Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AWS credentials cache key needs to include the region #6128

Open
maxbog opened this issue Sep 3, 2024 · 5 comments · May be fixed by #6134
Open

AWS credentials cache key needs to include the region #6128

maxbog opened this issue Sep 3, 2024 · 5 comments · May be fixed by #6134
Labels
bug Something isn't working stale All issues that are marked as stale due to inactivity

Comments

@maxbog
Copy link

maxbog commented Sep 3, 2024

Report

Hello, I have two deployments using ScaledObjects based on SQS queues in different regions (say, eu-central-1 and us-east-1) and I want to authenticate to AWS using pod identity. The first ScaledObject authenticates correctly (one running on eu-central-1), and then the AWS config (with region included) is cached in the config cache. The second ScaledObject fails to start, because the operator tries to connect to a queue in another region (us-east-1), but the cached config includes the region from the first queue (eu-central-1).
If I understand the code correctly, the getCacheKey function here:

func (a *sharedConfigCache) getCacheKey(awsAuthorization AuthorizationMetadata) string {
needs to include region in the returned string so that the configs are cached per region.

Expected Behavior

Both ScaledObjects report as Ready

Actual Behavior

Only the first ScaledObject is ready, the second one never authenticates successfully.

Steps to Reproduce the Problem

1.Create two queues in different region
2.Create ScaledObjects for them using pod identity as auth mechanism

Logs from KEDA operator

{"level":"error","ts":"2024-09-03T14:22:34Z","logger":"scale_handler","msg":"error getting metric for trigger","scaledObject.Namespace":"**REDACTED**","scaledObject.Name":"**REDACTED**","trigger":"awsSqsQueueScaler","error":"operation error SQS: GetQueueAttributes, https response error StatusCode: 400, RequestID: d511bcd7-6b16-5a65-bb0d-e38676fca9a3, AWS.SimpleQueueService.NonExistentQueue: The specified queue does not exist or you do not have access to it.","stacktrace":"github.com/kedacore/keda/v2/pkg/scaling.(*scaleHandler).GetScaledObjectMetrics\n\t/workspace/pkg/scaling/scale_handler.go:553\ngithub.com/kedacore/keda/v2/pkg/metricsservice.(*GrpcServer).GetMetrics\n\t/workspace/pkg/metricsservice/server.go:48\ngithub.com/kedacore/keda/v2/pkg/metricsservice/api._MetricsService_GetMetrics_Handler.func1\n\t/workspace/pkg/metricsservice/api/metrics_grpc.pb.go:106\ngithub.com/kedacore/keda/v2/pkg/metricsservice.(*GrpcServer).Start.(*ServerMetrics).UnaryServerInterceptor.UnaryServerInterceptor.func6\n\t/workspace/vendor/github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/server.go:22\ngithub.com/kedacore/keda/v2/pkg/metricsservice/api._MetricsService_GetMetrics_Handler\n\t/workspace/pkg/metricsservice/api/metrics_grpc.pb.go:108\ngoogle.golang.org/grpc.(*Server).processUnaryRPC\n\t/workspace/vendor/google.golang.org/grpc/server.go:1369\ngoogle.golang.org/grpc.(*Server).handleStream\n\t/workspace/vendor/google.golang.org/grpc/server.go:1780\ngoogle.golang.org/grpc.(*Server).serveStreams.func2.1\n\t/workspace/vendor/google.golang.org/grpc/server.go:1019"}

KEDA Version

2.15.0

Kubernetes Version

1.30

Platform

Amazon Web Services

Scaler Details

AWS SQS

Anything else?

No response

@maxbog maxbog added the bug Something isn't working label Sep 3, 2024
@JorTurFer
Copy link
Member

Hello,
Interesting and you're probably right. WDYT @ThaSami ?

@maxbog maxbog linked a pull request Sep 4, 2024 that will close this issue
7 tasks
@ndlanier
Copy link

I believe I am seeing this issue as well. Definitely paying attention to that PR.

@maxbog
Copy link
Author

maxbog commented Sep 13, 2024

@JorTurFer any chance for a review and, hopefully, merge of the attached PR?

@ndlanier
Copy link

@JorTurFer bumping for review on the PR

Copy link

stale bot commented Nov 17, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale All issues that are marked as stale due to inactivity label Nov 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working stale All issues that are marked as stale due to inactivity
Projects
Status: To Triage
Development

Successfully merging a pull request may close this issue.

3 participants