Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for ALIBABA_CLOUD_CREDENTIALS_FILE #557

Closed
jsafrane opened this issue Nov 19, 2021 · 6 comments
Closed

Add support for ALIBABA_CLOUD_CREDENTIALS_FILE #557

jsafrane opened this issue Nov 19, 2021 · 6 comments
Labels
lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.

Comments

@jsafrane
Copy link
Contributor

It would be nice if the CSI drivers support ALIBABA_CLOUD_CREDENTIALS_FILE env. variable, pointing to a file with this format

[default]
type = access_key
access_key_id: xxxxxxx
access_key_secret: yyyyy

There are some traces of using such env. var + file format in vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/provider, maybe it can be reused.
@mowangdk
Copy link
Contributor

mowangdk commented Dec 5, 2021

to reuse vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/provider, a lot of code changes are involved, so we will not support this env for the time being.

@kwoodson
Copy link
Contributor

kwoodson commented Dec 5, 2021

@mowangdk The code that we would like to use is this code here:
https://github.com/kubernetes-sigs/alibaba-cloud-csi-driver/blob/master/vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/provider/profile_credentials.go#L40

Support for reading the INI file format already exists in the code above.

An example of using this code is here:

https://github.com/openshift/cluster-ingress-operator/pull/683/files#diff-70322845158824666344cf3d2576ededa80d36c42e911b4e3f05bb626940ac60R25-R64

to reuse vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/provider, a lot of code changes are involved, so we will not support this env for the time being.

I don't believe it would take a lot of code changes since the function above is relatively small (64 lines of code). The other issue I see that would make the code easier to consume is to have a way to read the credentials from a file without setting the environment variable. If Alibaba could add an additional function or refactor the code to have an additional parameter that does not require the environment variable the consumer of these functions could pass a file object to a function which would avoid doing any environment variable setting or locking.

@gujingit @menglingwei @Lyt99 @DahuK @bd233 WDYT?

@mowangdk
Copy link
Contributor

mowangdk commented Dec 6, 2021

@mowangdk The code that we would like to use is this code here: https://github.com/kubernetes-sigs/alibaba-cloud-csi-driver/blob/master/vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/provider/profile_credentials.go#L40

Support for reading the INI file format already exists in the code above.

An example of using this code is here:

https://github.com/openshift/cluster-ingress-operator/pull/683/files#diff-70322845158824666344cf3d2576ededa80d36c42e911b4e3f05bb626940ac60R25-R64

to reuse vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/provider, a lot of code changes are involved, so we will not support this env for the time being.

I don't believe it would take a lot of code changes since the function above is relatively small (64 lines of code). The other issue I see that would make the code easier to consume is to have a way to read the credentials from a file without setting the environment variable. If Alibaba could add an additional function or refactor the code to have an additional parameter that does not require the environment variable the consumer of these functions could pass a file object to a function which would avoid doing any environment variable setting or locking.

@gujingit @menglingwei @Lyt99 @DahuK @bd233 WDYT?

what you says did make sense, but the point does not lie in the reading of ini files. We are not use the auth.Credential interface to generate OpenApi client. this change involves all backing store types. So we need a long period of verification.

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 6, 2022
@jsafrane
Copy link
Contributor Author

jsafrane commented Mar 9, 2022

I think this has been fixed by #572
/close

@k8s-ci-robot
Copy link
Contributor

@jsafrane: Closing this issue.

In response to this:

I think this has been fixed by #572
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@kwoodson @jsafrane @mowangdk @k8s-ci-robot @k8s-triage-robot