helm-s3
helm-s3 copied to clipboard
cannot use with AWS SSO credentials
It appears that v0.10.0
cannot be used with cli profiles that are aws sso-based.
➜ helm repo add my-charts s3://my-helm-charts/ --force-update
fetch from s3 uri=s3://lucid-helm-charts/index.yaml: fetch object from s3: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
Error: looks like "s3://lucid-helm-charts/" is not a valid chart repository or cannot be reached: plugin "bin/helms3" exited with error
The underlying issue appears to be with the aws-sdk-go project only adding support for SSO-based credentials in 1.37.0
, more details here.
It appears that the project has actually been upgraded to use aws-sdk-go > 1.37.0, but hasn't been released yet. Would it be possible to finish out the release that supports this dependency upgrade? The workarounds are brutal! 😄
Thanks!
In the meantime you can install the dev version. Still better than the workarounds we proposed in #123
ah ha! Apologies for missing #123 when I was inspecting for related issues!
I was able to get things working with the dev version, although I needed a slightly different set of steps:
helm plugin uninstall s3
HELM_S3_PLUGIN_NO_INSTALL_HOOK=true helm plugin install https://github.com/hypnoglow/helm-s3.git
cd /Users/<localuser>/Library/helm/plugins/helm-s3.git
make deps build-local
# at this point, I noticed this directory didn't have a `bin/` dir in it
# I looked in $GOPATH/src/github.com/hypnoglow/helm-s3/ and found it there
# (perhaps the hack/build.sh script doesn't work well with a real go env installed?)
# so I decided to just go back and symlink the plugin dir to this path
cd /Users/<localuser>/Library/helm/plugins/
rm -rf helm-s3.git
ln -sf $GOPATH/src/github.com/hypnoglow/helm-s3 helm-s3.git
# success!
Thanks for the pointer in the right direction, looking forward to a release here before we roll out SSO to the rest of my team!
just started our kubernetes/helm journey and ran across this issue as well. are there plans for a release that corrects this issue?
Is there any ETA for the next release?
@hypnoglow is there any plan for a new release soon?
i'm also waiting for this release.
Looking forward to this release as well!
another vote for this one
are there any future plans for releases for this project?
We just ran into this issue when integrating with helmfile, and would really appreciate a release with the patch mentioned above.
For anyone else interested, I had to create a new downloader plugin for ourselves to cover the missing features in this plugin like this AWS SSO issue and AWS Region issue: https://github.com/mforutan/helm-s3-downloader
It depends on AWS CLI and only support bash but it is simple enough as a downloader only when you don't need any other features, and can be replicated for other environments. you should still use this plugin to maintain your repository though.
ah ha! Apologies for missing #123 when I was inspecting for related issues!
I was able to get things working with the dev version, although I needed a slightly different set of steps:
helm plugin uninstall s3 HELM_S3_PLUGIN_NO_INSTALL_HOOK=true helm plugin install https://github.com/hypnoglow/helm-s3.git cd /Users/<localuser>/Library/helm/plugins/helm-s3.git make deps build-local # at this point, I noticed this directory didn't have a `bin/` dir in it # I looked in $GOPATH/src/github.com/hypnoglow/helm-s3/ and found it there # (perhaps the hack/build.sh script doesn't work well with a real go env installed?) # so I decided to just go back and symlink the plugin dir to this path cd /Users/<localuser>/Library/helm/plugins/ rm -rf helm-s3.git ln -sf $GOPATH/src/github.com/hypnoglow/helm-s3 helm-s3.git # success!
Thanks for the pointer in the right direction, looking forward to a release here before we roll out SSO to the rest of my team!
I had to do this as well, minus the symlinking portion. there was a bin
directory in my local compiled version.
For me, the steps were:
helm plugin uninstall s3
HELM_S3_PLUGIN_NO_INSTALL_HOOK=true helm plugin install https://github.com/hypnoglow/helm-s3.git
cd ~/Library/helm/plugins/helm-s3.git
make deps build-local
I had to update go to 1.15 or higher, that was the only other sticking point for me.
ah ha! Apologies for missing #123 when I was inspecting for related issues!
I was able to get things working with the dev version, although I needed a slightly different set of steps:
helm plugin uninstall s3 HELM_S3_PLUGIN_NO_INSTALL_HOOK=true helm plugin install https://github.com/hypnoglow/helm-s3.git cd /Users/<localuser>/Library/helm/plugins/helm-s3.git make deps build-local # at this point, I noticed this directory didn't have a `bin/` dir in it # I looked in $GOPATH/src/github.com/hypnoglow/helm-s3/ and found it there # (perhaps the hack/build.sh script doesn't work well with a real go env installed?) # so I decided to just go back and symlink the plugin dir to this path cd /Users/<localuser>/Library/helm/plugins/ rm -rf helm-s3.git ln -sf $GOPATH/src/github.com/hypnoglow/helm-s3 helm-s3.git # success!
Thanks for the pointer in the right direction, looking forward to a release here before we roll out SSO to the rest of my team!
Under Ubuntu I needed to follow the same procedure with different paths.
/Users/<localuser>/Library/helm/plugins/helm-s3.git
becomes
~/.local/share/helm/plugins/helm-s3.git
workaround for now:
aws-vault exec <aws-profile-name> -- helm repo add <repo-name> s3://bucket-name
Is this still an issue? I'm having it and I'm using SSO configurations inside .aws folder.
Not working for with SSO configured:
helm repo add forrHelmRepoTest s3://namechanged/charts
Error: fetch from s3 url=s3://namechanged/charts/index.yaml: fetch object from s3: SSOProviderInvalidToken: the SSO session has expired or is invalid
caused by: open /Users/adityapednekar/.aws/sso/cache/03ae69f85a285e04949ac812c8499c653e37d339.json: no such file or directory
Error: looks like "s3://namechanged/charts" is not a valid chart repository or cannot be reached: plugin "bin/helm-s3 download" exited with error
Was able to get the same command working using the aws-vault workaround specified by @cheddarwhizzy (thanks).
Using AWS SSO's "command line" button to quickly get export commands for env vars, the env vars work. That's the workaround I'm using. Surprised to see such an old issue not resolved yet though. We changed to AWS SSO and are considering moving off s3 for charts now.
Thanks for reporting!
https://github.com/hypnoglow/helm-s3/pull/274 will fix the issue, I've tested it on my AWS account with SSO.