AWS开发工具包无法读取环境变量 [英] AWS SDK can not read environment variables
问题描述
我为Jenkins设置了如下的AWS_ env变量
I am setting AWS_ env variables as below for Jenkins
sudo apt-get update -y
sudo apt-get install -y python3 python-pip python-devel
sudo pip install awscli
S3_LOGIN=$(aws sts assume-role --role-arn rolename --role-session-name s3_session)
export AWS_CREDENTIAL_PROFILES_FILE=~/.aws/credentials
export AWS_ACCESS_KEY_ID=$(echo ${S3_LOGIN}| jq --raw-output '.Credentials|"\(.AccessKeyId)"')
export AWS_SECRET_ACCESS_KEY=$(echo ${S3_LOGIN} | jq --raw-output '.Credentials|"\(.SecretAccessKey)"')
export AWS_SESSION_TOKEN=$(echo ${S3_LOGIN} | jq --raw-output '.Credentials|"\(.SessionToken)"')
aws configure set default.region us-east-2
aws configure set AWS_ACCESS_KEY_ID $AWS_ACCESS_KEY_ID
aws configure set AWS_SECRET_ACCESS_KEY $AWS_SECRET_ACCESS_KEY
但是当我尝试从代码中获取它们时,sdk无法读取已设置的env变量
But when I try to get them from code the sdk can not read the env variables already set
AWSCredentials evc = new EnvironmentVariableCredentialsProvider().getCredentials();
AmazonS3Client amazonS3 = new AmazonS3Client(evc);
amazonS3.setRegion(RegionUtils.getRegion("us-east-2"));
com.amazonaws.AmazonClientException:无法加载AWS凭证 从环境变量(AWS_ACCESS_KEY_ID(或AWS_ACCESS_KEY) AWS_SECRET_KEY(或AWS_SECRET_ACCESS_KEY))
com.amazonaws.AmazonClientException: Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY))
AWS SDK中的EnvironmentVariableCredentialsProvider如下所示,
The EnvironmentVariableCredentialsProvider in AWS SDK looks below,
public AWSCredentials getCredentials() {
String accessKey = System.getenv(ACCESS_KEY_ENV_VAR);
if (accessKey == null) {
accessKey = System.getenv(ALTERNATE_ACCESS_KEY_ENV_VAR);
}
String secretKey = System.getenv(SECRET_KEY_ENV_VAR);
if (secretKey == null) {
secretKey = System.getenv(ALTERNATE_SECRET_KEY_ENV_VAR);
}
accessKey = StringUtils.trim(accessKey);
secretKey = StringUtils.trim(secretKey);
String sessionToken =
StringUtils.trim(System.getenv(AWS_SESSION_TOKEN_ENV_VAR));
if (StringUtils.isNullOrEmpty(accessKey)
|| StringUtils.isNullOrEmpty(secretKey)) {
throw new AmazonClientException(
"Unable to load AWS credentials from environment variables " +
"(" + ACCESS_KEY_ENV_VAR + " (or " + ALTERNATE_ACCESS_KEY_ENV_VAR + ") and " +
SECRET_KEY_ENV_VAR + " (or " + ALTERNATE_SECRET_KEY_ENV_VAR + "))");
}
return sessionToken == null ?
new BasicAWSCredentials(accessKey, secretKey)
:
new BasicSessionCredentials(accessKey, secretKey, sessionToken);
}
我也尝试以下方法,
I try below approach also,
ProfileCredentialsProvider evc = new ProfileCredentialsProvider();
AmazonS3Client amazonS3 = new AmazonS3Client(evc);
amazonS3.setRegion(RegionUtils.getRegion("us-east-2"));
但是即使我在脚本中设置了AWS_CREDENTIAL_PROFILES_FILE,因为凭据文件位于〜/.aws/credentials下,我仍然可以看到下面的内容,
But even I set AWS_CREDENTIAL_PROFILES_FILE in the script because the credentials file is under ~/.aws/credentials, I still get below,
在给定路径中找不到凭据配置文件: /root/.aws/credentials
credential profiles file not found in the given path: /root/.aws/credentials
即使AwsProfileFileLocationProvider代码如下所示,我也不确定为什么要尝试查看/root/.aws/credentials
Even though the AwsProfileFileLocationProvider code says below, i am not sure why it try to look at /root/.aws/credentials
检查环境变量覆盖 *首先,然后检查默认位置(〜/.aws/credentials),最后退回到 *旧版配置文件(〜/.aws/config),我们仍然支持从中加载凭据
Checks the environment variable override * first, then checks the default location (~/.aws/credentials), and finally falls back to the * legacy config file (~/.aws/config) that we still support loading credentials from
推荐答案
我假设您要使用设置凭据和使用凭据之间的不同构建步骤来配置Jenkins Job.
Jenkins在构建步骤之间不共享环境变量.
I am assuming you are configuring your Jenkins Job with different build steps between set credential and consume credential.
Jenkins does not share environment variable between build steps.
如果您使用的是老式的Jenkins作业,则需要使用某些插件,例如envinject
,或使用文件在步骤之间共享变量.如下所示(仅作为示例).
If you are using old-style of Jenkins job you will need to use some Plugin like envinject
, or use a file to share the variables between steps. Like below (just as example).
第1步
echo "export AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}" > credential
echo "export AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}" >> credential
echo "export AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}" >> credential
第2步
source credential && ./your_command_here
但是,如果您要起诉Jenkins Pipeline,则可以使用env
.如下所示(仅作为示例).
But if you are suing Jenkins Pipeline, you can use env
. Like below (just as example).
pipeline {
parameters {
string(name: 'AWS_ACCESS_KEY_ID', defaultValue: '')
}
stage("set credential") {
steps {
tmp_AWS_ACCESS_KEY_ID = sh (script: 'your shell script here', returnStdout: true).trim()
env.AWS_ACCESS_KEY_ID = tmp_AWS_ACCESS_KEY_ID
}
}
stage("consume credential") {
steps {
echo "${env.AWS_ACCESS_KEY_ID}"
}
}
}
这篇关于AWS开发工具包无法读取环境变量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!