-
Notifications
You must be signed in to change notification settings - Fork 9.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: Unable to pass kerberos keytab and config as Base64 string in aws_datasync_location_hdfs resource #33672
Comments
Community NoteVoting for Prioritization
Volunteering to Work on This Issue
|
AWS SDK for Go v1 // The Kerberos key table (keytab) that contains mappings between the defined
// Kerberos principal and the encrypted keys. You can load the keytab from a
// file by providing the file's address. If you're using the CLI, it performs
// base64 encoding for you. Otherwise, provide the base64-encoded text.
//
// If KERBEROS is specified for AuthenticationType, this parameter is required.
// KerberosKeytab is automatically base64 encoded/decoded by the SDK.
KerberosKeytab []byte `type:"blob"` The case []byte:
if !value.IsNil() {
buf.WriteByte('"')
if len(converted) < 1024 {
// for small buffers, using Encode directly is much faster.
dst := make([]byte, base64.StdEncoding.EncodedLen(len(converted)))
base64.StdEncoding.Encode(dst, converted)
buf.Write(dst)
} else {
// for large buffers, avoid unnecessary extra temporary
// buffer space.
enc := base64.NewEncoder(base64.StdEncoding, buf)
enc.Write(converted)
enc.Close()
}
buf.WriteByte('"')
} AWS SDK for Go v2 // The Kerberos key table (keytab) that contains mappings between the defined
// Kerberos principal and the encrypted keys. You can load the keytab from a file
// by providing the file's address. If you're using the CLI, it performs base64
// encoding for you. Otherwise, provide the base64-encoded text. If KERBEROS is
// specified for AuthenticationType , this parameter is required.
KerberosKeytab []byte We are currently using AWS SDK for Go v1 for the Maybe add a |
This functionality has been released in v5.42.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Terraform Core Version
1.5.5
AWS Provider Version
5.13.1
Affected Resource(s)
aws_datasync_location_hdfs
Expected Behavior
As described in AWS CLI documentation, create-location-hdfs api call parameters:
can be provided either as a file or a base64-encoded text.
Actual Behavior
This feature works when calling AWS API directly, but fails when parameters are passed with aws_datasync_location_hdfs resource:
Values for "keytab"and "config" stored in secret are base64 encoded text.
After Terraform apply, resource is created without any errors, but datasync task fails to authenticate with Kerberos.
When I update the created location with AWC CLI update-location-hdfs api call providing exactly the same values from secret it is able to authenticate on process data synchronization task.
Relevant Error/Panic Output Snippet
No response
Terraform Configuration Files
Steps to Reproduce
Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
https://discuss.hashicorp.com/t/how-to-load-kerberos-keytab-in-terraform-script/47394
Would you like to implement a fix?
None
The text was updated successfully, but these errors were encountered: