prevents AWS errors when not using AWS #1810
Conversation
dimitropoulos
force-pushed
the
awsErrorHandling
branch
from
62e5d6d to
bb395cf
Compare
| imageCreds = credsWithAWSAuth | ||
| usingAWS := false | ||
| for _, awsOption := range awsOptions { | ||
| if fs.Changed(awsOption) { |
There was a problem hiding this comment.
This breaks Weave Cloud and any other user that relies on Flux to automatically setup ECR auth.
| imageCreds = credsWithDefaults | ||
| imageCreds = credsWithAWSAuth | ||
| } | ||
| if *dockerConfig != "" { |
There was a problem hiding this comment.
Using a docker config is an alternative to ECR auth so it should not depend on AWS being enabled or nor.
|
I think the log suppression should happen inside |
That is what is happening -- checking for the region using the AWS API lib = is the user even using AWS at all. |
|
@squaremo then what are these two log lines happening for: To be clear, (as a user of flux) if I am not attempting to use AWS at all, I would expect that I do not get these log lines at all. If you disagree with that let me know. |
|
@dimitropoulos They are reporting that the AWS API is not reachable. If fluxd is running in AWS, then you'll want to know about that. In general it won't know if it is running in AWS, without either
I think your objection is that you read it as something going wrong. One mitigation might be to suppress the report of the specific error, unless expressly asked to report it. Then AWS users can see if something is amiss, and troubleshoot it (although at that point, they may as well just exec into the pod). |
|
How about appending "(this can be ignored when not running on AWS)" or similar to the warnings? |
|
@rade that's better... but consider if we enable support for other providers (yes, yes, I know this is a partial "slippery slope" fallacy). should we have errors for Azure, GCP, Digital Ocean, etc. when not using those? I'm not sure of the right approach to take on the code, I acknowledge that, but I can say that getting errors/warnings for AWS when I'm not using AWS seems to me to be something we should be able to prevent. @squaremo re:
To me it clearly says something is going wrong. Whether it's intended to be scary or not, seeing things like Is there some way we can do a little better on distinguishing between:
Right now, we're just handling all of these as the same. What I'm trying to express with this issue/PR is that I think we can do better. I gave an example as to a first shot at how, but @stefanprodan pointed out some deeper flaws in that so at this point @squaremo I'd say either close my issue or perhaps suggest some way to better distinguish things. I think a flag for what cloud provider they're intending to use, despite being more boilerplate, is not ridiculous (but only in the situation where there's no other way to figure out what their intent may be). @2opremio suggested he was "thinking about fixing [this] too" so maybe he has a suggestion. |
|
I offered my solution as something that improves the status quo w/o suffering from the problem @squaremo highlighted. |
I do get what you mean. If you're running in GCP, the error printed out is quite prominent. So I'm for making this less scary-looking. I'm also for fluxd not requiring explicit instructions when they are not needed. |
|
#1863 removes the scary AWS logs unless you ask for them (and lets you filter ECR images even if you're not running in AWS). I think that covers off the motivation for this PR. |
I am not using Flux with AWS. Currently, every time I start Flux, the logs report warnings related to AWS configuration-related failures.
here is a snippet of the very beginning of booting up flux:
It seems reasonable (and simple enough) to me that we should try to determine if the user is even using AWS at all before reporting errors that AWS is apparently misconfigured.
I'm not entirely sure that the code here is exactly what we want to do, but it appears (in my testing) to serve the purpose of preventing logging warnings where we shouldn't.