配置中缺少凭证,如果使用 AWS_CONFIG_FILE,设置 AWS_SDK_LOAD_CONFIG=1(存在凭证文件)
[英]Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1 (credentials file is present)
问题描述
I'm trying to get an AWS secret in my cypress test but I keep getting a CredentialsError
我试图在我的 cypress 测试中获取 AWS 机密,但我不断收到 CredentialsError
Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1
I do have a ~/.aws/credentials file with my aws_access_key_id and aws_secret_access_key set.我确实有一个 ~/.aws/credentials 文件,其中包含我的 aws_access_key_id 和 aws_secret_access_key 集。
In my code I've exported all my env variables to a text file and I can see values for AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN.在我的代码中,我已将所有 env 变量导出到一个文本文件,我可以看到 AWS_ACCESS_KEY_ID、AWS_SECRET_ACCESS_KEY 和 AWS_SESSION_TOKEN 的值。
I've also tried setting an env variable AWS_SDK_LOAD_CONFIG=1 but still get the same message.我也尝试设置一个环境变量AWS_SDK_LOAD_CONFIG=1但仍然得到相同的消息。
Do I need the ~/.aws/credentials or can I do it all through env variables?我需要 ~/.aws/credentials 还是可以通过 env 变量来完成?
Can anyone see what I'm missing: (99% of the code is what Amazon provide on the secrets manager page I'm just trying to wrap the response up in a Cypress object. I've removed my AWS details and replaced them with REMOVED)任何人都可以看到我缺少的内容:(99% 的代码是亚马逊在机密管理器页面上提供的我只是想将响应包装在赛普拉斯 object 中。我已经删除了我的 AWS 详细信息并将它们替换为删除)
Cypress.Commands.add("aws_secret", () => {
// Use this code snippet in your app.
// If you need more information about configurations or implementing the sample code, visit the AWS docs:
// https://aws.amazon.com/developers/getting-started/nodejs/
cy.exec(`printenv >> envs.txt`);
// Load the AWS SDK
var AWS = require("aws-sdk"),
region = “REMOVED”,
secretName = “REMOVED”,
secret,
decodedBinarySecret;
// Create a Secrets Manager client
var client = new AWS.SecretsManager({
region: region,
});
// In this sample we only handle the specific exceptions for the 'GetSecretValue' API.
// See https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
// We rethrow the exception by default.
client.getSecretValue({ SecretId: secretName }, function (err, data) {
if (err) {
if (err.code === "DecryptionFailureException")
// Secrets Manager can't decrypt the protected secret text using the provided KMS key.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === "InternalServiceErrorException")
// An error occurred on the server side.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === "InvalidParameterException")
// You provided an invalid value for a parameter.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === "InvalidRequestException")
// You provided a parameter value that is not valid for the current state of the resource.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === "ResourceNotFoundException")
// We can't find the resource that you asked for.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
} else {
// Decrypts secret using the associated KMS CMK.
// Depending on whether the secret is a string or binary, one of these fields will be populated.
if ("SecretString" in data) {
secret = data.SecretString;
cy.log("the secret is " + secret);
} else {
let buff = new Buffer(data.SecretBinary, "base64");
decodedBinarySecret = buff.toString("ascii");
cy.log("the decodedBinarySecret is " + decodedBinarySecret);
}
}
// Your code goes here.
cy.wrap(
client.getSecretValue({ SecretId: "REMOVED" }).promise()
).as("key1");
});
});
2 个解决方案
解决方案1
0 2020-11-29 10:49:19
You don't need to set AWS_SDK_LOAD_CONFIG .您不需要设置AWS_SDK_LOAD_CONFIG 。 env run through that process doesn't guarantee to have all the same environment variables set. env通过该过程运行并不能保证设置所有相同的环境变量。 How are you setting your environment variables when you run this script.运行此脚本时如何设置环境变量。
You can actually test this before loading the AWS SDK, add您可以在加载 AWS SDK 之前进行实际测试,添加
console.log('AccessKey: ', process.env.AWS_ACCESS_KEY_ID);
And verify that they are being printed.并验证它们是否正在打印。 To pass as environment variables in your node process, execute as: export AWS_ACCESS_KEY_ID=VALUE; node./script.js要在节点进程中作为环境变量传递,执行如下: export AWS_ACCESS_KEY_ID=VALUE; node./script.js export AWS_ACCESS_KEY_ID=VALUE; node./script.js
Docs on setting up Cypress environment variables 关于设置赛普拉斯环境变量的文档
Prefix with CYPRESS to import:带有CYPRESS的前缀以导入:
export CYPRESS_AWS_ACCESS_KEY_ID=VALUE
解决方案2
0 2021-07-24 13:05:21
Cypress has a plugins entrypoint, which runs within Cypress server-side, namely with node , and lets you tap onto Cypress events and config.赛普拉斯有一个插件入口点,它在赛普拉斯服务器端运行,即使用node ,并允许您点击赛普拉斯事件和配置。 The spec files run within Cypress client-side, namely in the browser, hence no access to the filesystem in order to get these variables from ~/.aws/credentials , so even if you set the client-side with AWS_SDK_LOAD_CONFIG=1 , the SDK won't be able to get it since it's running on the client-side.规范文件在赛普拉斯客户端(即在浏览器中)运行,因此无法访问文件系统以从~/.aws/credentials获取这些变量,因此即使您使用AWS_SDK_LOAD_CONFIG=1设置客户端, SDK 将无法获取它,因为它在客户端运行。 This means, you have to use the plugins entrypoint in order to attach any variables that are not already on process.env (AWS credentials do not appear to be there from my experience).这意味着,您必须使用 plugins 入口点才能附加process.env上尚未存在的任何变量(根据我的经验,AWS 凭证似乎不存在)。 Any variable you'll pass into config.env , should then be available with Cypress.env('my-variable') .您将传递给config.env的任何变量都应该在Cypress.env('my-variable')中可用。
// <project-root>/cypress/plugins/index.js
import dotenv from 'dotenv';
dotenv.config({ path: '~/.aws/credentials' });
module.exports = (on: any, config: any) => {
config.env = { ...process.env };
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.