Details
-
Improvement
-
Status: Closed
-
Minor
-
Resolution: Not A Problem
-
3.5.2
-
None
-
None
Description
When authenticating with IAM auth using the channelizer here, https://github.com/aws/amazon-neptune-gremlin-java-sigv4 if the access key or secret access key are incorrect, the user gets a 'NoHostsAvailable' exception, which is not very descriptive of the issue.
Looking deep into a very large stack trace in the log you can find:
YY/MM/DD HH:MM:SS [gremlin-driver-loop-1] ERROR driver.Handler$GremlinResponseHandler: Could not process the response io.netty.handler.codec.http.websocketx.WebSocketClientHandshakeException: Invalid handshake response getStatus: 403 Forbidden at io.netty.handler.codec.http.websocketx.WebSocketClientHandshaker13.verify(WebSocketClientHandshaker13.java:272) at io.netty.handler.codec.http.websocketx.WebSocketClientHandshaker.finishHandshake(WebSocketClientHandshaker.java:302) at io.netty.handler.codec.http.websocketx.WebSocketClientProtocolHandshakeHandler.channelRead(WebSocketClientProtocolHandshakeHandler.java:93)
And further you can also find:
Caused by: org.apache.tinkerpop.gremlin.driver.exception.ConnectionException: Could not complete connection setup to the server. Ensure that SSL is correctly configured at both the client and the server. Ensure that client WebSocket handshake protocol matches the server. Ensure that the server is still reachable. 2 at org.apache.tinkerpop.gremlin.driver.SigV4WebSocketChannelizer.connected(SigV4WebSocketChannelizer.java:217) 3 at org.apache.tinkerpop.gremlin.driver.Connection.<init>(Connection.java:120) 4 ... 8 more
Neither of these things are that helpful except for the 403 forbidden.
Most end users will have a hard to getting anywhere from here, I am suggesting we improve this by adding a better description in the error message and allowing an exception that indicates that the credentials are incorrect to bubble out.
This will require changes in TinkerPop and the IAM SigV4 channelizer.