Closed dmcnaught closed 7 years ago
Thanks for the contribution! Please ensure your commits follow our style guide. This code will be tested once a Deis maintainer reviews it.
Also fixes my trail to the issue https://github.com/deis/workflow-migration/issues/9 https://github.com/deis/workflow/issues/712
This is actually how the code is supposed to work. When IAM is implemented, there shouldn't be any files with AWS access keys or secret keys set. We check for if they have any data, and if they are then we propagate them to the environment.
If you have IAM set up and you've also written data in values.yaml with your S3 information, that would explain why this fixes your problem. I'd take a look into why you have an objectstorage secret set with values.
Effectively this code is now saying "if I have set anything in values.yaml in regards to S3 credentials, ignore it", which is not the intention here :)
ok, thanks. Yes - I tested my changes and they don't fix the issue. I was confused because it looks like those lines were always running before, but it worked (deis workflow version<=2.8.0)
I have IAM setup and have confirmed it works in the deis workspace by running up generic ubuntu there are accessing the bucket successfully. However the database log is showing this:
Performing an initial backup...
wal_e.main INFO MSG: starting WAL-E
DETAIL: The subcommand is "backup-push".
STRUCTURED: time=2017-04-13T21:05:13.346499-00 pid=111
wal_e.main ERROR MSG: AWS Access Key credential is required but not provided
HINT: Pass "--aws-access-key-id" or set the environment variable "AWS_ACCESS_KEY_ID".
STRUCTURED: time=2017-04-13T21:05:13.346858-00 pid=111
My values config snippets are:
global:
# Set the storage backend
#
# Valid values are:
# - s3: Store persistent data in AWS S3 (configure in S3 section)
# - azure: Store persistent data in Azure's object storage
# - gcs: Store persistent data in Google Cloud Storage
# - minio: Store persistent data on in-cluster Minio server
storage: s3
.
.
.
database_location: "on-cluster"
.
.
.
s3:
# Your AWS access key. Leave it empty if you want to use IAM credentials.
accesskey: ""
# Your AWS secret key. Leave it empty if you want to use IAM credentials.
secretkey: ""
# Any S3 region
region: "us-west-2"
# Your buckets.
registry_bucket: "tectonic-deis-registry"
database_bucket: "tectonic-deis-database"
builder_bucket: "tectonic-deis-builder"
let's continue this discussion in #192.
Comments say to check the values are empty, but the check is that they are not empty. Fixing. https://github.com/deis/postgres/issues/184