Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve credentials transparency for cluster commands #1229

Closed
vishalbollu opened this issue Jul 16, 2020 · 1 comment · Fixed by #1378
Closed

Improve credentials transparency for cluster commands #1229

vishalbollu opened this issue Jul 16, 2020 · 1 comment · Fixed by #1378
Assignees
@vishalbollu
Labels
enhancement New feature or request
Milestone
v0.20

Comments

@vishalbollu
Copy link
Contributor

vishalbollu commented Jul 16, 2020
edited by RobertLucian
Loading

Description

Non-cluster (get/deploy/delete/logs/refresh/predict) CLI commands will only use AWS creds from the environment configured by cortex env configure <env_name>.

Cortex cluster commands will use AWS credentials based on this priority:

  1. Environment variables (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY).
  2. AWS config (default credentials ~/.aws/).
  3. Cortex CLI config set via cortex env configure <env_name>.
  4. Cortex Cluster config - not relevant for your case because you aren't specifying the cluster configuration to the command e.g. cortex cluster info -c cluster.yaml.
  5. Cortex CLI prompt.

The differences in behaviour between cluster commands and non-cluster commands can be confusing for users. It is also not obvious which credentials are being used by the cluster commands.

The cluster commands can not rely on the environment because the current implementation of the environment requires an operator url for AWS provider.

Additional context

  • How do other tools that run on top of AWS do their credential management (e.g. serverless)
@vishalbollu vishalbollu added the enhancement New feature or request label Jul 16, 2020
@deliahu deliahu added the v0.20 label Jul 28, 2020
@vishalbollu vishalbollu mentioned this issue Sep 23, 2020
Merged
6 tasks
@RobertLucian
Copy link
Member

With #1378 and #1403 in, the order for all cortex cluster commands is:

  1. Cortex CLI flags.
  2. Cortex CLI cache.
  3. Environment variables (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY).
  4. AWS config (default credentials ~/.aws/).
  5. Cortex CLI Prompt.

@deliahu deliahu added this to the v0.20 milestone Nov 26, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vishalbollu vishalbollu

Labels
enhancement New feature or request
Projects
None yet
Milestone
v0.20
Development

Successfully merging a pull request may close this issue.

Credentials transparency cortexlabs/cortex
3 participants
@deliahu @vishalbollu @RobertLucian