Bugfix/issue 325 #458
Bugfix/issue 325 #458
Conversation
Changed the way Awspec::Helper::Finder instantiates clients so first it checks for exception related to misconfigurations. Awspec::Helper::Finder::Alb now checks for Aws::ElasticLoadBalancingV2::Errors::LoadBalancerNotFound exception instead of generic ones. Added check_instance to be executed at each method from Awspec::Helper::Finder::Alb so a proper exception is generated if there is no such load balancer.
lib/awspec/helper/finder.rb
Outdated
| @@ -148,6 +148,16 @@ module Finder | |||
| http_proxy: ENV['http_proxy'] || ENV['https_proxy'] || nil | |||
| } | |||
|
|
|||
| # define_method below will "hide" any exception that comes from bad | |||
| # setup of AWS client, so let's try first to create a instance | |||
| if File.exist?(ENV['HOME'] + '/.aws') && File.directory?(ENV['HOME'] + '/.aws') | |||
There was a problem hiding this comment.
awspec should not check .aws. I think this is beyond the awspec's responsibilities
There was a problem hiding this comment.
Just removed the .aws verification... now awspec will try to create a instance of Aws::EC2::Client in any setup situation (.aws or environment variables).
|
Ops... @k1LoW , looks like we need to design some way to the tests running on Travis define a AWS region, or we use something that disables this tests to execute over there... otherwise, they will always fail. |
|
awspec should not check ENV, too. I think this is beyond the awspec's responsibilities. awspec only uses |
Got that, but since I removed any dependency (awssecrets), now the Travis CI tests will always be broken because this PR forces the configuration of the AWS Client at the very beginning, which will always fail because the Specs on awspec are using stubs, not real configuration. A possibility is to add an environment variable (for awspec internal usage) that disables this specific test execution if that variable is defined. |
https://github.com/k1LoW/awspec/pull/458/files#diff-f46513d75a662c430cff22e30e77570cR157 I do not feel the need for very beginning configuration of the AWS Client. Because, I think this is beyond the awspec's responsibilities too. |
I understand that, but there is a trade-off here: AWS configuration is not responsibility of awspec, but misconfiguration of it will cause a delayed exception, later in the specs execution, with a confusing message that will leave the user wondering if there is an error in the defined specs, awspec, AWS SDK or AWS itself. Since we are not checking for anything regarding how the configuration was done (possibly repeating validations already provided by the SDK), forcing the client usage before running anything not only will provide a better error message, but also avoid wasting execution time for specs that will surely fail anyway. Future updates on the SDK (and how the configuration is made) will not break up awspec since we don't care how the configuration is done, just if it is working as expected. What we would need is to define a mechanism to disable this self-test when running on Travis CI, since the stubs will not provide a client configuration by default. |
I disagree, it seems weird to have to call some kind of script to init credentials and then call awspec. While I agree it makes it safer long term in case aws changes their auth api but this has not happened in a very long time and I imagine it will break too many tools that they just wont bother. |
|
There are a number of AWS credential configuration patterns. |
|
@k1LoW , I updated my PR to make it pass on Travis CI by adding a environment variable that disable the AWS client test. I don't think so it will get more simple than that, no assumptions are made regarding how the authentication was done, just executing the client with anything the AWS SDK will pull off from the environment. |
|
@k1LoW , any chance to have this patch applied? |
Co-Authored-By: Ben Abrams <[email protected]>
|
Thanks @majormoses ! |
|
First, thank you for committing to awspec ! This pull request is trying to solve multiple issues. I agree No.3.
If possible, solve one problem with one PR 🙏 because
Best regards. |
|
@k1LoW , the respective PR's for awsecrets are already merged and in place. I just fixed a merge conflict and also fixed, could you please check if this is ready for merge too? |
|
Could you fix Number one on the list? |
Gladly! But I had to fork again from awspec because of conflicts when trying to fetch from upstream, and my original branch is lost (I even tried to recreate with if the same name, but Github wasn't fooled). So, I just copied the changes I made from there to my new fork/branch and will create the PR. For now, I close this one so it can be done. |
Awspec::Helper::Finderinstantiates clients so first it checks for exception related to configurations done wrong.Awspec::Helper::Finder::Albnow checks forAws::ElasticLoadBalancingV2::Errors::LoadBalancerNotFoundexception instead of generic ones.check_instanceto be executed at each method fromAwspec::Helper::Finder::Albso a proper exception is generated if there is no such load balancer.