jameslamb
commented
6 months ago I just came here to write up a similar issue to this one.
I suspect that this was added in #1403 as extra protection that sccache doesn't accidentally perform any authenticated AWS operations when SCCACHE_S3_NO_CREDENTIALS=true.
I've encountered 2 sources of friction as a result of this error:
- Using
sccachein unauthenticated read-only mode like this and doing any other authenticated AWS operations in the same environment requires some extra work to avoid this error, like callingunset AWS_ACCESS_KEY_ID(and then later setting it again) or runningsccachein a more restricted environment likeenv -u AWS_ACCESS_KEY_ID sccache. - You have to be very careful about the difference between those variables being truly "unset" and being set to the empty string
''.
Would you consider one of the following changes to this behavior?
- remove this error entirely (and just rely on tests + code review for that protection)
- do not raise this error when those
AWS_*variables are set to the empty string''
I'm very inexperienced with Rust, but would be happy to put up a patch if you agree with either of these proposals.
Thanks very much for your time and consideration.
The code block below throws an error when both
SCCACHE_S3_NO_CREDENTIALSand theAWS_ACCESS_KEY_IDorAWS_SECRET_ACCESS_KEYenvironment variables are set.The issue with this check is that it's incomplete.
opendalcan load credentials from environment variables or by a number of other ways (credential files, IAM roles, etc).Therefore it seems like this check should either:
It seems like checking the other credential sources should be something that's reserved for
opendalrather thansccache.Can I open a PR to remove this check from
sccache?