Localstack throws 请求中包含的安全令牌无效 [英] Localstack throws The security token included in the request is invalid

问题描述

我使用 Localstack 和 Testcontainers((testcontainers:localstack:1.15.2 )) 进行集成测试，并在测试设置中设置秘密，如下所示:代码示例

I use Localstack with Testcontainers((testcontainers:localstack:1.15.2 )) for integration tests and set up the secret in the test setup like this: Code sample

 import com.amazonaws.services.secretsmanager.AWSSecretsManager;
import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
import com.amazonaws.services.secretsmanager.model.CreateSecretRequest; 
import org.junit.Rule;
import org.junit.Test;
import org.testcontainers.containers.localstack.LocalStackContainer;
import org.testcontainers.utility.DockerImageName; 
import static org.testcontainers.containers.localstack.LocalStackContainer.Service.SECRETSMANAGER;

public class QueueServiceTest {

    DockerImageName localstackImage = DockerImageName.parse("localstack/localstack:0.11.3");
    @Rule
    public LocalStackContainer localstack = new LocalStackContainer(localstackImage)
            .withServices(SECRETSMANAGER).withEnv("LOCALSTACK_HOSTNAME", "localhost").withEnv("HOSTNAME", "localhost");
    @Test
    public void someTestMethod() {
        AWSSecretsManager secretsManager = AWSSecretsManagerClientBuilder.standard()
                .withCredentials(localstack.getDefaultCredentialsProvider()).withRegion(localstack.getRegion())
                .build();

        String secretString = "usrnme";
        CreateSecretRequest request = new CreateSecretRequest().withName("test")
                .withSecretString(secretString)
     .withRequestCredentialsProvider(localstack.getDefaultCredentialsProvider());
        secretsManager.createSecret(request);
    }

}

现在测试因错误而崩溃:

Now the test crashes with an error:

com.amazonaws.services.secretsmanager.model.AWSSecretsManagerException:请求中包含的安全令牌无效.(服务:AWSSecretsManager;状态码:400；错误代码:无法识别的客户端异常；请求 ID:314b0dee-69ed-4b08-9cd0-2618b8e14b25；代理:空)

com.amazonaws.services.secretsmanager.model.AWSSecretsManagerException: The security token included in the request is invalid. (Service: AWSSecretsManager; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: 314b0dee-69ed-4b08-9cd0-2618b8e14b25; Proxy: null)

在com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1819)在com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1403)在com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1372)在com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1145)在com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:802)在com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770)在com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744)在com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:704)在com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686)在com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550)在com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530)在com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.doInvoke(AWSSecretsManagerClient.java:2625)在com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.invoke(AWSSecretsManagerClient.java:2594)在com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.invoke(AWSSecretsManagerClient.java:2583)在com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.executeCreateSecret(AWSSecretsManagerClient.java:557)在com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.createSecret(AWSSecretsManagerClient.java:528)

at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1819) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1403) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1372) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1145) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:802) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:704) at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686) at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550) at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530) at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.doInvoke(AWSSecretsManagerClient.java:2625) at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.invoke(AWSSecretsManagerClient.java:2594) at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.invoke(AWSSecretsManagerClient.java:2583) at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.executeCreateSecret(AWSSecretsManagerClient.java:557) at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.createSecret(AWSSecretsManagerClient.java:528)

我想我遗漏了一些参数，谁能帮我弄清楚.

I think I am missing some parameters, could anyone please helo me figure it out.

推荐答案

AWSSecretsManagerClientBuilder 的终端节点配置丢失.现在您的客户端以真正的 AWS 端点为目标，例如:https://secretsmanager.us-East-1.amazonaws.com:443

The endpoint configuration for the AWSSecretsManagerClientBuilder is missing. Right now your client targets the real AWS endpoint, e.g.: https://secretsmanager.us-east-1.amazonaws.com:443

public class LocalStackSecretsManagerTest {

  DockerImageName localstackImage = DockerImageName.parse("localstack/localstack:0.11.3");

  @Rule
  public LocalStackContainer localstack = new LocalStackContainer(localstackImage)
    .withServices(SECRETSMANAGER)
    .withEnv("LOCALSTACK_HOSTNAME", "localhost")
    .withEnv("HOSTNAME", "localhost");

  @Test
   void someTestMethod() {
    AWSSecretsManager secretsManager = AWSSecretsManagerClientBuilder.standard()
      .withCredentials(localstack.getDefaultCredentialsProvider())
      .withEndpointConfiguration(localstack.getEndpointConfiguration(SECRETSMANAGER)) // this is the important line
      .build();

    String secretString = "usrnme";

    CreateSecretRequest request = new CreateSecretRequest()
      .withName("test")
      .withSecretString(secretString);

    secretsManager.createSecret(request);
  }
}

指定端点时，可以删除区域配置.

When specifying the endpoint, you can remove the region configuration.

额外的 .withRequestCredentialsProvider(localstack.getDefaultCredentialsProvider()); 在 CreateSecretRequest 上是多余的，只有当您想覆盖每个 CreateSecretRequest 的凭据提供程序时才需要.

The additional .withRequestCredentialsProvider(localstack.getDefaultCredentialsProvider()); on CreateSecretRequest is redundant and only required if you want to override the credentials provider per CreateSecretRequest .

这篇关于Localstack throws 请求中包含的安全令牌无效的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！