pvillard31 commented on PR #10294: URL: https://github.com/apache/nifi/pull/10294#issuecomment-4034446792
Thanks for reporting this @dbuijs. This particular PR should not be the cause - the WebIdentity credentials strategy only activates when the OAuth2 Access Token Provider property is explicitly configured, which doesn't apply to your default credentials / IRSA setup. The more likely cause is NIFI-13192 (#10460), which migrated S3 processors from AWS SDK v1 to v2 in the same release (NiFi 2.7.0). In SDK v1, the default credential chain handled IRSA via a different internal implementation. In SDK v2, the DefaultCredentialsProvider uses WebIdentityTokenFileCredentialsProvider which creates its own internal STS client with an HTTP connection pool - and that pool appears to get shut down during the processor lifecycle. I believe this is the same problem as in https://issues.apache.org/jira/browse/NIFI-15535. I discussed with the reported of this JIRA and the problem was solved by moving to using the EKS pod roles instead. If we want to solve the problem for IRSA, my investigation at the time made me think that we would need a custom implementation to by-pass the issue in the AWS SDK and not have this pool shut down issue. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
