Redshift-Postgres RD联合查询:身份验证方法10不支持
VPC已配置,秘密在秘密管理器中,并附加了Redshift群集的正确策略。
创建了使用外部模式,
CREATE EXTERNAL SCHEMA schema_ext
FROM POSTGRES
DATABASE 'db' SCHEMA 'schema'
URI 'rds.some_symbols.eu-west-1.rds.amazonaws.com' PORT 5432
IAM_ROLE 'arn:aws:iam::999999999999:role/redshift-iam-role'
SECRET_ARN 'arn:aws:secretsmanager:eu-west-1:999999999999:secret:some-secret-some-symbols';
但是当我尝试将查询运行到此模式中的某个表时,我会收到错误:
SQL Error [XX000]: ERROR:
-----------------------------------------------
error: authentication method 10 not supported
code: 25300
context:
query: 0
location: pgclient.cpp:535
process: padbmaster [pid=2022]
-----------------------------------------------
此错误的详细信息正在遵循,
org.jkiss.dbeaver.model.sql.DBSQLException: SQL Error [XX000]: ERROR:
-----------------------------------------------
error: authentication method 10 not supported
code: 25300
context:
query: 0
location: pgclient.cpp:535
process: padbmaster [pid=2022]
-----------------------------------------------
at org.jkiss.dbeaver.model.impl.jdbc.exec.JDBCStatementImpl.executeStatement(JDBCStatementImpl.java:133)
at org.jkiss.dbeaver.ui.editors.sql.execute.SQLQueryJob.executeStatement(SQLQueryJob.java:575)
at org.jkiss.dbeaver.ui.editors.sql.execute.SQLQueryJob.lambda$1(SQLQueryJob.java:484)
at org.jkiss.dbeaver.model.exec.DBExecUtils.tryExecuteRecover(DBExecUtils.java:172)
at org.jkiss.dbeaver.ui.editors.sql.execute.SQLQueryJob.executeSingleQuery(SQLQueryJob.java:491)
at org.jkiss.dbeaver.ui.editors.sql.execute.SQLQueryJob.extractData(SQLQueryJob.java:878)
at org.jkiss.dbeaver.ui.editors.sql.SQLEditor$QueryResultsContainer.readData(SQLEditor.java:3526)
at org.jkiss.dbeaver.ui.controls.resultset.ResultSetJobDataRead.lambda$0(ResultSetJobDataRead.java:118)
at org.jkiss.dbeaver.model.exec.DBExecUtils.tryExecuteRecover(DBExecUtils.java:172)
at org.jkiss.dbeaver.ui.controls.resultset.ResultSetJobDataRead.run(ResultSetJobDataRead.java:116)
at org.jkiss.dbeaver.ui.controls.resultset.ResultSetViewer$ResultSetDataPumpJob.run(ResultSetViewer.java:4868)
at org.jkiss.dbeaver.model.runtime.AbstractJob.run(AbstractJob.java:105)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
Caused by: com.amazon.redshift.util.RedshiftException: ERROR:
-----------------------------------------------
error: authentication method 10 not supported
code: 25300
context:
query: 0
location: pgclient.cpp:535
process: padbmaster [pid=2022]
-----------------------------------------------
at com.amazon.redshift.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2601)
at com.amazon.redshift.core.v3.QueryExecutorImpl.processResultsOnThread(QueryExecutorImpl.java:2269)
at com.amazon.redshift.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:1880)
at com.amazon.redshift.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:1872)
at com.amazon.redshift.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:368)
at com.amazon.redshift.jdbc.RedshiftStatementImpl.executeInternal(RedshiftStatementImpl.java:514)
at com.amazon.redshift.jdbc.RedshiftStatementImpl.execute(RedshiftStatementImpl.java:435)
at com.amazon.redshift.jdbc.RedshiftStatementImpl.executeWithFlags(RedshiftStatementImpl.java:376)
at com.amazon.redshift.jdbc.RedshiftStatementImpl.executeCachedSql(RedshiftStatementImpl.java:362)
at com.amazon.redshift.jdbc.RedshiftStatementImpl.executeWithFlags(RedshiftStatementImpl.java:339)
at com.amazon.redshift.jdbc.RedshiftStatementImpl.execute(RedshiftStatementImpl.java:329)
at org.jkiss.dbeaver.model.impl.jdbc.exec.JDBCStatementImpl.execute(JDBCStatementImpl.java:329)
at org.jkiss.dbeaver.model.impl.jdbc.exec.JDBCStatementImpl.lambda$0(JDBCStatementImpl.java:131)
at org.jkiss.dbeaver.utils.SecurityManagerUtils.wrapDriverActions(SecurityManagerUtils.java:94)
at org.jkiss.dbeaver.model.impl.jdbc.exec.JDBCStatementImpl.executeStatement(JDBCStatementImpl.java:131)
... 12 more
我尝试从AWS Console中的Query Editor运行相同的查询以获取RedShift。 一样
ERROR: ----------------------------------------------- error: authentication method 10 not supported code: 25300 context: query: 0 location: pgclient.cpp:535 process: padbmaster [pid=12588] -----------------------------------------------
错误似乎与我尝试更新JDBC客户端驱动程序 。没有结果。
也许问题在于用于加密秘密的自定义KMS密钥。但是,了解其工作方式的人说“它解密了,然后才获得授权”。
我应该怎么做才能避免此错误?
VPC is configured, secret is in Secrets Manager with correct policy attached to Redshift cluster.
Created external schema using
CREATE EXTERNAL SCHEMA schema_ext
FROM POSTGRES
DATABASE 'db' SCHEMA 'schema'
URI 'rds.some_symbols.eu-west-1.rds.amazonaws.com' PORT 5432
IAM_ROLE 'arn:aws:iam::999999999999:role/redshift-iam-role'
SECRET_ARN 'arn:aws:secretsmanager:eu-west-1:999999999999:secret:some-secret-some-symbols';
But when I try to run query to some table in this schema I get error:
SQL Error [XX000]: ERROR:
-----------------------------------------------
error: authentication method 10 not supported
code: 25300
context:
query: 0
location: pgclient.cpp:535
process: padbmaster [pid=2022]
-----------------------------------------------
Details for this error are following
org.jkiss.dbeaver.model.sql.DBSQLException: SQL Error [XX000]: ERROR:
-----------------------------------------------
error: authentication method 10 not supported
code: 25300
context:
query: 0
location: pgclient.cpp:535
process: padbmaster [pid=2022]
-----------------------------------------------
at org.jkiss.dbeaver.model.impl.jdbc.exec.JDBCStatementImpl.executeStatement(JDBCStatementImpl.java:133)
at org.jkiss.dbeaver.ui.editors.sql.execute.SQLQueryJob.executeStatement(SQLQueryJob.java:575)
at org.jkiss.dbeaver.ui.editors.sql.execute.SQLQueryJob.lambda$1(SQLQueryJob.java:484)
at org.jkiss.dbeaver.model.exec.DBExecUtils.tryExecuteRecover(DBExecUtils.java:172)
at org.jkiss.dbeaver.ui.editors.sql.execute.SQLQueryJob.executeSingleQuery(SQLQueryJob.java:491)
at org.jkiss.dbeaver.ui.editors.sql.execute.SQLQueryJob.extractData(SQLQueryJob.java:878)
at org.jkiss.dbeaver.ui.editors.sql.SQLEditor$QueryResultsContainer.readData(SQLEditor.java:3526)
at org.jkiss.dbeaver.ui.controls.resultset.ResultSetJobDataRead.lambda$0(ResultSetJobDataRead.java:118)
at org.jkiss.dbeaver.model.exec.DBExecUtils.tryExecuteRecover(DBExecUtils.java:172)
at org.jkiss.dbeaver.ui.controls.resultset.ResultSetJobDataRead.run(ResultSetJobDataRead.java:116)
at org.jkiss.dbeaver.ui.controls.resultset.ResultSetViewer$ResultSetDataPumpJob.run(ResultSetViewer.java:4868)
at org.jkiss.dbeaver.model.runtime.AbstractJob.run(AbstractJob.java:105)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
Caused by: com.amazon.redshift.util.RedshiftException: ERROR:
-----------------------------------------------
error: authentication method 10 not supported
code: 25300
context:
query: 0
location: pgclient.cpp:535
process: padbmaster [pid=2022]
-----------------------------------------------
at com.amazon.redshift.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2601)
at com.amazon.redshift.core.v3.QueryExecutorImpl.processResultsOnThread(QueryExecutorImpl.java:2269)
at com.amazon.redshift.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:1880)
at com.amazon.redshift.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:1872)
at com.amazon.redshift.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:368)
at com.amazon.redshift.jdbc.RedshiftStatementImpl.executeInternal(RedshiftStatementImpl.java:514)
at com.amazon.redshift.jdbc.RedshiftStatementImpl.execute(RedshiftStatementImpl.java:435)
at com.amazon.redshift.jdbc.RedshiftStatementImpl.executeWithFlags(RedshiftStatementImpl.java:376)
at com.amazon.redshift.jdbc.RedshiftStatementImpl.executeCachedSql(RedshiftStatementImpl.java:362)
at com.amazon.redshift.jdbc.RedshiftStatementImpl.executeWithFlags(RedshiftStatementImpl.java:339)
at com.amazon.redshift.jdbc.RedshiftStatementImpl.execute(RedshiftStatementImpl.java:329)
at org.jkiss.dbeaver.model.impl.jdbc.exec.JDBCStatementImpl.execute(JDBCStatementImpl.java:329)
at org.jkiss.dbeaver.model.impl.jdbc.exec.JDBCStatementImpl.lambda$0(JDBCStatementImpl.java:131)
at org.jkiss.dbeaver.utils.SecurityManagerUtils.wrapDriverActions(SecurityManagerUtils.java:94)
at org.jkiss.dbeaver.model.impl.jdbc.exec.JDBCStatementImpl.executeStatement(JDBCStatementImpl.java:131)
... 12 more
I tried to run the same query from query editor in AWS Console for Redshift. The error seems to be the same
ERROR: ----------------------------------------------- error: authentication method 10 not supported code: 25300 context: query: 0 location: pgclient.cpp:535 process: padbmaster [pid=12588] -----------------------------------------------
I tried to update JDBC client drivers. No result.
Maybe the problem is in the custom KMS key used to encrypt the secret. But the guy who understands how it works tells that "it decrypts and only then goes for authorization".
What should I do to avoid this error?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
目前,红移文档中没有答案。
但是,有助于对红移用户的RDS侧的MD5进行显式更改
,也不要忘记在将对象放在RDS侧后运行分析。选择新鲜对象可以返回红移错误。
For now, there is no answer in Redshift documentation.
But what helped is explicit change of encryption to MD5 on RDS side for the Redshift user
Also, don't forget to run ANALYZE after dropping an object on RDS side. SELECT on fresh objects can return an error for Redshift.