franz-go: Getting "invalid short sasl lifetime millis" periodically with AWS MSK using SASL authentication
I’m getting “invalid short sasl lifetime millis” periodically (after a few hours) with AWS MSK using SASL authentication.
Looking at the code, it errors out when the lifetimeMillis is less than 5 sec but would re-authenticate if the time is greater than 5 sec.
The periodical re-authentication works most of the time because AWS auth token expires every 15min and I only see this issue after a few hours. When it happens, lifetimeMillis become less than 5s. Could this be a clock sync issue? Any idea how I can prevent this error from happening?
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 21 (12 by maintainers)
Cool, I’ll push a commit to v1.4 in 40 minutes to an hour, this will be promoted to stable shortly.
(also v1.4.0 is tagged now)
I’m currently testing whether it makes sense to serialize calling all promises, as well as touching up a few things in how promises are currently called. I expect 1.4 to be tagged sometime next week (preferably the earlier half of the week).
Per KIP-368, AWS should be killing the connection, not accepting requests and rejecting them as invalid auth.
I’ll take a look at another form of patching this and squash into place again (one benefit of an unmerged branch, cleaner commits…). Ideally, <1hr eta. I’m also working on a new feature or two that I want to squeeze into v1.4, so an official tag may not come until next week. I’ll post here when I squash into place.
@sharonx actually I just realized a small mistake with that commit and have squashed into it. The commit as linked previously used the lifetime as given from the broker directly, rather than subtracting anything off of it (bad variable reuse, and the new linters I use mostly would have noticed this), if you can use 6e4c5b50d3d35c5e8d14b21c5d2a090b1b9e46b5, that now uses the new
expiryvariable properly.