Localstack 抛出请求中包含的安全令牌无效

Posted

技术标签:

【中文标题】Localstack 抛出请求中包含的安全令牌无效【英文标题】:Localstack throws The security token included in the request is invalid 【发布时间】:2021-06-22 23:37:42 【问题描述】:

我使用 Localstack 和 Testcontainers((testcontainers:localstack:1.15.2 )) 进行集成测试,并在测试设置中设置秘密,如下所示: 代码示例

 import com.amazonaws.services.secretsmanager.AWSSecretsManager;
import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
import com.amazonaws.services.secretsmanager.model.CreateSecretRequest; 
import org.junit.Rule;
import org.junit.Test;
import org.testcontainers.containers.localstack.LocalStackContainer;
import org.testcontainers.utility.DockerImageName; 
import static org.testcontainers.containers.localstack.LocalStackContainer.Service.SECRETSMANAGER;

public class QueueServiceTest 

    DockerImageName localstackImage = DockerImageName.parse("localstack/localstack:0.11.3");
    @Rule
    public LocalStackContainer localstack = new LocalStackContainer(localstackImage)
            .withServices(SECRETSMANAGER).withEnv("LOCALSTACK_HOSTNAME", "localhost").withEnv("HOSTNAME", "localhost");
    @Test
    public void someTestMethod() 
        AWSSecretsManager secretsManager = AWSSecretsManagerClientBuilder.standard()
                .withCredentials(localstack.getDefaultCredentialsProvider()).withRegion(localstack.getRegion())
                .build();

        String secretString = "usrnme";
        CreateSecretRequest request = new CreateSecretRequest().withName("test")
                .withSecretString(secretString)
     .withRequestCredentialsProvider(localstack.getDefaultCredentialsProvider());
        secretsManager.createSecret(request);
    


现在测试因错误而崩溃:

com.amazonaws.services.secretsmanager.model.AWSSecretsManagerException: 请求中包含的安全令牌无效。 (服务: AWSSecretsManager;状态码:400;错误代码: 无法识别的客户端异常;请求编号: 314b0dee-69ed-4b08-9cd0-2618b8e14b25;代理:空)

在 com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1819) 在 com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1403) 在 com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1372) 在 com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1145) 在 com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:802) 在 com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770) 在 com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744) 在 com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:704) 在 com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686) 在 com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550) 在 com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530) 在 com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.doInvoke(AWSSecretsManagerClient.java:2625) 在 com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.invoke(AWSSecretsManagerClient.java:2594) 在 com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.invoke(AWSSecretsManagerClient.java:2583) 在 com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.executeCreateSecret(AWSSecretsManagerClient.java:557) 在 com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.createSecret(AWSSecretsManagerClient.java:528)

我想我遗漏了一些参数,谁能帮我弄清楚。

【问题讨论】:

【参考方案1】:

AWSSecretsManagerClientBuilder 的端点配置丢失。现在您的客户端以真正的 AWS 端点为目标,例如:https://secretsmanager.us-east-1.amazonaws.com:443

public class LocalStackSecretsManagerTest 

  DockerImageName localstackImage = DockerImageName.parse("localstack/localstack:0.11.3");

  @Rule
  public LocalStackContainer localstack = new LocalStackContainer(localstackImage)
    .withServices(SECRETSMANAGER)
    .withEnv("LOCALSTACK_HOSTNAME", "localhost")
    .withEnv("HOSTNAME", "localhost");

  @Test
   void someTestMethod() 
    AWSSecretsManager secretsManager = AWSSecretsManagerClientBuilder.standard()
      .withCredentials(localstack.getDefaultCredentialsProvider())
      .withEndpointConfiguration(localstack.getEndpointConfiguration(SECRETSMANAGER)) // this is the important line
      .build();

    String secretString = "usrnme";

    CreateSecretRequest request = new CreateSecretRequest()
      .withName("test")
      .withSecretString(secretString);

    secretsManager.createSecret(request);
  

指定端点时,可以去掉区域配置。

CreateSecretRequest 上的附加 .withRequestCredentialsProvider(localstack.getDefaultCredentialsProvider()); 是多余的,仅当您要根据 CreateSecretRequest 覆盖凭据提供程序时才需要。

【讨论】:

感谢您的回答

以上是关于Localstack 抛出请求中包含的安全令牌无效的主要内容,如果未能解决你的问题,请参考以下文章

UnrecognizedClientException","errorMessage":"本地测试lambda函数时请求中包含的安全令牌无效

AuthorizationException: 请求中包含的安全令牌已过期

请教Java 登录token的代码

错误 ITMS-90283:配置文件无效。捆绑包中包含的配置文件无效 [缺少代码签名证书]

无效更新:第 0 节中的无效行数。更新后现有节中包含的行数 (3)

IBM Content Navigator自定义步骤处理器无效的安全令牌