You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When generating a RDS database token to connect to the database over IAM, e.g on the CLI: aws rds generate-db-auth-token --hostname <host> -user <user> --port 3306 --region <region>,
the port is required.
When leaving it out, there is an error: aws: error: the following arguments are required: --port.
However, the Go sdk v2 does not perform such validation. Since the host and the port are passed in one string (the endpoint argument) in the function BuildAuthToken, e.g. foo.cluster-bar.eu-central-1.rds.amazonaws.com:3306, it is easy to forget to pass the port at the end of this string.
This leads to this function generating an invalid token, which will in turn lead to an error from mysql: Error 1045: Access denied for user '<user>'@'<ip>' (using password: YES)
The docs in the Go sdk v2 do state that the port is required but it's an easy mistake to make which will lead to hours of troubleshooting. Especially when the endpoint is not defined in code but in a per-environment configuration.
Expected Behavior
Suggestion: validate that the endpoint parameter contains the port at the end and return an error otherwise.
Current Behavior
No validation occurs and a wrong token is generated (without an error being returned). This token will be rejected by mysql when trying to connect with it.
Thanks for opening this issue. I can recognize that this is not an optimal user experience, however since the behavior is documented, I would not consider it a bug.
I have converted this into a feature-request and will discuss with the team to see if we can fit it in our backlog.
Many thanks,
Ran~
RanVaknin
added
pending-release
This issue will be fixed by an approved PR that hasn't been released yet.
and removed
investigating
This issue is being investigated and/or work is in progress to resolve the issue.
labels
Sep 9, 2022
I have added port validation so you'll get an error if a port is missing or isn't a valid number.
Feature should be available in our next release, hopefully in the coming week.
Thanks again for engaging in the community and helping us make the SDK better!
Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.
Describe the bug
When generating a RDS database token to connect to the database over IAM, e.g on the CLI:
aws rds generate-db-auth-token --hostname <host> -user <user> --port 3306 --region <region>
,the port is required.
When leaving it out, there is an error:
aws: error: the following arguments are required: --port
.However, the Go sdk v2 does not perform such validation. Since the host and the port are passed in one string (the
endpoint
argument) in the functionBuildAuthToken
, e.g.foo.cluster-bar.eu-central-1.rds.amazonaws.com:3306
, it is easy to forget to pass the port at the end of this string.This leads to this function generating an invalid token, which will in turn lead to an error from mysql:
Error 1045: Access denied for user '<user>'@'<ip>' (using password: YES)
The docs in the Go sdk v2 do state that the port is required but it's an easy mistake to make which will lead to hours of troubleshooting. Especially when the
endpoint
is not defined in code but in a per-environment configuration.Expected Behavior
Suggestion: validate that the
endpoint
parameter contains the port at the end and return an error otherwise.Current Behavior
No validation occurs and a wrong token is generated (without an error being returned). This token will be rejected by mysql when trying to connect with it.
Reproduction Steps
Run:
And see that a token (which is silently invalid) and no error is returned.
Possible Solution
Suggestion: validate that the
endpoint
parameter is contains the port at the end and return an error otherwise, like the CLI does.Additional Information/Context
No response
AWS Go SDK V2 Module Versions Used
Compiler and Version used
go1.18.4 darwin/amd64
Operating System and version
Darwin Kernel Version 21.5.0 x86_64
The text was updated successfully, but these errors were encountered: