Skip to content

Commit 5864292

Browse files
committed
aws: optimize MSK IAM authentication and credential management
1 parent c72d870 commit 5864292

File tree

1 file changed

+6
-5
lines changed

1 file changed

+6
-5
lines changed

src/aws/flb_aws_msk_iam.c

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -663,12 +663,16 @@ static void oauthbearer_token_refresh_cb(rd_kafka_t *rk,
663663
err = rd_kafka_oauthbearer_set_token(rk,
664664
payload,
665665
md_lifetime_ms,
666-
creds ? creds->access_key_id : "unknown",
666+
creds->access_key_id,
667667
NULL,
668668
0,
669669
errstr,
670670
sizeof(errstr));
671671

672+
/* Destroy credentials immediately after use (standard pattern) */
673+
flb_aws_credentials_destroy(creds);
674+
creds = NULL;
675+
672676
if (err != RD_KAFKA_RESP_ERR_NO_ERROR) {
673677
flb_error("[aws_msk_iam] failed to set OAuth bearer token: %s", errstr);
674678
rd_kafka_oauthbearer_set_token_failure(rk, errstr);
@@ -677,10 +681,7 @@ static void oauthbearer_token_refresh_cb(rd_kafka_t *rk,
677681
flb_info("[aws_msk_iam] OAuth bearer token successfully set");
678682
}
679683

680-
/* Clean up - credentials and payload */
681-
if (creds) {
682-
flb_aws_credentials_destroy(creds);
683-
}
684+
/* Clean up - payload only (creds already destroyed) */
684685
if (payload) {
685686
flb_sds_destroy(payload);
686687
}

0 commit comments

Comments
 (0)