Skip to content

Commit

Permalink
Ensure AWS S3 envvars propagate through S3 (#103)
Browse files Browse the repository at this point in the history 
* if aws envvar credentials are provided, block until they've propagated through to S3

* put check in conditional

* make bash happy
  • Loading branch information
@trxcllnt
trxcllnt authored Jul 25, 2023
1 parent 7d1c506 commit 60e7b24
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 34 deletions.
2 changes: 1 addition & 1 deletion features/src/utils/devcontainer-feature.json
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "devcontainer-utils",
"id": "utils",
"version": "23.8.10",
"version": "23.8.11",
"description": "A feature to install RAPIDS devcontainer utility scripts",
"containerEnv": {
"BASH_ENV": "/etc/bash.bash_env"
Expand Down
70 changes: 37 additions & 33 deletions features/src/utils/opt/devcontainer/bin/vault/s3/init.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,40 +20,44 @@ init_vault_s3_creds() {
set -euo pipefail;

if type sccache >/dev/null; then
if test -n "${SCCACHE_BUCKET:-}" \
&& grep -qE "^$" <<< "${AWS_ACCESS_KEY_ID:-}" \
&& grep -qE "^$" <<< "${AWS_SECRET_ACCESS_KEY:-}" ; then
if test -n "${VAULT_HOST:-}" ; then
# Generate S3 creds if they don't exist (or are expired)
if ! devcontainer-utils-vault-s3-creds-test 2>&1 >/dev/null; then
devcontainer-utils-vault-s3-creds-generate;
if test -n "${SCCACHE_BUCKET:-}"; then
if grep -qE "^$" <<< "${AWS_ACCESS_KEY_ID:-}" \
&& grep -qE "^$" <<< "${AWS_SECRET_ACCESS_KEY:-}" ; then
if test -n "${VAULT_HOST:-}" ; then
# Generate S3 creds if they don't exist (or are expired)
if ! devcontainer-utils-vault-s3-creds-test 2>&1 >/dev/null; then
devcontainer-utils-vault-s3-creds-generate;
fi
# Persist creds in ~/.aws dir
devcontainer-utils-vault-s3-creds-persist <<< "
$(s3_bucket_args)
$(s3_bucket_auth)
";
# Install a crontab to refresh the credentials
devcontainer-utils-vault-s3-creds-schedule;
else
# If credentials have been mounted in, ensure they're used
case $(devcontainer-utils-vault-s3-creds-test; echo $?) in
# bucket is read + write with the current credentials
[0] )
devcontainer-utils-vault-s3-creds-persist <<< "
$(s3_bucket_args)
$(s3_bucket_auth)
";;
# bucket is read-only and should be accessed without credentials
[2] )
devcontainer-utils-vault-s3-creds-persist <<< "
--no_credentials
$(s3_bucket_args)
";;
# bucket is inaccessible
* )
devcontainer-utils-vault-s3-creds-persist <<< "--no_bucket --no_region";;
esac
fi
# Persist creds in ~/.aws dir
devcontainer-utils-vault-s3-creds-persist <<< "
$(s3_bucket_args)
$(s3_bucket_auth)
";
# Install a crontab to refresh the credentials
devcontainer-utils-vault-s3-creds-schedule;
else
# If credentials have been mounted in, ensure they're used
case $(devcontainer-utils-vault-s3-creds-test; echo $?) in
# bucket is read + write with the current credentials
[0] )
devcontainer-utils-vault-s3-creds-persist <<< "
$(s3_bucket_args)
$(s3_bucket_auth)
";;
# bucket is read-only and should be accessed without credentials
[2] )
devcontainer-utils-vault-s3-creds-persist <<< "
--no_credentials
$(s3_bucket_args)
";;
# bucket is inaccessible
* )
devcontainer-utils-vault-s3-creds-persist <<< "--no_bucket --no_region";;
esac
elif devcontainer-utils-vault-s3-creds-propagate; then
# Block until the new temporary AWS S3 credentials propagate
echo -n "";
fi
fi
. /etc/profile.d/*-devcontainer-utils.sh;
Expand Down

0 comments on commit 60e7b24

Please sign in to comment.