Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kitchen converge failing - not prioritizing env vars over ~/.aws/credentials #258

Closed
davidcpell opened this issue Jun 16, 2016 · 2 comments
Closed

kitchen converge failing - not prioritizing env vars over ~/.aws/credentials #258

davidcpell opened this issue Jun 16, 2016 · 2 comments

Comments

@davidcpell
Copy link
Contributor

davidcpell commented Jun 16, 2016
edited
Loading

Hi all,

My kitchen converge command is failing. kitchen diagnose --all reveals this error:

/Users/david/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.3.14/lib/aws-sdk-core/shared_credentials.rb:82:in load_profile': Profiledefault' not found in /Users/david/.aws/credentials (Aws::Errors::NoSuchProfileError)

It's true that I have no [default] profile in my shared credentials file. However, according to the AWS SDK docs my environment variables should be prioritized over the credentials file. My environment variables are set correctly, and if I move ~/.aws to another location temporarily, the convergence works fine.

So I guess my questions are:

  1. Any idea why the shared file is being prioritized here? Is this actually an issue for the AWS SDK rather than kitchen-ec2 or is it possible that kitchen-ec2 is doing something to have the SDK check my creds file?

  2. If I wanted to just use the creds file, how could I make kitchen-ec2 look for a profile other than [default]?
@JaBurd
Copy link

JaBurd commented Jun 17, 2016

Not sure this is a kitchen thing, it might be an aws sdk thing. I know on our servers that have roles assigned to them in aws if they have a .aws/ folder cli calls will fail. Delete the .aws/ folder and the calls will work again as expected.

@davidcpell
Copy link
Contributor Author

davidcpell commented Jun 20, 2016
edited
Loading

@JaBurd I did a bit of digging and think I found the offending line:

https://github.com/test-kitchen/kitchen-ec2/blob/master/lib/kitchen/driver/aws/client.rb#L59

shared_creds = ::Aws::SharedCredentials.new(:profile_name => profile_name)

I used pry at this point in the code and got this error when running that line by hand:

[6] pry(Kitchen::Driver::Aws::Client)> shared_creds = ::Aws::SharedCredentials.new(:profile_name => profile_name)
Aws::Errors::NoSuchProfileError: Profile `default' not found in /Users/david/.aws/credentials
from /Users/david/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.3.14/lib/aws-sdk-core/shared_credentials.rb:82:in `load_profile'

At this point, for me the profile_name variable (first argument to Kitchen::Drive::Aws::Client::get_credentials is nil. I'm guessing that the SharedCredentials class in the core gem is therefore using default. So it's not that kitchen-ec2 is looking for the credentials out of order, but that this part is using default if profile is nil. Maybe it would be better to include this code that instantiates SharedCredentials into the branch at line 68 so that it's totally avoided for people who are using ENV?

BTW I'd be happy to open a PR to work on this with your or whoever's feedback if you think it's worth looking at. For now I can just add a [default] profile that matches the credentials in my environment or specify a profile in ENV["AWS_PROFILE"], but it still seems a bit misleading to be doing the SharedCredentials stuff before it's clear that that's necessary.

davidcpell added a commit to davidcpell/kitchen-ec2 that referenced this issue Jun 22, 2016
@davidcpell
Only look for shared creds if necessary
a24dc84 
WHY:
Currently in `client.rb` there a number of places are checked for creds.
A local variable representing the shared creds file in
`~/.aws/credentials` is created before its known whether that option is
even necessary (i.e. before all the switching begins). This was causing
the client to error out on my machine because I use `ENV` variables and
didn't have a `[default]` profile in my shared creds file, which is what
this was trying to find (see test-kitchen#258).

Rather than create this variable when it's not even clear that we need
it, we can wait to use `Aws::SharedCredentials` when the control flow
reaches that point and more highly prioritized options have been ruled
out.

This also simplifies a number of specs in `client_spec.rb` since the
call to `SharedCredentials` doesn't need to be stubbed out every time.
@davidcpell davidcpell mentioned this issue Jun 22, 2016
Merged
davidcpell added a commit to davidcpell/kitchen-ec2 that referenced this issue Nov 16, 2016
@davidcpell
Only look for shared creds if necessary
2fb67cc 
WHY:
Currently in `client.rb` there a number of places are checked for creds.
A local variable representing the shared creds file in
`~/.aws/credentials` is created before its known whether that option is
even necessary (i.e. before all the switching begins). This was causing
the client to error out on my machine because I use `ENV` variables and
didn't have a `[default]` profile in my shared creds file, which is what
this was trying to find (see test-kitchen#258).

Rather than create this variable when it's not even clear that we need
it, we can wait to use `Aws::SharedCredentials` when the control flow
reaches that point and more highly prioritized options have been ruled
out.

This also simplifies a number of specs in `client_spec.rb` since the
call to `SharedCredentials` doesn't need to be stubbed out every time.
davidcpell added a commit to davidcpell/kitchen-ec2 that referenced this issue Nov 16, 2016
@davidcpell
Only look for shared creds if necessary
1af650e 
WHY:
Currently in `client.rb` there a number of places are checked for creds.
A local variable representing the shared creds file in
`~/.aws/credentials` is created before its known whether that option is
even necessary (i.e. before all the switching begins). This was causing
the client to error out on my machine because I use `ENV` variables and
didn't have a `[default]` profile in my shared creds file, which is what
this was trying to find (see test-kitchen#258).

Rather than create this variable when it's not even clear that we need
it, we can wait to use `Aws::SharedCredentials` when the control flow
reaches that point and more highly prioritized options have been ruled
out.

This also simplifies a number of specs in `client_spec.rb` since the
call to `SharedCredentials` doesn't need to be stubbed out every time.
davidcpell added a commit to davidcpell/kitchen-ec2 that referenced this issue Feb 7, 2017
@davidcpell
Only look for shared creds if necessary
be4d287 
WHY:
Currently in `client.rb` there a number of places are checked for creds.
A local variable representing the shared creds file in
`~/.aws/credentials` is created before its known whether that option is
even necessary (i.e. before all the switching begins). This was causing
the client to error out on my machine because I use `ENV` variables and
didn't have a `[default]` profile in my shared creds file, which is what
this was trying to find (see test-kitchen#258).

Rather than create this variable when it's not even clear that we need
it, we can wait to use `Aws::SharedCredentials` when the control flow
reaches that point and more highly prioritized options have been ruled
out.

This also simplifies a number of specs in `client_spec.rb` since the
call to `SharedCredentials` doesn't need to be stubbed out every time.
davidcpell added a commit to davidcpell/kitchen-ec2 that referenced this issue Feb 7, 2017
@davidcpell
Only look for shared creds if necessary
7bdef89 
WHY:
Currently in `client.rb` there a number of places are checked for creds.
A local variable representing the shared creds file in
`~/.aws/credentials` is created before its known whether that option is
even necessary (i.e. before all the switching begins). This was causing
the client to error out on my machine because I use `ENV` variables and
didn't have a `[default]` profile in my shared creds file, which is what
this was trying to find (see test-kitchen#258).

Rather than create this variable when it's not even clear that we need
it, we can wait to use `Aws::SharedCredentials` when the control flow
reaches that point and more highly prioritized options have been ruled
out.

This also simplifies a number of specs in `client_spec.rb` since the
call to `SharedCredentials` doesn't need to be stubbed out every time.
@davidcpell davidcpell mentioned this issue Feb 15, 2017
Closed
davidcpell added a commit to davidcpell/kitchen-ec2 that referenced this issue Feb 15, 2017
@davidcpell
reinstate default shared creds option
5f554ab 
This allows a user to rely on a [default] profile getting picked up in
the shared credentials file (~/.aws/credentials).

Fixes test-kitchen#295
Fixes test-kitchen#258
@davidcpell davidcpell mentioned this issue Feb 15, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@davidcpell @JaBurd