sam 0.19.0 crashes on trying to create .aws-sam directory when not permitted #1313
Description
Description
While running sam validate from a freshly built docker image, it crashes while trying to create the .aws-sam config directory.
Steps to reproduce
In our CI pipeline, we run sam from within a docker container built according to this Dockerfile:
FROM alpine:3.9
RUN apk add --no-cache \
build-base \
python \
python-dev \
py-pip \
groff \
docker && \
pip install awscli aws-sam-cli
AWS credentials are passed in as environment variables, volumes mounted from the Jenkins workspace into the docker image, and then we simply run:
sam validate -t ./.../template.yaml
Observed result
Logs from the Jenkins build:
$ docker run -t -d -u 3000:100 --network=host -w /data/hudson/workspace/loper-portal_feature_jenkinstest -v /data/hudson/workspace/loper-portal_feature_jenkinstest:/data/hudson/workspace/loper-portal_feature_jenkinstest:rw,z -v /data/hudson/workspace/loper-portal_feature_jenkinstest@tmp:/data/hudson/workspace/loper-portal_feature_jenkinstest@tmp:rw,z -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** xxxx-aws-sam-cli cat
$ docker top 04fa30b17ceb0ae6d45b66190f32f4bad8dedd57386352a31e61f0da6ac18aa2 -eo pid,comm
[Pipeline] {
[Pipeline] withEnv
[Pipeline] {
[Pipeline] withCredentials
Masking supported pattern matches of $AWS_ACCESS_KEY_ID or $AWS_SECRET_ACCESS_KEY
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Validate CloudFormation template)
[Pipeline] sh
+ sam validate --debug -t cloudformation/template.yaml
Traceback (most recent call last):
File "/usr/bin/sam", line 11, in <module>
sys.exit(cli())
File "/usr/lib/python2.7/site-packages/click/core.py", line 722, in __call__
return self.main(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/click/core.py", line 697, in main
rv = self.invoke(ctx)
File "/usr/lib/python2.7/site-packages/click/core.py", line 1063, in invoke
Command.invoke(self, ctx)
File "/usr/lib/python2.7/site-packages/click/core.py", line 895, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/lib/python2.7/site-packages/click/core.py", line 535, in invoke
return callback(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/click/decorators.py", line 64, in new_func
return ctx.invoke(f, obj, *args[1:], **kwargs)
File "/usr/lib/python2.7/site-packages/click/core.py", line 535, in invoke
return callback(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/samcli/cli/main.py", line 83, in cli
if global_cfg.telemetry_enabled is None:
File "/usr/lib/python2.7/site-packages/samcli/cli/global_config.py", line 113, in telemetry_enabled
self._telemetry_enabled = self._get_value(TELEMETRY_ENABLED_KEY)
File "/usr/lib/python2.7/site-packages/samcli/cli/global_config.py", line 145, in _get_value
cfg_path = self._get_config_file_path(CONFIG_FILENAME)
File "/usr/lib/python2.7/site-packages/samcli/cli/global_config.py", line 170, in _get_config_file_path
self._create_dir()
File "/usr/lib/python2.7/site-packages/samcli/cli/global_config.py", line 167, in _create_dir
self.config_dir.mkdir(mode=0o700, parents=True, exist_ok=True)
File "/usr/lib/python2.7/site-packages/pathlib2/__init__.py", line 1540, in mkdir
_try_except_filenotfounderror(_try_func, _exc_func)
File "/usr/lib/python2.7/site-packages/pathlib2/__init__.py", line 113, in _try_except_filenotfounderror
try_func()
File "/usr/lib/python2.7/site-packages/pathlib2/__init__.py", line 1531, in _try_func
self._accessor.mkdir(self, mode)
File "/usr/lib/python2.7/site-packages/pathlib2/__init__.py", line 585, in wrapped
return strfunc(str(pathobj), *args)
OSError: [Errno 13] Permission denied: '/.aws-sam'
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withCredentials
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
Expected result
A non-crashing sam :)
Additional environment details (Ex: Windows, Mac, Amazon Linux etc)
- OS: alpine linux, docker container
sam --version: 0.19.0
Others
This was added in the 0.19.0 Telemetry release, where in commit dbd534a samcli/cli/global_config.py was added, that tries to write the config dir if it doesn't exist.
Actually we should've pinned the versions used in our Dockerfile. Not pinning it had us miss the addition of the Telemetry feature in 0.19.0. Although I'd love to contribute, enabling Telemetry would undoubtedly go against some company policy. There is the message in the first run of the new version (if it was able to write the config dir), but in our setup that's quite easy to miss. Basically I'm advocating an opt-in instead