-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kafka Exporter w/ AWS_MSK_IAM Mechanism Not Working #19747
Comments
Pinging code owners:
See Adding Labels via Comments if you do not have permissions to add labels yourself. |
I think we have an open PR for this. Would you like to help test it out or review it? |
Definitely I would love to help! |
I was wrong sorry, it’s for another component: #19650 (review) I bet we can reuse the logic though. |
Do you know which component has that implementation? Commit that you shared is about README.md update. |
I will look into it for you. Give me a bit. |
Well, I'll be... no this is for the Kafka exporter. Check out the latest README and see how this is now documented. It should work for your use case, or there is a bug. |
It does not work. |
AWS_MSK_ISM is not one of mechanism that sarama library supports: authentication.go line 125
sarama@v1.38.1/broker.go line 63:
|
here's the PR: #5763 @MovieStoreGuy did you ever get around to testing this? also playing with it and seeing the same error from sarama as above. |
hmmm so perhaps this comment means the implementation is known to be broken? |
Sorry, yes I had tried to run and validate this however, how the client is configured, it wasn't possible to do so. |
This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping Pinging code owners:
See Adding Labels via Comments if you do not have permissions to add labels yourself. |
@MovieStoreGuy Any updates on this? I saw the same issue. |
This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping Pinging code owners:
See Adding Labels via Comments if you do not have permissions to add labels yourself. |
This issue has been closed as inactive because it has been stale for 120 days with no activity. |
Should we leverage this? https://github.com/aws/aws-msk-iam-sasl-signer-go |
@flyerjayden did you happen to find any workaround? Otherwise I believe this is the only way to go 🤔
|
I have built and deployed this version and it is working for me using iam roles. |
…S_MSK_IAM_OAUTHBEARER" to kafkaexporter (#32500) **Description:** This PR added the SASL mechanism "AWS_MSK_IAM_OAUTHBEARER" to kafkaexporter and kafkareceiver. This mechanism use the AWS MSK IAM SASL Signer for Go https://github.com/aws/aws-msk-iam-sasl-signer-go. This mechanism is added because the "AWS_MSK_IAM" is not working in our cluster and also in this [issue](#19747). We added an new mechanism instead of replace the existing one because we want to keep the backward compatibility just in case someone is using "AWS_MSK_IAM". <!--Ex. Fixing a bug - Describe the bug and how this fixes the issue. Ex. Adding a feature - Explain what this achieves.--> **Link to tracking Issue:** [19747](#19747) **Testing:** We built the images and tested the SASL mechanism in our team. We added related unit tests. **Documentation:** We updated the kafkaexporter and kafakreciever README on the SASL mechanism. --------- Co-authored-by: Sean Marciniak <30928402+MovieStoreGuy@users.noreply.github.com>
…S_MSK_IAM_OAUTHBEARER" to kafkaexporter (open-telemetry#32500) **Description:** This PR added the SASL mechanism "AWS_MSK_IAM_OAUTHBEARER" to kafkaexporter and kafkareceiver. This mechanism use the AWS MSK IAM SASL Signer for Go https://github.com/aws/aws-msk-iam-sasl-signer-go. This mechanism is added because the "AWS_MSK_IAM" is not working in our cluster and also in this [issue](open-telemetry#19747). We added an new mechanism instead of replace the existing one because we want to keep the backward compatibility just in case someone is using "AWS_MSK_IAM". <!--Ex. Fixing a bug - Describe the bug and how this fixes the issue. Ex. Adding a feature - Explain what this achieves.--> **Link to tracking Issue:** [19747](open-telemetry#19747) **Testing:** We built the images and tested the SASL mechanism in our team. We added related unit tests. **Documentation:** We updated the kafkaexporter and kafakreciever README on the SASL mechanism. --------- Co-authored-by: Sean Marciniak <30928402+MovieStoreGuy@users.noreply.github.com>
…S_MSK_IAM_OAUTHBEARER" to kafkaexporter (open-telemetry#32500) **Description:** This PR added the SASL mechanism "AWS_MSK_IAM_OAUTHBEARER" to kafkaexporter and kafkareceiver. This mechanism use the AWS MSK IAM SASL Signer for Go https://github.com/aws/aws-msk-iam-sasl-signer-go. This mechanism is added because the "AWS_MSK_IAM" is not working in our cluster and also in this [issue](open-telemetry#19747). We added an new mechanism instead of replace the existing one because we want to keep the backward compatibility just in case someone is using "AWS_MSK_IAM". <!--Ex. Fixing a bug - Describe the bug and how this fixes the issue. Ex. Adding a feature - Explain what this achieves.--> **Link to tracking Issue:** [19747](open-telemetry#19747) **Testing:** We built the images and tested the SASL mechanism in our team. We added related unit tests. **Documentation:** We updated the kafkaexporter and kafakreciever README on the SASL mechanism. --------- Co-authored-by: Sean Marciniak <30928402+MovieStoreGuy@users.noreply.github.com>
…S_MSK_IAM_OAUTHBEARER" to kafkaexporter (open-telemetry#32500) **Description:** This PR added the SASL mechanism "AWS_MSK_IAM_OAUTHBEARER" to kafkaexporter and kafkareceiver. This mechanism use the AWS MSK IAM SASL Signer for Go https://github.com/aws/aws-msk-iam-sasl-signer-go. This mechanism is added because the "AWS_MSK_IAM" is not working in our cluster and also in this [issue](open-telemetry#19747). We added an new mechanism instead of replace the existing one because we want to keep the backward compatibility just in case someone is using "AWS_MSK_IAM". <!--Ex. Fixing a bug - Describe the bug and how this fixes the issue. Ex. Adding a feature - Explain what this achieves.--> **Link to tracking Issue:** [19747](open-telemetry#19747) **Testing:** We built the images and tested the SASL mechanism in our team. We added related unit tests. **Documentation:** We updated the kafkaexporter and kafakreciever README on the SASL mechanism. --------- Co-authored-by: Sean Marciniak <30928402+MovieStoreGuy@users.noreply.github.com>
Component(s)
exporter/kafka
What happened?
Description
I am getting following error message when authentication mechanism is set to AWS_MSK_IAM:
Steps to Reproduce
Deploy OpenTelemetry collector using following config:
Expected Result
OpenTelemetry collector sends traces to MSK topic
Actual Result
Error message:
Collector version
0.73
Environment information
Environment
OS: EKS 1.24 / Amazon Linux 2
Compiler(if manually compiled): Used Docker image from Docker hub
OpenTelemetry Collector configuration
Log output
Additional context
It seems Sarama (https://github.com/Shopify/sarama/blob/7dbf0b5d85538641227a30a281f1a54e18a94cb7/broker.go#L64) does not support (and they are not planning to support) AWS_MSK_IAM mechanism.
If anyone was able to configure Kafka exporter with IAM, your advices would be very appreciated.
The text was updated successfully, but these errors were encountered: