search

josmo / drone-ecs

Drone plugin for triggering Amazon EC2 Container Service (ECS) deployments
Apache License 2.0
30 stars 41 forks source link

AWS access_key and secret_key results in InvalidParameterException #54

Closed unfor19 closed 4 years ago

unfor19 commented 4 years ago

Hi, I read the docs and also checkedmain.go and plugin.go.

I've created two organization secrets in drone, aws_access_key_id and aws_secret_access_key, I'm already using them in many pipelines/steps, but it seems like they don't work with this plugin.

My .drone.yml snippet

  - name: deploy_to_ecs
    image: pelotech/drone-ecs
    pull: always
    environment:
     AWS_ACCESS_KEY:
       from_secret: aws_access_key_id
     AWS_SECRET_KEY:
       from_secret: aws_secret_access_key
    settings:
      cluster: dev-cluster
      service: dev-service
      deployment_configuration: 100 200
      docker_image: 1234567890.dkr.ecr.eu-west-1.amazonaws.com/some-image
      region: eu-west-1

According to the code, I can see that if I don't pass access_key and secret_key, that's ok, as long as I set AWS_ACCESS_KEY and AWS_SECRET_KEY.

Here's the error I get when using the snippet above

Status: Image is up to date for pelotech/drone-ecs:latest
--
4 | Drone AWS ECS Plugin built
5 | 2020/06/28 14:53:10 InvalidParameterException:

According to the plugin, it should work - main.go - Ref

    app.Flags = []cli.Flag{
        cli.StringFlag{
            Name:   "access-key",
            Usage:  "AWS access key",
            EnvVar: "PLUGIN_ACCESS_KEY,ECS_ACCESS_KEY,AWS_ACCESS_KEY",
        },
        cli.StringFlag{
            Name:   "secret-key",
            Usage:  "AWS secret key",
            EnvVar: "PLUGIN_SECRET_KEY,ECS_SECRET_KEY,AWS_SECRET_KEY",
        },
...
func run(c *cli.Context) error {
    plugin := Plugin{
        Key:                          c.String("access-key"),
        Secret:                       c.String("secret-key"),
...

And a reference of where the creds are fetched - plugin.go - Ref

    if len(p.Key) != 0 && len(p.Secret) != 0 {
        awsConfig.Credentials = credentials.NewStaticCredentials(p.Key, p.Secret, "")
    }
    awsConfig.Region = aws.String(p.Region)

    var svc *ecs.ECS
    sess := session.Must(session.NewSession(&awsConfig))
unfor19 commented 4 years ago

So apparently it's not the credentials. Something is missing in my .drone.yml. According to the main README.md, I only need to supply: 

  -e PLUGIN_ACCESS_KEY=<key>             \
  -e PLUGIN_SECRET_KEY=<secret>          \
  -e PLUGIN_SERVICE=<service>            \  
  -e PLUGIN_DOCKER_IMAGE=<image>

I do that in my YML, so what am I missing?

  - name: deploy_to_ecs
    image: pelotech/drone-ecs
    pull: always
    environment:
     AWS_ACCESS_KEY:
       from_secret: aws_access_key_id
     AWS_SECRET_KEY:
       from_secret: aws_secret_access_key
    settings:
      cluster: dev-cluster
      service: dev-service
      deployment_configuration: 100 200
      docker_image: 1234567890.dkr.ecr.eu-west-1.amazonaws.com/some-image
      region: eu-west-1
unfor19 commented 4 years ago

The issue appears to be related to the fact that I'm using FARGATE, I haven't provided some variables that are mandatory

unfor19 commented 4 years ago

I gave up