Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using configProviders other than file fails validation #748

Closed
swehner opened this issue Nov 16, 2023 · 3 comments
Closed

Using configProviders other than file fails validation #748

swehner opened this issue Nov 16, 2023 · 3 comments

Comments

@swehner
Copy link
Contributor

swehner commented Nov 16, 2023

When using any configProvider with a name different from file, config validation fails because it receives the raw value and tries to validate the connection.

Example config:

connector.class=com.snowflake.kafka.connector.SnowflakeSinkConnector
config.providers=secretManager
config.providers.secretManager.class=com.github.jcustenborder.kafka.config.aws.SecretsManagerConfigProvider
snowflake.user.name=testuser
snowflake.private.key=${secretManager:data-platform-demo/msk_connect_credentials:private_key}

Error is

  | 2023-11-16T17:57:16.000+01:00 | [Worker-0a7081b95c2eab512] [2023-11-16 16:57:16,917] ERROR [SF_KAFKA_CONNECTOR] Validate: Error connecting to snowflake:[SF_KAFKA_CONNECTOR] Exception: Invalid private key
  | 2023-11-16T17:57:16.000+01:00 | [Worker-0a7081b95c2eab512] Error Code: 0002
  | 2023-11-16T17:57:16.000+01:00 | [Worker-0a7081b95c2eab512] Detail: private key should be a valid PEM RSA private key

Adding some more log statements it receives the uninterpolated string:

2023-11-16T17:57:16.000+01:00 | [Worker-0a7081b95c2eab512] [2023-11-16 16:57:16,903] ERROR [SF_KAFKA_CONNECTOR] %%%% got private key ${secretManager:data-platform-demo/msk_connect_credentials:private_key} (com.snowflake.kafka.connector.internal.InternalUtils:94)

Opened a pull request to fix this issue here: #747
@swehner swehner mentioned this issue Nov 16, 2023
Closed
@hitesh-yadav-x
Copy link

hitesh-yadav-x commented Nov 17, 2023
edited
Loading

Assuming that you are trying to pull the credentials from AWS Secrets Manager. May I suggest use the default environment provider that kafka has and inject the variables in the container/run environment.

If using DOCKER set
ENV CONNECT_CONFIG_PROVIDERS="env"
ENV CONNECT_CONFIG_PROVIDERS_ENV_CLASS="org.apache.kafka.common.config.provider.EnvVarConfigProvider"

Then in config use below:

"snowflake.role.name": "${env:SNOWFLAKE_ROLE}",

@swehner
Copy link
Contributor Author

swehner commented Nov 17, 2023

Assuming that you are trying to pull the credentials from AWS Secrets Manager. May I suggest use the default environment provider that kafka has and inject the variables in the container/run environment.

If using DOCKER set ENV CONNECT_CONFIG_PROVIDERS="env" ENV CONNECT_CONFIG_PROVIDERS_ENV_CLASS="org.apache.kafka.common.config.provider.EnvVarConfigProvider"

Then in config use below:

"snowflake.role.name": "${env:SNOWFLAKE_ROLE}",

Thanks for the suggestions - I'm trying to pull them from property store (ssm), but secrets manager would be fine.
Problem is that i'm using msk connect as of now and I don't think I can set environment vars for the workers. I will keep it in mind once we switch over to a different cluster setup.

In any case isn't it a bit strange to restrict this specific validation behavior only to a configprovider named file?

@sfc-gh-rcheng sfc-gh-rcheng mentioned this issue Nov 30, 2023
Merged
@sfc-gh-xhuang
Copy link
Collaborator

Merged in #753

This will go out in the 2.2.0 release slated for January

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@swehner @sfc-gh-xhuang @hitesh-yadav-x