-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Registry sync should not delete profiles when failing to sync #386
Comments
Hi @Nevon, thank you for raising this issue. Currently you can use On the registry sync failure case, removing the whole section on error was so that user will have visibility if there is some issues with the latest remote registry sync and can quickly update it. But in your case it was caused on the user end which is a bit of a problem. I will have a look on how we can make this experience better. Thanks again for raising this! |
Just hit this myself:
I had valid config of course, remote git repo is unreachable during sync (with no way to skip sync when running assume) so sync fails and config is deleted |
"Automatically zero the configs I use for production access" is not an acceptable failure mode for something that runs automatically. It creates a situation where, if there is an SCM issue — whether client-side connectivity, configuration, or Github is down, users cannot access their AWS configs. If you understand granted and granted registries well, there are generally workarounds, but the typical user should not need to be aware of them. |
* Do not overwrite AWS config when sync fails Fix issue #386 * Add WriteOnSyncFailure option to repo sync
* Do not overwrite AWS config when sync fails Fix issue common-fate#386 * Add WriteOnSyncFailure option to repo sync
Fixed in #569 |
Currently the way that the sync works is that it deletes all the content of the aws config that was created by granted, and then it fetches the new configuration and writes it back into the config file. If there is any error syncing a registry, all the other profiles are added into the config file.
I encountered this behavior the other day when I couldn't find any of the profiles I expected. The reason was that at the beginning of the workday I forgot to connect to the company VPN, which means that the first time I used
assume
it tried to sync my profiles but couldn't reach the remote repository and thus deleted most of my profiles from my config. I didn't notice this until later when I was very confused.My suggestion would be that the configuration should have some kind of marker that shows which registry a profile was synced from. If syncing from a particular registry fails, print an error but don't delete that section.
The text was updated successfully, but these errors were encountered: