You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/11/30 13:50:00 UTC
[jira] [Commented] (NIFI-5456) PutKinesisStream - Fails to work
with AWS Private Link endpoint
[ https://issues.apache.org/jira/browse/NIFI-5456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16704754#comment-16704754 ]
ASF GitHub Bot commented on NIFI-5456:
--------------------------------------
Github user amcdonaldccri commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2968#discussion_r237865566
--- Diff: nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSProcessor.java ---
@@ -286,7 +286,7 @@ protected void initializeRegionAndEndpoint(ProcessContext context) {
final String urlstr = StringUtils.trimToEmpty(context.getProperty(ENDPOINT_OVERRIDE).evaluateAttributeExpressions().getValue());
if (!urlstr.isEmpty()) {
getLogger().info("Overriding endpoint with {}", new Object[]{urlstr});
- this.client.setEndpoint(urlstr);
+ this.client.setEndpoint(urlstr, this.client.getServiceName(), this.region.getName());
--- End diff --
Using this.region.getName() doesn't make sense to me because the aws docs for
public void setEndpoint(String endpoint, String serviceName, String regionId)
say
* @param regionId
* The ID of the region in which this service resides AND the
* overriding region for signing purposes.
so the regionId is the same as the overriding region but using this.region is using the enum.
> PutKinesisStream - Fails to work with AWS Private Link endpoint
> ---------------------------------------------------------------
>
> Key: NIFI-5456
> URL: https://issues.apache.org/jira/browse/NIFI-5456
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
> Affects Versions: 1.6.0, 1.7.1
> Environment: RedHat 6
> Reporter: Ariel Godinez
> Assignee: Sivaprasanna Sethuraman
> Priority: Major
> Labels: easyfix
> Fix For: 1.8.0
>
> Attachments: 0001-NIFI-5456-AWS-clients-now-work-with-private-link-end.patch
>
>
> NiFi version: 1.6.0
> PutKinesisStream fails to put due to invalid signing information when using an AWS Private Link as the endpoint override URL. The endpoint override URL pattern for private links is like below along with the error that NiFi outputs when we attempt to use this type of URL as the 'Endpoint Override URL' property value.
> Endpoint Override URL: [https://vpce-|https://vpce-/]<AWS_GENERATED_ALPHA_NUMERIC>.kinesis.us-east-2.vpce.amazonaws.com
> ERROR [Timer-Driven Process Thread-11] "o.a.n.p.a.k.stream.PutKinesisStream" PutKinesisStream[id=4c314e25-0164-1000-ffff-ffff9bd79c77] Failed to publish due to exception com.amazonaws.services.kinesis.model.AmazonKinesisException: Credential should be scoped to a valid region, not 'vpce'. (Service: AmazonKinesis; Status Code: 400; Error Code: InvalidSignatureException; Request ID: 6330b83c-a64e-4acf-b892-a505621cf78e) flowfiles [StandardFlowFileRecord[uuid=ba299cec-7cbf-4750-a766-c348b5cd9c73,claim=StandardContentClaim [resourceClaim=StandardResourceClaim[id=1532469012962-1, container=content002, section=1], offset=2159750, length=534625],offset=0,name=900966573101260,size=534625]]
>
> It looks like 'vpce' is being extracted from the url as the region name when it should be getting 'us-east-2'. We were able to get this processor to work correctly by explicitly passing in the region and service using 'setEndpoint(String endpoint, String serviceName, String regionId)' instead of 'setEndpoint(String endpoint)' in 'nifi/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSProcessor.java' line 289
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)