merge: #3061

3061: fix(si): Removing the need to send AWS creds to the veritech container r=stack72 a=stack72 Co-authored-by: stack72 <[email protected]>
systeminit · Dec 15, 2023 · e5ca95f · e5ca95f
2 parents 5fb151b + 8b7a707
commit e5ca95f
Show file tree

Hide file tree

Showing 3 changed files with 0 additions and 80 deletions.
diff --git a/bin/veritech/docker-entrypoint.sh b/bin/veritech/docker-entrypoint.sh
@@ -3,31 +3,11 @@
 set -eu
 
 main() {
-  write_aws_credentials
   write_docker_credentials
 
   exec /usr/local/bin/.veritech "$@"
 }
 
-write_aws_credentials() {
-  ensure_env_var AWS_ACCESS_KEY_ID "${AWS_ACCESS_KEY_ID:-}"
-  ensure_env_var AWS_SECRET_ACCESS_KEY "${AWS_SECRET_ACCESS_KEY:-}"
-
-  mkdir -p "$HOME/.aws"
-  chmod 0755 "$HOME/.aws"
-  cat <<-EOF >"$HOME/.aws/credentials"
-	[default]
-	aws_access_key_id = ${AWS_ACCESS_KEY_ID:-}
-	aws_secret_access_key = ${AWS_SECRET_ACCESS_KEY:-}
-	EOF
-  if [ -n "${AWS_SESSION_TOKEN:-}" ]; then echo "aws_session_token = ${AWS_SESSION_TOKEN:-}" >>"$HOME/.aws/credentials"; fi
-  chmod 0600 "$HOME/.aws/credentials"
-
-  # Remove environment variables from veritech's environment
-  # AWS_SESSION_TOKEN is optional, but `unset` returns 0 for any variable, whether it exists or not
-  unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN
-}
-
 write_docker_credentials() {
   ensure_env_var DOCKER_AUTHENTICATION "${DOCKER_AUTHENTICATION:-}"
 

diff --git a/lib/si-cli/src/cmd/configure.rs b/lib/si-cli/src/cmd/configure.rs
@@ -32,57 +32,6 @@ async fn invoke(_is_preview: bool, reconfigure: bool) -> CliResult<()> {
     println!("{}\n", creds_path.display());
     println!("After changing these credentials, restart System Initiative.");
 
-    if prompt_everything || raw_creds.aws_access_key_id.is_empty() {
-        let aws_access_key = Password::new("AWS Access Key ID")
-            .with_display_toggle_enabled()
-            .without_confirmation()
-            .with_display_mode(PasswordDisplayMode::Full)
-            .prompt();
-
-        match aws_access_key {
-            Ok(aws_access_key) => {
-                raw_creds.aws_access_key_id = aws_access_key;
-                requires_rewrite = true;
-            }
-            Err(inquire::InquireError::OperationInterrupted) => return Err(SiCliError::CtrlC),
-            Err(_) => {
-                println!("An error happened when asking for your AWS Access Key, try again later.")
-            }
-        }
-    }
-
-    if prompt_everything || raw_creds.aws_secret_access_key.is_empty() {
-        let aws_secret_access_key = Password::new("AWS Secret Access Key")
-            .with_display_toggle_enabled()
-            .without_confirmation()
-            .with_display_mode(PasswordDisplayMode::Masked)
-            .prompt();
-
-        match aws_secret_access_key {
-            Ok(aws_secret_access_key) => {
-                raw_creds.aws_secret_access_key = aws_secret_access_key;
-                requires_rewrite = true;
-            }
-            Err(inquire::InquireError::OperationInterrupted) => return Err(SiCliError::CtrlC),
-            Err(_) => println!(
-                "An error happened when asking for your AWS Secret Access Key, try again later."
-            ),
-        }
-    }
-
-    if prompt_everything {
-        let session_token = Text::new("Set an AWS Session Token").prompt();
-
-        match session_token {
-            Ok(token) => {
-                raw_creds.aws_session_token = Some(token);
-                requires_rewrite = true;
-            }
-            Err(inquire::InquireError::OperationInterrupted) => return Err(SiCliError::CtrlC),
-            Err(_) => println!("Not setting an AWS Session Token"),
-        }
-    }
-
     if prompt_everything {
         let endpoint_url = Text::new("Set a Custom AWS Endpoint (e.g. Localstack)").prompt();
 

diff --git a/lib/si-cli/src/key_management.rs b/lib/si-cli/src/key_management.rs
@@ -112,20 +112,11 @@ pub async fn get_user_email() -> CliResult<String> {
 pub async fn format_credentials_for_veritech() -> CliResult<Vec<String>> {
     let raw_creds = get_credentials().await?;
     let mut creds = Vec::new();
-    creds.push(format!("AWS_ACCESS_KEY_ID={}", raw_creds.aws_access_key_id));
-    creds.push(format!(
-        "AWS_SECRET_ACCESS_KEY={}",
-        raw_creds.aws_secret_access_key
-    ));
 
     if let Some(url) = raw_creds.aws_endpoint_url {
         creds.push(format!("AWS_ENDPOINT_URL={}", url));
     }
 
-    if let Some(token) = raw_creds.aws_session_token {
-        creds.push(format!("AWS_SESSION_TOKEN={}", token))
-    }
-
     if raw_creds.docker_hub_user_name.is_some() && raw_creds.docker_hub_credential.is_some() {
         let mut username = "".to_string();
         let mut credential = "".to_string();