search

sst / ion

SST v3
https://sst.dev
MIT License
1.61k stars 211 forks source link

Deployment to CloudFlare StaticSite Fails with `Resolved credential object is not valid` #26

Closed claughinghouse closed 6 months ago

claughinghouse commented 6 months ago

I keep getting this error with the Cloudflare provider. I set the providers.cloudflare.apiToken but had the same error. 

sst dev --verbose
time=2024-03-11T13:44:44.688-04:00 level=INFO msg=plugins files="[d resource-aws-v6.10.0/ - resource-aws-v6.10.0.lock d resource-cloudflare-v5.22.0/ - resource-cloudflare-v5.22.0.lock]"
time=2024-03-11T13:44:44.692-04:00 level=INFO msg="no existing server found, starting new one"
time=2024-03-11T13:44:44.695-04:00 level=INFO msg="waiting for server to start"
SST ❍ ion 0.0.133  ready!

➜  App:        appname
   Stage:      cody

~  Deploying

(node:58827) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
|  Creating    sst:cloudflare:StaticSite → pulumi-nodejs:dynamic:Resource → WwwAssetFiles
|  Error       sst:cloudflare:StaticSite → pulumi-nodejs:dynamic:Resource → WwwAssetFiles
|  Resolved credential object is not valid
|  ADD THIS ERROR HERE https://www.notion.so/sst-dev/Flaky-errors-2a51e5e471f745ee9d0b8d69c5b4f8c8?pvs=4

❌ Failed
   sst:cloudflare:StaticSite → pulumi-nodejs:dynamic:Resource → WwwAssetFiles
   Resolved credential object is not valid
   ADD THIS ERROR HERE https://www.notion.so/sst-dev/Flaky-errors-2a51e5e471f745ee9d0b8d69c5b4f8c8?pvs=4

with this sst.config.ts :

export default $config({
  app(input) {
    return {
      name: "appname",
      removalPolicy: input?.stage === "production" ? "retain" : "remove",
      providers: {
        cloudflare: {
          accountId: "...redacted...",
        },
        aws: {
          profile: input?.stage === "production" ? "production" : "development",
        },
      },
    };
  },
  async run() {
    new sst.cloudflare.StaticSite("Www", {
      path: "packages/www",
    });
  },
});

I have the CLOUDFLARE_API_TOKEN env var set and valid AWS credentials.

Discord Link

fwang commented 6 months ago

@claughinghouse Currently, StaticSite uses R2 bucket to store assets. You'd need to create an R2 token via the R2 Console > Manage R2 tokens. That token will give you an ACCESS KEY and SECRET KEY. And then pass those in via environment variable. ie.

CLOUDFLARE_R2_ACCESS_KEY_ID=xxxxxx CLOUDFLARE_R2_SECRET_ACCESS_KEY=yyyyyy

That said, I'm making a change to StaticSite to use RV for storing assets. So in the next version, it won't use R2, and you won't need this token. Just the API Token would be enough.

claughinghouse commented 6 months ago

Same results after upgrading to v0.0.135 and logging into both AWS SSO and runningpnpm wrangler d1 list returns a list of my DBs. Wrangler returns a message that indicates that is picked up the environment variable apiToken:

sst dev --verbose
time=2024-03-11T14:21:43.499-04:00 level=INFO msg=plugins files="[d resource-aws-v6.10.0/ - resource-aws-v6.10.0.lock d resource-cloudflare-v5.22.0/ - resource-cloudflare-v5.22.0.lock]"
time=2024-03-11T14:21:43.501-04:00 level=INFO msg="no existing server found, starting new one"
time=2024-03-11T14:21:43.505-04:00 level=INFO msg="waiting for server to start"
SST ❍ ion 0.0.135  ready!

➜  App:        appname
   Stage:      cody

~  Deploying

(node:65562) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
|  Creating    sst:cloudflare:StaticSite → pulumi-nodejs:dynamic:Resource → WwwAssetFiles
|  Error       sst:cloudflare:StaticSite → pulumi-nodejs:dynamic:Resource → WwwAssetFiles
|  Resolved credential object is not valid

❌ Failed
   sst:cloudflare:StaticSite → pulumi-nodejs:dynamic:Resource → WwwAssetFiles
   Resolved credential object is not valid
claughinghouse commented 6 months ago

@claughinghouse Currently, StaticSite uses R2 bucket to store assets. You'd need to create an R2 token via the R2 Console > Manage R2 tokens. That token will give you an ACCESS KEY and SECRET KEY. And then pass those in via environment variable. ie.

CLOUDFLARE_R2_ACCESS_KEY_ID=xxxxxx CLOUDFLARE_R2_SECRET_ACCESS_KEY=yyyyyy

That said, I'm making a change to StaticSite to use RV for storing assets. So in the next version, it won't use R2, and you won't need this token. Just the API Token would be enough.

I will give it a try. I posted my update above right as you had posted the info about R2. Thank you and I will report back shortly!

This is the current permission list for the apiToken:

image

claughinghouse commented 6 months ago

@claughinghouse Currently, StaticSite uses R2 bucket to store assets. You'd need to create an R2 token via the R2 Console > Manage R2 tokens. That token will give you an ACCESS KEY and SECRET KEY. And then pass those in via environment variable. ie.

CLOUDFLARE_R2_ACCESS_KEY_ID=xxxxxx CLOUDFLARE_R2_SECRET_ACCESS_KEY=yyyyyy

That said, I'm making a change to StaticSite to use RV for storing assets. So in the next version, it won't use R2, and you won't need this token. Just the API Token would be enough.

This did the trick. I will close the issue pending the next version you listed. Thank you @fwang!

fwang commented 6 months ago

@claughinghouse Just released 0.137. Swapped out R2 with KV. No need for the R2 tokens.

If you run into the "The bucket you tried to delete is not empty" error when deploying, go to ur R2 dashboard and delete all files in it, then run deploy again.