Skip to content

Problem with auth to AWS MSK when profile has name in uppercase #12

New issue
New issue
Open
Open
Problem with auth to AWS MSK when profile has name in uppercase#12
@tc559

Description

@tc559
tc559
opened on Jan 8, 2026

on Mac OS (I didn't try to reproduce on Linux)
using

[profile DEV]
sso_session = main
sso_account_id = REDACTED
sso_role_name = Developer
region = eu-central-1
output = yaml

with

  kafka-dev:
    brokers:
      - b-2.redacted.kafka.eu-central-1.amazonaws.com:9098
      - b-1.redacted.kafka.eu-central-1.amazonaws.com:9098
    sasl:
      enabled: true
      mechanism: oauth
      tokenprovider:
        plugin: aws
        options:
          region: eu-central-1
          profile: DEV
          debug: true
    tls:
      enabled: true

Leads to auth failure. Changing profile name to lowercase makes it work.

[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin: 2026/01/08 13:37:30 failed to get caller identity: operation error STS: GetCallerIdentity, https response error StatusCode: 403, RequestID: 520d38f4-c730-4fcf-9b1b-e673a28695fd, api error InvalidClientTokenId: The security token included in the request is invalid
[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin: panic: runtime error: invalid memory address or nil pointer dereference
[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin: [signal SIGSEGV: segmentation violation code=0x2 addr=0x10 pc=0x100e04c2c]
[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin
[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin: goroutine 51 [running]:
[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin: github.com/aws/aws-msk-iam-sasl-signer-go/signer.logCallerIdentity({0x10112f820, 0x101669f60}, {0x14000192cf0?, 0x0?}, {{0x140003d6482, 0x14}, {0x140003d64ad, 0x28}, {0x140003d64e8, 0x3f4}, ...})
[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin:     github.com/aws/[email protected]/signer/msk_auth_token_provider.go:377 +0x28c
[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin: github.com/aws/aws-msk-iam-sasl-signer-go/signer.constructAuthToken({0x10112f820, 0x101669f60}, {0x14000192cf0, 0xc}, 0x14000365880)
[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin:     github.com/aws/[email protected]/signer/msk_auth_token_provider.go:245 +0xe4
[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin: github.com/aws/aws-msk-iam-sasl-signer-go/signer.GenerateAuthTokenFromProfileWithSharedConfigFiles({0x10112f820, 0x101669f60}, {0x14000192cf0, 0xc}, {0x14000192d07?, 0x140003bc000?}, {0x0?, 0x100923cb8?, 0x4?})
[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin:     github.com/aws/[email protected]/signer/msk_auth_token_provider.go:66 +0x9c
[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin: github.com/aws/aws-msk-iam-sasl-signer-go/signer.GenerateAuthTokenFromProfile(...)
[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin:     github.com/aws/[email protected]/signer/msk_auth_token_provider.go:55
[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin: main.(*tokenProvider).Token(0x1400036e600)
[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin:     github.com/deviceinsight/kafkactl-aws-plugin/main.go:82 +0x188
[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin: github.com/deviceinsight/kafkactl/v5/pkg/plugins/auth.(*TokenProviderRPCServer).Token(0x140001ef7b8?, {0x10090ce48?, 0x0?}, 0x14000315500)
[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin:     github.com/deviceinsight/kafkactl/[email protected]/pkg/plugins/auth/plugin.go:51 +0x28
[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin: reflect.Value.call({0x1400036ecc0?, 0x14000306210?, 0x13?}, {0x100e53b17, 0x4}, {0x140003b6ef8, 0x3, 0x3?})
[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin:     reflect/value.go:581 +0x960
[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin: reflect.Value.Call({0x1400036ecc0?, 0x14000306210?, 0x1?}, {0x14000277ef8?, 0x0?, 0x0?})
[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin:     reflect/value.go:365 +0x94
[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin: net/rpc.(*service).call(0x14000317540, 0x1400031c8c0, 0x1400037c1e8, 0x1400037c200, 0x14000311200, 0x140001b5380, {0x101007f40?, 0x140003154e0?, 0x0?}, {0x100fb6ae0?, ...}, ...)
[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin:     net/rpc/server.go:383 +0x1e8
[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin: created by net/rpc.(*Server).ServeCodec in goroutine 39
[aws     ] 2026/01/08 13:37:30 [DEBUG] kafkactl-aws-plugin:     net/rpc/server.go:480 +0x284

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions