secretAccessKey on S3Credential returns empty string
Opened this issue · 0 comments
tcrasset commented
Until recently, everything was fine. Now, the S3Credential
property returns an empty string for the secretAccessKey
property.
const userS3 = new ovh.cloudproject.User(
"user-s3",
{
serviceName: projectId,
description: "Service account ONLY to access OVH S3 Buckets.",
roleNames: ["objectstore_operator"],
},
{ provider: ovhProvider },
);
const newUserS3Credentials = new ovh.cloudproject.S3Credential(
"new-user-s3-credentials",
{
serviceName: projectId,
userId: newUserS3.id,
},
{ provider: ovhProvider },
);
newUserS3Credentials.accessKeyId.apply((s) => console.log(`access key id: ${s}`))
newUserS3Credentials.secretAccessKey.apply((s) => console.log(`secret access key: ${s}`))
Doing pulumi up
, prints
pulumi:pulumi:Stack (avatar-ovh-test-pulumi2):
access key id: REDACTED
secret access key:
This is unfortunate as now we have to hardcode the secretAccessKey
when using the aws.Provider
const bucketDomain = `s3.${REGION_SHORTNAME_LOWERCASE}.io.cloud.ovh.net`;
const awsProviderClassic = new aws_classic.Provider("aws", {
accessKey: newUserS3Credentials.accessKeyId,
secretKey: newUserS3Credentials.secretAccessKey,
skipRegionValidation: true,
skipCredentialsValidation: true,
skipRequestingAccountId: true,
skipMetadataApiCheck: true,
region: REGION_SHORTNAME_LOWERCASE as aws_classic.Region,
endpoints: [
{
s3: `https://${bucketDomain}`,
s3api: `https://${bucketDomain}`,
},
],
});
// We do use the classic provider as ovh does not implement
// buckets yet in the native provider.
// https://github.com/pulumi/pulumi-aws-native/issues/108
const bucketS3 = new aws_classic.s3.BucketV2(
"shared-storage",
{},
{ provider: awsProviderClassic },
);
Which fails due to secretAccessKey
missing with
aws:s3:BucketV2 (shared-storage):
error: 1 error occurred:
* retrieving credentials: static credentials are empty