[OCP-4.x][AWS] Playbook clobbers AWS cred file #89
Description
Version git hash: 23de699
Location
OCP-4.X/roles/install-on-aws/templates/credentials.j2
OCP-4.X/roles/install-on-aws/tasks/main.yml
Environment
AWS_ACCESS_KEY_ID=1232414321234 # or unset
AWS_SECRET_ACCESS_KEY=1232412341234 # or unset
Issue
The playbook will clobber the $HOME/.aws/credentials variable values, even if the env vars are set. This behavior is undocumented. Overwriting the default credential file results in loss of those keys, forcing users to regenerate them (or having to ask an admin to do it for them).
Behavior
The installer will hang indefinitely at the credential check:
time="2020-08-19T10:31:08-04:00" level=debug msg=" Generating Platform Credentials Check..."
This is because the installer cannot find the keys and is prompting the user for them, but the prompt is hidden from the openshift logs and playbook output.
Suggested Behavior
The playbook should not overwrite the $HOME/.aws/credentials file. The playbook should, at most, validate that either the env vars or the credential file exists, and fail if none do. This will prevent the hang and provide the user an indication of what's wrong.
Additionally..
This behavior also exists for the $HOME/.aws/config file, which again should not be overwritten, at least if the env vars are not set or are null.