You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tinkerpop.apache.org by "Stephen Mallette (Jira)" <ji...@apache.org> on 2022/02/08 14:13:00 UTC
[jira] [Comment Edited] (TINKERPOP-2698) IAM authentication Exception Handling Improvements
[ https://issues.apache.org/jira/browse/TINKERPOP-2698?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17488869#comment-17488869 ]
Stephen Mallette edited comment on TINKERPOP-2698 at 2/8/22, 2:12 PM:
----------------------------------------------------------------------
Is this issue relevant to {{amazon-neptune-gremlin-java-sigv4}}? That library doesn't matter so much anymore given the [handshake interceptor|https://docs.aws.amazon.com/neptune/latest/userguide/iam-auth-connecting-gremlin-console.html#iam-auth-connecting-gremlin-console-current], right? Is this really more just a change to the TP driver to bubble up errors better?
was (Author: spmallette):
Is this issue relevant to {{amazon-neptune-gremlin-java-sigv4}}? That library doesn't matter so much anymore given the [https://docs.aws.amazon.com/neptune/latest/userguide/iam-auth-connecting-gremlin-console.html#iam-auth-connecting-gremlin-console-current|http://example.com], right? Is this really more just a change to the TP driver to bubble up errors better?
> IAM authentication Exception Handling Improvements
> --------------------------------------------------
>
> Key: TINKERPOP-2698
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2698
> Project: TinkerPop
> Issue Type: Improvement
> Components: driver
> Affects Versions: 3.5.2
> Reporter: Lyndon Bauto
> Priority: Minor
>
> When authenticating with IAM auth using the channelizer here, [https://github.com/aws/amazon-neptune-gremlin-java-sigv4] if the access key or secret access key are incorrect, the user gets a 'NoHostsAvailable' exception, which is not very descriptive of the issue.
> Looking deep into a very large stack trace in the log you can find:
> {code:java}
> YY/MM/DD HH:MM:SS [gremlin-driver-loop-1] ERROR driver.Handler$GremlinResponseHandler: Could not process the response
> io.netty.handler.codec.http.websocketx.WebSocketClientHandshakeException: Invalid handshake response getStatus: 403 Forbidden
> at io.netty.handler.codec.http.websocketx.WebSocketClientHandshaker13.verify(WebSocketClientHandshaker13.java:272)
> at io.netty.handler.codec.http.websocketx.WebSocketClientHandshaker.finishHandshake(WebSocketClientHandshaker.java:302)
> at io.netty.handler.codec.http.websocketx.WebSocketClientProtocolHandshakeHandler.channelRead(WebSocketClientProtocolHandshakeHandler.java:93)
> {code}
> And further you can also find:
> {code:java}
> Caused by: org.apache.tinkerpop.gremlin.driver.exception.ConnectionException: Could not complete connection setup to the server. Ensure that SSL is correctly configured at both the client and the server. Ensure that client WebSocket handshake protocol matches the server. Ensure that the server is still reachable. 2 at org.apache.tinkerpop.gremlin.driver.SigV4WebSocketChannelizer.connected(SigV4WebSocketChannelizer.java:217) 3 at org.apache.tinkerpop.gremlin.driver.Connection.<init>(Connection.java:120) 4 ... 8 more{code}
> Neither of these things are that helpful except for the 403 forbidden.
> Most end users will have a hard to getting anywhere from here, I am suggesting we improve this by adding a better description in the error message and allowing an exception that indicates that the credentials are incorrect to bubble out.
> This will require changes in TinkerPop and the IAM SigV4 channelizer.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)