Running in Docker it can't see my ~/aws/credentials #4472
Comments
paulca99
added
status/triage
|
Hello there paulca99! 👋 Thank you and congratulations 🎉 for opening your very first issue in this project! 💖 In case you want to claim this issue, please comment down below! We will try to get back to you as soon as we can. 👀 |
|
It's probably me doing something stupid, any advice gratefully received. |
|
For reference...the ~/.aws/credentials file on the host contains multiple profiles , all work fine using the aws cli. [default] [QaInfServices] |
|
I discovered the AWS_SHARED_CREDENTIALS_FILE environment variable so just mounted my credentials file.
|
Issue submitter TODO list
master-labeled docker image and the issue still persists thereDescribe the bug (actual behavior)
I'm running a compose file to hook up to an MSK cluster trying to use the ~/.aws.credentials file on the macbook,
version: '3.4'
services:
kafka-ui:
container_name: kafka-ui
image: provectuslabs/kafka-ui:latest
ports:
- 8080:8080
environment:
#AWS_ACCESS_KEY_ID: ASIblahdeblahdeblah5Q
#AWS_SECRET_ACCESS_KEY: 8jo1HtM+DuQLblahdeblahTr9Fhmxhwlr
#AWS_SESSION_TOKEN: "FwoGZXIvYXdzEB8aDD1ovRylbuOISWOjMCKUAicmp6SX83y1k7qQeGMTZruIgKhi7MUwODXy3WD8NEZ92Q/JwQkBRfQA7qgOeCDB6FzX3HKUnQ7BtwIKiwr0+rFqsvzrwQX8ry/7wzQR6KblahdeblahDOaRx4j0eKiHeNUPttKXjz3G9dSKwykT7bTZljFF7VHriQEiC3l5gk+uwSIO1uyp16JnH2+r9fWCr0mIa2+nqfMXDMEA6b9Dnj+eRJUs3voZ/Uxhr4980T/E3xA+BZeDJtz2yNduzs+ZYpw41ijB39m0BjIrVnmOmjmoOHD0erRZtumyAGRTzJF8qs5SDHNXSSJWG2ta5YfpO647IjR9Cg=="
KAFKA_CLUSTERS_0_NAME: paul-tls
KAFKA_CLUSTERS_0_PROPERTIES_SECURITY_PROTOCOL: SASL_SSL
KAFKA_CLUSTERS_0_PROPERTIES_SASL_MECHANISM: AWS_MSK_IAM
KAFKA_CLUSTERS_0_PROPERTIES_SASL_CLIENT_CALLBACK_HANDLER_CLASS: software.amazon.msk.auth.iam.IAMClientCallbackHandler
KAFKA_CLUSTERS_0_PROPERTIES_SASL_JAAS_CONFIG: software.amazon.msk.auth.iam.IAMLoginModule required awsProfileName="default";
KAFKA_CLUSTERS_0_PROPERTIES_SSL_KEYSTORE_LOCATION: /kafka.keystore.jks
KAFKA_CLUSTERS_0_PROPERTIES_SSL_KEYSTORE_PASSWORD: "secret"
KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS: b-1.paulstest.xzyfm3.c6.kafka.eu-west-1.amazonaws.com:9098,b-3.paulstest.xzyfm3.c6.kafka.eu-west-1.amazonaws.com:9098,b-2.paulstest.xzyfm3.c6.kafka.eu-west-1.amazonaws.com:9098 # SSL LISTENER!
KAFKA_CLUSTERS_0_SSL_TRUSTSTORELOCATION: /kafka.truststore.jks
KAFKA_CLUSTERS_0_SSL_TRUSTSTOREPASSWORD: "secret"
KAFKA_CLUSTERS_0_PROPERTIES_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: '' # DISABLE COMMON NAME VERIFICATION
volumes:
- /Users/carrp2/Documents/GitHub/kafka-ui/documentation/compose/ssl/truststore/kafka.truststore.jks:/kafka.truststore.jks
- /Users/carrp2/Documents/GitHub/kafka-ui/documentation/compose/ssl/keystore/kafka.keystore.jks:/kafka.keystore.jks
TLS works great , and if I hardcode the AWS_ACCESS_KEY_ID and other AWS vars (commented out above) It authenticates with IAM fine too .... but I really want it too just pick it up from my credentials file.
I thought mounting the ~/.aws folder as a volume might work ... but no idea where to mount it to ?
Expected behavior
It should pick up the ~/.aws/credentials file
Your installation details
version:latest
see above for compose yml
Steps to reproduce
docker compose up the yml above
Screenshots
No response
Logs
kafka-ui | Caused by: com.amazonaws.SdkClientException: Unable to load AWS credentials from any provider in the chain: [software.amazon.msk.auth.iam.internals.EnhancedProfileCredentialsProvider@5b3bd774: Profile file contained no credentials for profile 'default': ProfileFile(profilesAndSectionsMap=[]), com.amazonaws.auth.AWSCredentialsProviderChain@28b6bcd2: Unable to load AWS credentials from any provider in the chain: [EnvironmentVariableCredentialsProvider: Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY)), SystemPropertiesCredentialsProvider: Unable to load AWS credentials from Java system properties (aws.accessKeyId and aws.secretKey), WebIdentityTokenCredentialsProvider: You must specify a value for roleArn and roleSessionName, software.amazon.msk.auth.iam.internals.EnhancedProfileCredentialsProvider@74a50c68: Profile file contained no credentials for profile 'default': ProfileFile(profilesAndSectionsMap=[]), com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper@38f67302: Failed to connect to service endpoint: ]]
kafka-ui | at com.amazonaws.auth.AWSCredentialsProviderChain.getCredentials(AWSCredentialsProviderChain.java:136)
kafka-ui | at software.amazon.msk.auth.iam.internals.MSKCredentialProvider.loadCredentialsWithRetry(MSKCredentialProvider.java:154)
kafka-ui | at software.amazon.msk.auth.iam.internals.MSKCredentialProvider.getCredentials(MSKCredentialProvider.java:141)
kafka-ui | at software.amazon.msk.auth.iam.IAMClientCallbackHandler.handleCallback(IAMClientCallbackHandler.java:100)
kafka-ui | at software.amazon.msk.auth.iam.IAMClientCallbackHandler.handle(IAMClientCallbackHandler.java:77)
kafka-ui | at software.amazon.msk.auth.iam.internals.IAMSaslClient.generateClientMessage(IAMSaslClient.java:139)
kafka-ui | ... 15 common frames omitted
kafka-ui | 2024-07-16 14:35:34,361 DEBUG [parallel-8] c.p.k.u.s.ClustersStatisticsScheduler: Metrics updated for cluster: paul-tls
^CGracefully stopping... (press Ctrl+C again to force)
Additional context
No response
The text was updated successfully, but these errors were encountered: