Version: $ openshift-install version openshift-install-linux-4.9.0-0.nightly-2021-06-21-191858 4.9.0-0.nightly-2021-06-21-191858 built from commit e1e4b2aa57f29878ae8bc1ccf29a567bd8acaf22 release image quay.io/openshift-release-dev/ocp-release-nightly@sha256:09ded6a9b902067c1f2f43125d1343d3fde9e2212bb57a0964d4ca3154884409 Platform: AWS - IPI What happened? When AWS_SHARED_CREDENTIALS_FILE is set to an empty file or an invalid path, the credentials collected through the interactive installer prompt (`openshift-install create install-config`) are written to ~/.aws/credentials, possibly overwriting what is there already. What did you expect to happen? I expected AWS_SHARED_CREDENTIALS_FILE to either be ignored, or fully supported. Since credentials are read from $AWS_SHARED_CREDENTIALS_FILE, they should also be written to $AWS_SHARED_CREDENTIALS_FILE. How to reproduce it (as minimally and precisely as possible)? Note that before running the following commands, ~/.aws/credentials contains valid credentials. The prompt asks for new credentials because AWS_SHARED_CREDENTIALS_FILE is set to point to a non-existant path. $ export AWS_SHARED_CREDENTIALS_FILE=$PWD/creds $ openshift-install create install-config ? Platform aws ? AWS Access Key ID 123123 ? AWS Secret Access Key [? for help] ****** INFO Writing AWS credentials to "/var/home/pierre/.aws/credentials" (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html) [...]
This has been reviewed, and we will target a fix after the feature freeze.
Will address this in a future sprint.
Needs prioritized.
verified. PASS. OCP version:4.9.0-0.nightly-2021-08-25-185404 > non-exist AWS_SHARED_CREDENTIALS_FILE export AWS_SHARED_CREDENTIALS_FILE=/tmp/non-exist-file ./openshift-install create install-config --dir cluster2 ? SSH Public Key /home/cloud-user/.ssh/openshift-qe.pub ? Platform aws ? AWS Access Key ID aaa ? AWS Secret Access Key [? for help] *** INFO Writing AWS credentials to "/tmp/non-exist-file" (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html) cat /tmp/non-exist-file ; https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html [default] aws_access_key_id = aaa aws_secret_access_key = bbb > empty AWS_SHARED_CREDENTIALS_FILE export AWS_SHARED_CREDENTIALS_FILE= ./openshift-install create install-config --dir cluster4 ? SSH Public Key /home/cloud-user/.ssh/openshift-qe.pub ? Platform aws INFO Credentials loaded from the "default" profile in file "/home/cloud-user/.aws/credentials" > invalid ini file export AWS_SHARED_CREDENTIALS_FILE=/tmp/invalid-cred ./openshift-install create install-config --dir cluster5 ? SSH Public Key /home/cloud-user/.ssh/openshift-qe.pub ? Platform aws ? AWS Access Key ID assss ? AWS Secret Access Key [? for help] ******* INFO Writing AWS credentials to "/tmp/invalid-cred" (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html) cat /tmp/in-valid-cred aws_access_key_id = AKIA aws_secret_access_key = H0/6 [default] aws_access_key_id = assss aws_secret_access_key = sasdasd
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:3759