puppetlabs-aws icon indicating copy to clipboard operation
puppetlabs-aws copied to clipboard

Published 20 hours ago verified publisher icon puppetlabs-toy-chest

Request for developer bootstrapping documentation -- help needed

Open reubenavery opened this issue 9 years ago • 6 comments
trafficstars

I'm feeling the pain in getting started contributing. Despite having suitable AWS access keys available both as ENV vars AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, but also within ~/.aws/credentials and even ~/.fog, if I run bundle exec rake spec after removing any member within fixtures/vcr_cassettes, it fails with 'The security token included in the request is invalid.'

I've been digging all over attempting to solve this presumably simple configuration issue on my own and I'm getting nowhere.

It would be very helpful if some basic documentation could be available for getting off the ground. This repo has a wiki, can we not use that? Or build out the contributing.md?

I'm assuming beyond this issue there are other important details needed to get effectively rolling on this.

Thank you all

reubenavery avatar Jul 27 '16 17:07 reubenavery

Yes docs. In the meantime, what I have been doing to get around that, since most of the example providers looked to have the redacted credentials in the incorrect spot, was something like the following from within a test.

provider_class = Puppet::Type.type(:mytype).provider(:v2)
describe provider_class do
  before do
    ENV['AWS_ACCESS_KEY_ID'] = 'redacted'
    ENV['AWS_SECRET_ACCESS_KEY'] = 'redacted'
    ENV['AWS_REGION'] = 'us-west-2'
  end
  it do
    ..
  end
end

This way, for the described class, each test will include the environment variables as required. Does that help? My most recent example is here: https://github.com/puppetlabs/puppetlabs-aws/pull/324

prozach avatar Jul 27 '16 19:07 prozach

@reubenavery I believe I spelled most things correctly: https://github.com/puppetlabs/puppetlabs-aws/pull/325 How does that look?

prozach avatar Jul 27 '16 20:07 prozach

@zleswomp awesome, this has gotten me over the hump, thank you!

reubenavery avatar Jul 28 '16 16:07 reubenavery

This was of great assistance in getting off the ground, however needing to place secrets inside the code is a very big no-no. Even I as experienced as I am in guarding against this, I ended up committing my AWS creds in a file accidentally. Thankfully a bot discovered this and reported.

This module implements Fog by way of the aws-sdk, can this not be implemented within specs, or some other means either environment variables or what is available within ~/.aws/credentials, to relieve this?

reubenavery avatar Jul 28 '16 23:07 reubenavery

@reubenavery That seems entirely reasonable. It seems like there is something else broken though, since I definitely have the environment variables present when I execute the tests, and as you have witnessed, this fails. So we probably just need to track down the reason, or come up with a helper method to load the ~/.aws/credentials file if its found to exist. That seems like something that should happen as its own effort, rather than piggy backing on existing PRs, etc, but yes. The VCR yaml files I am less clear about.

prozach avatar Jul 28 '16 23:07 prozach

@reubenavery, I believe this was resolved by #325 and the feedback above. Can I close this?

ahenroid avatar Mar 03 '17 21:03 ahenroid