They will be present always. We have made `Region` a `required`
parameter so it will be there. The service name is provided by the AWSClient
implementation in the AWS SDK. Gone through their implementation and verified
that, it takes care of undefined and null service names i.e, it computes the
service name again and returns, if it turns out to be null.
> PutKinesisStream - Fails to work with AWS Private Link endpoint
> ---------------------------------------------------------------
>
> Key: NIFI-5456
> URL: https://issues.apache.org/jira/browse/NIFI-5456
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.6.0, 1.7.1
> Environment: RedHat 6
> Reporter: Ariel Godinez
> Assignee: Sivaprasanna Sethuraman
> Priority: Major
> Labels: easyfix
> Attachments:
> 0001-NIFI-5456-AWS-clients-now-work-with-private-link-end.patch
>
>
> NiFi version: 1.6.0
> PutKinesisStream fails to put due to invalid signing information when using
> an AWS Private Link as the endpoint override URL. The endpoint override URL
> pattern for private links is like below along with the error that NiFi
> outputs when we attempt to use this type of URL as the 'Endpoint Override
> URL' property value.
> Endpoint Override URL:
> [https://vpce-|https://vpce-/]<AWS_GENERATED_ALPHA_NUMERIC>.kinesis.us-east-2.vpce.amazonaws.com
> ERROR [Timer-Driven Process Thread-11] "o.a.n.p.a.k.stream.PutKinesisStream"
> PutKinesisStream[id=4c314e25-0164-1000-ffff-ffff9bd79c77] Failed to publish
> due to exception com.amazonaws.services.kinesis.model.AmazonKinesisException:
> Credential should be scoped to a valid region, not 'vpce'. (Service:
> AmazonKinesis; Status Code: 400; Error Code: InvalidSignatureException;
> Request ID: 6330b83c-a64e-4acf-b892-a505621cf78e) flowfiles
> [StandardFlowFileRecord[uuid=ba299cec-7cbf-4750-a766-c348b5cd9c73,claim=StandardContentClaim
> [resourceClaim=StandardResourceClaim[id=1532469012962-1,
> container=content002, section=1], offset=2159750,
> length=534625],offset=0,name=900966573101260,size=534625]]
>
> It looks like 'vpce' is being extracted from the url as the region name when
> it should be getting 'us-east-2'. We were able to get this processor to work
> correctly by explicitly passing in the region and service using
> 'setEndpoint(String endpoint, String serviceName, String regionId)' instead
> of 'setEndpoint(String endpoint)' in
> 'nifi/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSProcessor.java'
> line 289
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
