You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already)
Issue details
When the AWS_PROFILE environment variable is set when running pulumi, the constructor of aws.eks.Cluster fails if the providerCredentialOpts input is not provided.
This assumes that all places where this pulumi program runs have the same setup. This is not the case for us - we run Pulumi on our workstations for previews during development (and we use AWS profiles there), and then CI/CD performs previews and updates on the same program, but without AWS profiles.
It seems strange to be forced to hardcode authentication information in the Pulumi program.
Steps to reproduce
export the AWS_PROFILE environment variable
instantiate aws.eks.Cluster in the Pulumi program
run pulumi preview
Expected: a preview
Actual:
Diagnostics:
pulumi:pulumi:Stack (<stack>):
error: Running program '<srcdir>' failed with an unhandled exception:
Error: It looks like you're using AWS profiles. Please specify this profile in providerCredentialOpts.
at new Cluster (<srcdir>/node_modules/@pulumi/cluster.ts:1396:19)
at Object.<anonymous> (<srcdir>/kubernetes-cnc.ts:79:17)
at Module._compile (node:internal/modules/cjs/loader:1095:14)
at Module.m._compile (<srcdir>/node_modules/ts-node/src/index.ts:439:23)
at Module._extensions..js (node:internal/modules/cjs/loader:1124:10)
at Object.require.extensions.<computed> [as .ts] (<srcdir>/node_modules/ts-node/src/index.ts:442:12)
at Module.load (node:internal/modules/cjs/loader:975:32)
at Function.Module._load (node:internal/modules/cjs/loader:816:12)
at Module.require (node:internal/modules/cjs/loader:999:19)
at require (node:internal/modules/cjs/helpers:93:18)
cc @lblackstone for thoughts here. Ideally setting providerCredentialOpts should just override the environment variables. If not specified the environment variables or pulumi config take precedence.
cc @lblackstone for thoughts here. Ideally setting providerCredentialOpts should just override the environment variables. If not specified the environment variables or pulumi config take precedence.
Yeah, that sounds right to me. We might want to log a warning if they are different, but there are valid cases where they would be.
This doesn't really cover the use case where you're authenticating via AssumeRole. Lots of security postures out there that won't allow explicit use of an IAM user with ACCESS_KEY_ID and SECRET_ACCESS_KEY Also need a way to put this into a CI/CD pipeline where using credentials like that is an anti-pattern anyway.
Hello!
Issue details
When the
AWS_PROFILE
environment variable is set when running pulumi, the constructor ofaws.eks.Cluster
fails if theproviderCredentialOpts
input is not provided.This assumes that all places where this pulumi program runs have the same setup. This is not the case for us - we run Pulumi on our workstations for previews during development (and we use AWS profiles there), and then CI/CD performs previews and updates on the same program, but without AWS profiles.
It seems strange to be forced to hardcode authentication information in the Pulumi program.
Steps to reproduce
Expected: a preview
Actual:
This is being thrown @
pulumi-eks/nodejs/eks/cluster.ts
Lines 1395 to 1397 in 721e8e5
The text was updated successfully, but these errors were encountered: