Closed eudalov closed 1 year ago
The presence of the AWS_ vars on the running environment prompts dockerbuilder to use them instead of using the ones configured when installed. The impact is that dockerbuilder will potentially attempt to store the resulting artifacts on a different AWS account than the one configured at installation time.
Our research found two ways of addressing this: a) Modify dockerbuilder so that it sanitizes the relevant env vars before pushing to S3 the resulting artifact, by inserting a step before downloading the tar file b) Modify object-storage-cli to have it ignore AWS related variables on the environment.
Having said all of that, these fixes/approaches do not consider this case: when the user intentionally wants to override the default credentials and 'force' dockerbuilder to push the artifact to a different AWS account. If any member of the community is using this scenario then we won't be able to submit the fix, and will just share it as a snippet.
I can't imagine a scenario myself where it's considered correct behavior for the builder to change its push target for artifacts based on the application's configuration, and I'd have to see an example of how it could be used productively to even consider that as intentional. I am for fixing the bug, so apps with AWS_S3 storage buckets of their own to attach can do so using environment variables and not interfere with Builder or its work. 👍
This is quite a serious bug. I'm surprised I have not run into it more often. Maybe because a lot of the apps we deployed on hephy were dockerized containers.
PR #14 merged! Thank you for the contribution @eudalov and @dvalfre
Hephy Builder fails to store the Docker image it has just built with the message below:
Steps to reproduce:
git push deis