[OCP-4.x][AWS] Playbook clobbers AWS cred file

[copejon]

Version git hash: 23de699bb57043e6a30ebaa3b9053791f2d17a0d

Location OCP-4.X/roles/install-on-aws/templates/credentials.j2 OCP-4.X/roles/install-on-aws/tasks/main.yml

Environment

AWS_ACCESS_KEY_ID=1232414321234 # or unset AWS_SECRET_ACCESS_KEY=1232412341234 # or unset

Issue The playbook will clobber the $HOME/.aws/credentials variable values, even if the env vars are set. This behavior is undocumented. Overwriting the default credential file results in loss of those keys, forcing users to regenerate them (or having to ask an admin to do it for them).

Behavior The installer will hang indefinitely at the credential check: time="2020-08-19T10:31:08-04:00" level=debug msg=" Generating Platform Credentials Check..." This is because the installer cannot find the keys and is prompting the user for them, but the prompt is hidden from the openshift logs and playbook output.

Suggested Behavior The playbook should not overwrite the $HOME/.aws/credentials file. The playbook should, at most, validate that either the env vars or the credential file exists, and fail if none do. This will prevent the hang and provide the user an indication of what's wrong.

Additionally.. This behavior also exists for the $HOME/.aws/config file, which again should not be overwritten, at least if the env vars are not set or are null.