search

aws / aws-toolkit-azure-devops

AWS Toolkit for Azure DevOps
Other
249 stars 106 forks source link

AWS Credentials - Use Variable in deployment group fails #307

Open henning-krause opened 5 years ago

henning-krause commented 5 years ago

Describe the bug I have a deployment with multiple stages which are deployed to individual AWS organizations. Thus, I need to specify specific connections for each stage. So I set the AWS credential to $(AWSAccount). This works for normal deployments. However, it fails when used in a deployment-group deployment.

It fails with this log:

2019-11-06T14:51:00.6561140Z Configuring credentials for task
2019-11-06T14:51:00.6561308Z ##[debug]awsCredentials=AWS - Staging
2019-11-06T14:51:00.6561424Z ##[debug]task result: Failed
2019-11-06T14:51:00.6592575Z ##[error]Endpoint auth data not present: AWS - Staging
2019-11-06T14:51:00.6592978Z ##[debug]Processed: ##vso[task.issue type=error;]Endpoint auth data not present: AWS - Staging
2019-11-06T14:51:00.6616183Z ##[debug]Processed: ##vso[task.complete result=Failed;]Endpoint auth data not present: AWS - Staging
2019-11-06T14:51:00.6618671Z AWS - Staging exists false
2019-11-06T14:51:00.6619389Z ##[debug]AWS - Staging exists false
2019-11-06T14:51:00.6619622Z ...configuring AWS credentials from service endpoint 'AWS - Staging'

If I enter the actual endpoint directly, the log looks like this:

019-11-06T14:28:09.1626091Z Configuring credentials for task
2019-11-06T14:28:09.1626889Z 1f20638e-2d31-4a06-9230-f6a63f123089 exists true
2019-11-06T14:28:09.1627728Z ...configuring AWS credentials from service endpoint '1f20638e-2d31-4a06-9230-f6a63f123089'
2019-11-06T14:28:09.1627972Z ...endpoint defines standard access/secret key credentials

But this only happens on a Deployment Group job. It seems that the connection name is not being properly translated to its Id when run on a Deployment Group Job.

To reproduce Use an AWS task in a deployment group job. Specify the AWS credential via a variable like $(AWSAccount) and set the variable value to the name of an AWS credential.

Expected behavior The task executes successfully.

Your Environment Azure Devops Server 2019, on-prem AWS Tools 1.50

hunterwerlla commented 5 years ago

This looks very similar to https://github.com/aws/aws-vsts-tools/issues/303 , but we do not support that method of credentials. The reason for the difference is in the YAML task, that is getting resolved by VSTS itself, but here we would have to resolve it. A workaround for now is to use YAML based tasks, but we do want to add this method as well.

henning-krause commented 5 years ago

I'm using the AWS task in a Release Pipeline, which does not at the moment supports YAML. And in the cloud, altough multi-stage pipelines are available, they do not yet support deployment groups, AFAIK.