[jira] [Updated] (FLINK-34490) flink-connector-kinesis not correctly supporting credential chaining
[ https://issues.apache.org/jira/browse/FLINK-34490?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eddie Ramirez updated FLINK-34490: -- Description: When using AWS credential chaining, `{{{}flink-connector-kinesis{}}}` does not correctly follow the chain of credentials. *Expected Result* `{{{}flink-connector-kinesis{}}}` should follow the `{{{}source_profile{}}}` for each respective profile in `{{{}~/.aws/config{}}}` to ultimately determine credentials. *Observed Result* `{{{}flink-connector-kinesis{}}}` only follows the first matching `{{{}source_profile{}}}` specified in `{{{}~/.aws/config{}}}` and then errors out because there is no credentials for that profile. {code:java} org.apache.flink.kinesis.shaded.com.amazonaws.SdkClientException: Unable to load credentials into profile [profile intermediate-role]: AWS Access Key ID is not specified {code} *Configuration* connector config {code:java} aws.credentials.provider: PROFILE aws.credentials.profile.name: flink-access-role{code} aws `{{{}~/.aws/config{}}}` file {code:java} [profile flink-access-role] role_arn = arn:aws:iam::x:role/flink-access-role source_profile = intermediate-role [profile intermediate-role] role_arn = arn:aws:iam::x:role/intermediate-role source_profile = aws-sso-role [profile aws-sso-role] sso_session = idc sso_role_name = x sso_account_id = x credential_process = aws configure export-credentials --profile=aws-sso-role [sso-session idc] sso_start_url = x sso_region = x sso_registration_scopes = sso:account:access {code} was: When using AWS credential chaining, `{{{}flink-connector-kinesis{}}}` does not correctly follow the chain of credentials. *Expected Result* `{{{}flink-connector-kinesis{}}}` should follow the `{{{}source_profile{}}}` for each respective profile in `{{{}~/.aws/config{}}}` to ultimately determine credentials. *Observed Result* `{{{}flink-connector-kinesis{}}}` only follows the first matching `{{{}source_profile{}}}` specified in `{{{}~/.aws/config{}}}` and then errors out because there is no credentials for that profile. {code:java} org.apache.flink.kinesis.shaded.com.amazonaws.SdkClientException: Unable to load credentials into profile [profile intermediate-role]: AWS Access Key ID is not specified {code} *Configuration* connector config {code:java} aws.credentials.provider: PROFILE aws.credentials.profile.name: flink-access-role{code} aws `{{{}~/.aws/config{}}}` file {code:java} [profile flink-access-role] role_arn = arn:aws:iam::x:role/flink-access-role source_profile = intermediate-role [profile intermediate-role] role_arn = arn:aws:iam::x:role/intermediate-role source_profile = aws-sso-role [profile aws-sso-role] sso_session = idc sso_role_name = x sso_account_id = x credential_process = aws configure export-credentials --profile=aws-sso-role [sso-session idc] sso_start_url = x sso_region = x sso_registration_scopes = sso:account:access {code} > flink-connector-kinesis not correctly supporting credential chaining > > > Key: FLINK-34490 > URL: https://issues.apache.org/jira/browse/FLINK-34490 > Project: Flink > Issue Type: Bug > Components: Connectors / Kinesis >Affects Versions: aws-connector-4.2.0, 1.17.2 >Reporter: Eddie Ramirez >Priority: Major > Attachments: Flink Credential Chaining.png > > > When using AWS credential chaining, `{{{}flink-connector-kinesis{}}}` does > not correctly follow the chain of credentials. > > *Expected Result* > `{{{}flink-connector-kinesis{}}}` should follow the > `{{{}source_profile{}}}` for each respective profile in > `{{{}~/.aws/config{}}}` to ultimately determine credentials. > > *Observed Result* > `{{{}flink-connector-kinesis{}}}` only follows the first matching > `{{{}source_profile{}}}` specified in `{{{}~/.aws/config{}}}` and then errors > out because there is no credentials for that profile. > {code:java} > org.apache.flink.kinesis.shaded.com.amazonaws.SdkClientException: Unable to > load credentials into profile [profile intermediate-role]: AWS Access Key ID > is not specified > {code} > > *Configuration* > connector config > {code:java} > aws.credentials.provider: PROFILE > aws.credentials.profile.name: flink-access-role{code} > > aws `{{{}~/.aws/config{}}}` file > {code:java} > [profile flink-access-role] > role_arn = arn:aws:iam::x:role/flink-access-role > source_profile = intermediate-role > [profile intermediate-role] > role_arn = arn:aws:iam::x:role/intermediate-role > source_profile = aws-sso-role > [profile aws-sso-role] > sso_session = idc > sso_role_name = x > sso_account_id = x > credential_process = aws configure export-credentials --profile=aws-sso-role
[jira] [Updated] (FLINK-34490) flink-connector-kinesis not correctly supporting credential chaining
[ https://issues.apache.org/jira/browse/FLINK-34490?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eddie Ramirez updated FLINK-34490: -- Description: When using AWS credential chaining, `{{{}flink-connector-kinesis{}}}` does not correctly follow the chain of credentials. *Expected Result* `{{{}flink-connector-kinesis{}}}` should follow the `{{{}source_profile{}}}` for each respective profile in `{{{}~/.aws/config{}}}` to ultimately determine credentials. *Observed Result* `{{{}flink-connector-kinesis{}}}` only follows the first matching `{{{}source_profile{}}}` specified in `{{{}~/.aws/config{}}}` and then errors out because there is no credentials for that profile. {code:java} org.apache.flink.kinesis.shaded.com.amazonaws.SdkClientException: Unable to load credentials into profile [profile intermediate-role]: AWS Access Key ID is not specified {code} *Configuration* connector config {code:java} aws.credentials.provider: PROFILE aws.credentials.profile.name: flink-access-role{code} aws `{{{}~/.aws/config{}}}` file {code:java} [profile flink-access-role] role_arn = arn:aws:iam::x:role/flink-access-role source_profile = intermediate-role [profile intermediate-role] role_arn = arn:aws:iam::x:role/intermediate-role source_profile = aws-sso-role [profile aws-sso-role] sso_session = idc sso_role_name = x sso_account_id = x credential_process = aws configure export-credentials --profile=aws-sso-role [sso-session idc] sso_start_url = x sso_region = x sso_registration_scopes = sso:account:access {code} was: When using AWS credential chaining, `{{{}flink-connector-kinesis{}}}` does not correctly follow the chain of credentials. *Expected Result* `{{{}flink-connector-kinesis{}}}` should follow the `{{{}source_profile{}}}` for each respective profile in `{{{}~/.aws/config{}}}` to ultimately determine credentials. *Observed Result* `{{{}flink-connector-kinesis{}}}` only follows the first matching `{{{}source_profile{}}}` specified in `{{{}~/.aws/config{}}}` and then errors out because there is no credentials for that profile. {code:java} org.apache.flink.kinesis.shaded.com.amazonaws.SdkClientException: Unable to load credentials into profile [profile intermediate-role]: AWS Access Key ID is not specified {code} *Configuration* connector config {code:java} aws.credentials.provider: PROFILE aws.credentials.profile.name: flink-access-role{code} aws `{{{}~/.aws/config{}}}` file {code:java} [profile flink-access-role] role_arn = arn:aws:iam::x:role/flink-access-role source_profile = intermediate-role [profile intermediate-role] role_arn = arn:aws:iam::x:role/intermediate-role source_profile = aws-sso-role [profile aws-sso-role] sso_session = idc sso_role_name = x sso_account_id = x credential_process = aws configure export-credentials --profile=aws-sso-role [sso-session idc] sso_start_url = x sso_region = x sso_registration_scopes = sso:account:access {code} ``` > flink-connector-kinesis not correctly supporting credential chaining > > > Key: FLINK-34490 > URL: https://issues.apache.org/jira/browse/FLINK-34490 > Project: Flink > Issue Type: Bug > Components: Connectors / Kinesis >Affects Versions: aws-connector-4.2.0, 1.17.2 >Reporter: Eddie Ramirez >Priority: Major > Attachments: Flink Credential Chaining.png > > > When using AWS credential chaining, `{{{}flink-connector-kinesis{}}}` does > not correctly follow the chain of credentials. > > *Expected Result* > `{{{}flink-connector-kinesis{}}}` should follow the > `{{{}source_profile{}}}` for each respective profile in > `{{{}~/.aws/config{}}}` to ultimately determine credentials. > > *Observed Result* > `{{{}flink-connector-kinesis{}}}` only follows the first matching > `{{{}source_profile{}}}` specified in `{{{}~/.aws/config{}}}` and then errors > out because there is no credentials for that profile. > {code:java} > org.apache.flink.kinesis.shaded.com.amazonaws.SdkClientException: Unable to > load credentials into profile [profile intermediate-role]: AWS Access Key ID > is not specified > {code} > > *Configuration* > connector config > {code:java} > aws.credentials.provider: PROFILE > aws.credentials.profile.name: flink-access-role{code} > > aws `{{{}~/.aws/config{}}}` file > {code:java} > [profile flink-access-role] > role_arn = arn:aws:iam::x:role/flink-access-role > source_profile = intermediate-role > [profile intermediate-role] > role_arn = arn:aws:iam::x:role/intermediate-role > source_profile = aws-sso-role > [profile aws-sso-role] > sso_session = idc > sso_role_name = x > sso_account_id = x > credential_process = aws configure export-credentials