-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Overwrite the aws config instead of appending #17
Conversation
We have a workflow in which we need to run this action multiple times to login to multiple aws accounts. On the second run, appending the default profile will cause an error. Overwriting the aws config instead of just appending to it.
@rdinardi-bw thanks for reporting this. I think overwriting had it's own issues which I can't remember now. However, instead of limiting ourselves, how about we take
In your steps, you can set |
@mrchief that sounds like a more robust idea. Will do |
… env vars based on the most recent profile we fetched creds for
@mrchief I don't think configuring a profile is as easy as we first thought. Any updates to the AWS config/credentials that's done in One possibility could be to do something like this when adding the env vars to the
So you'd end up with a set of env vars for each profile. Another possibility would be to give examples of how to create a profile in the workflow in a subsequent step. This requires more work on the part of the user however. And creating a file for the config and credentials within the workflow wasn't easy when I tried doing something like this:
This same issue exists in the official AWS actions: I think it would be okay to switch back to the original solution of overwriting the aws configuration within the action since the config/credentials aren't being exposed to the workflow itself. Let me know what you think. |
entrypoint.sh
Outdated
@@ -8,15 +8,15 @@ config="${awsDir}/config" | |||
credentials="${awsDir}/credentials" | |||
|
|||
mkdir -p "${awsDir}" | |||
echo -e "[profile default]\noutput = json" >"$config" | |||
echo -e "[profile $INPUT_AWS_PROFILE]\noutput = json" >>"$config" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we may have to do something like
echo -e "[profile $INPUT_AWS_PROFILE]\noutput = json" >>"$config" | |
echo -e "[profile ${INPUT_AWS_PROFILE:-default}]\noutput = json" >>"$config" |
but if you have tested it to be working fine, then we're good.
First of all, excellent PR and I love that you took time to add the docs as well as detailed examples in the docs!
Yup, this is why we export everything to
|
ah okay, I see what you're saying now. I'll clean this up and mark it ready for review again. Appreciate you working through this with me. |
@mrchief Should we be forcing the user to provide an This goes back to what we were talking about earlier. Since we can't really configure the awscli to use profiles and are just passing back the access key, secret key and session token, it seems to me like we should just overwrite the configuration file each time. There's no real benefit to keeping all the profiles in the config if we aren't able to switch profiles. |
Actually, you're right. So... we did all this work for nothing? 😄 |
I think I learned some things, so there may have been some benefit 😆 I'm going to switch it back to overwriting the configuration and I'll mark the pr ready to review! |
@mrchief any chance you can take another look at this? |
Mostly a readme update, right? If so, I think we should also add a blurb saying how to go about creating multiple profiles and basically summarize the conversation in this thread (including the possible workaround). On a related note, I found this https://github.community/t/docker-container-action-how-to-persist-files-in-workspace/18441 so there may be a way to persist the profile if we saved the file to |
We have a workflow in which we need to run this action multiple times to login to multiple aws accounts. On the second run, appending another default profile will cause an error.
Overwriting the aws config instead of just appending to it.