Remove aws credentials flags (#1944)

vishalbollu · web-flow · commit bf4ab4071d93 · 2021-03-10T09:12:09.000-05:00
diff --git a/Makefile b/Makefile
@@ -68,7 +68,7 @@ cluster-up-aws:
 	@$(MAKE) images-all-aws
 	@$(MAKE) cli
 	@kill $(shell pgrep -f rerun) >/dev/null 2>&1 || true
-	@eval $$(python3 ./manager/cluster_config_env.py ./dev/config/cluster-aws.yaml) && ./bin/cortex cluster up ./dev/config/cluster-aws.yaml --configure-env="$$CORTEX_CLUSTER_NAME-aws" --aws-key="$$AWS_ACCESS_KEY_ID" --aws-secret="$$AWS_SECRET_ACCESS_KEY" --cluster-aws-key="$$CLUSTER_AWS_ACCESS_KEY_ID" --cluster-aws-secret="$$CLUSTER_AWS_SECRET_ACCESS_KEY"
+	@eval $$(python3 ./manager/cluster_config_env.py ./dev/config/cluster-aws.yaml) && ./bin/cortex cluster up ./dev/config/cluster-aws.yaml --configure-env="$$CORTEX_CLUSTER_NAME-aws"
 	@$(MAKE) kubectl-aws
 cluster-up-gcp:
 	@$(MAKE) images-all-gcp
@@ -81,7 +81,7 @@ cluster-up-aws-y:
 	@$(MAKE) images-all-aws
 	@$(MAKE) cli
 	@kill $(shell pgrep -f rerun) >/dev/null 2>&1 || true
-	@eval $$(python3 ./manager/cluster_config_env.py ./dev/config/cluster-aws.yaml) && ./bin/cortex cluster up ./dev/config/cluster-aws.yaml --configure-env="$$CORTEX_CLUSTER_NAME-aws" --aws-key="$$AWS_ACCESS_KEY_ID" --aws-secret="$$AWS_SECRET_ACCESS_KEY" --cluster-aws-key="$$CLUSTER_AWS_ACCESS_KEY_ID" --cluster-aws-secret="$$CLUSTER_AWS_SECRET_ACCESS_KEY" --yes
+	@eval $$(python3 ./manager/cluster_config_env.py ./dev/config/cluster-aws.yaml) && ./bin/cortex cluster up ./dev/config/cluster-aws.yaml --configure-env="$$CORTEX_CLUSTER_NAME-aws" --yes
 	@$(MAKE) kubectl-aws
 cluster-up-gcp-y:
 	@$(MAKE) images-all-gcp
@@ -94,7 +94,7 @@ cluster-down-aws:
 	@$(MAKE) images-manager-skip-push
 	@$(MAKE) cli
 	@kill $(shell pgrep -f rerun) >/dev/null 2>&1 || true
-	@./bin/cortex cluster down --config=./dev/config/cluster-aws.yaml --aws-key="$$AWS_ACCESS_KEY_ID" --aws-secret=$$AWS_SECRET_ACCESS_KEY
+	@./bin/cortex cluster down --config=./dev/config/cluster-aws.yaml
 cluster-down-gcp:
 	@$(MAKE) images-manager-skip-push
 	@$(MAKE) cli
@@ -105,7 +105,7 @@ cluster-down-aws-y:
 	@$(MAKE) images-manager-skip-push
 	@$(MAKE) cli
 	@kill $(shell pgrep -f rerun) >/dev/null 2>&1 || true
-	@./bin/cortex cluster down --config=./dev/config/cluster-aws.yaml --aws-key="$$AWS_ACCESS_KEY_ID" --aws-secret="$$AWS_SECRET_ACCESS_KEY" --yes
+	@./bin/cortex cluster down --config=./dev/config/cluster-aws.yaml --yes
 cluster-down-gcp-y:
 	@$(MAKE) images-manager-skip-push
 	@$(MAKE) cli
@@ -115,7 +115,7 @@ cluster-down-gcp-y:
 cluster-info-aws:
 	@$(MAKE) images-manager-skip-push
 	@$(MAKE) cli
-	@eval $$(python3 ./manager/cluster_config_env.py ./dev/config/cluster-aws.yaml) && ./bin/cortex cluster info --config=./dev/config/cluster-aws.yaml --configure-env="$$CORTEX_CLUSTER_NAME-aws" --aws-key="$$AWS_ACCESS_KEY_ID" --aws-secret="$$AWS_SECRET_ACCESS_KEY" --yes
+	@eval $$(python3 ./manager/cluster_config_env.py ./dev/config/cluster-aws.yaml) && ./bin/cortex cluster info --config=./dev/config/cluster-aws.yaml --configure-env="$$CORTEX_CLUSTER_NAME-aws" --yes
 cluster-info-gcp:
 	@$(MAKE) images-manager-skip-push
 	@$(MAKE) cli
@@ -125,7 +125,7 @@ cluster-configure-aws:
 	@$(MAKE) images-all-aws
 	@$(MAKE) cli
 	@kill $(shell pgrep -f rerun) >/dev/null 2>&1 || true
-	@eval $$(python3 ./manager/cluster_config_env.py ./dev/config/cluster-aws.yaml) && ./bin/cortex cluster configure ./dev/config/cluster-aws.yaml --configure-env="$$CORTEX_CLUSTER_NAME-aws" --aws-key="$$AWS_ACCESS_KEY_ID" --aws-secret="$$AWS_SECRET_ACCESS_KEY" --cluster-aws-key="$$CLUSTER_AWS_ACCESS_KEY_ID" --cluster-aws-secret="$$CLUSTER_AWS_SECRET_ACCESS_KEY"
+	@eval $$(python3 ./manager/cluster_config_env.py ./dev/config/cluster-aws.yaml) && ./bin/cortex cluster configure ./dev/config/cluster-aws.yaml --configure-env="$$CORTEX_CLUSTER_NAME-aws"
 # cluster-configure-gcp:
 # 	@$(MAKE) images-all-gcp
 # 	@$(MAKE) cli
@@ -136,7 +136,7 @@ cluster-configure-aws-y:
 	@$(MAKE) images-all-aws
 	@$(MAKE) cli
 	@kill $(shell pgrep -f rerun) >/dev/null 2>&1 || true
-	@eval $$(python3 ./manager/cluster_config_env.py ./dev/config/cluster-aws.yaml) && ./bin/cortex cluster configure ./dev/config/cluster-aws.yaml --configure-env="$$CORTEX_CLUSTER_NAME-aws" --aws-key="$$AWS_ACCESS_KEY_ID" --aws-secret="$$AWS_SECRET_ACCESS_KEY" --cluster-aws-key="$$CLUSTER_AWS_ACCESS_KEY_ID" --cluster-aws-secret="$$CLUSTER_AWS_SECRET_ACCESS_KEY" --yes
+	@eval $$(python3 ./manager/cluster_config_env.py ./dev/config/cluster-aws.yaml) && ./bin/cortex cluster configure ./dev/config/cluster-aws.yaml --configure-env="$$CORTEX_CLUSTER_NAME-aws" --yes
 # cluster-configure-gcp-y:
 # 	@$(MAKE) images-all-gcp
 # 	@$(MAKE) cli
diff --git a/cli/cmd/cluster.go b/cli/cmd/cluster.go
@@ -67,8 +67,6 @@ var (
 
 func clusterInit() {
 	_clusterUpCmd.Flags().SortFlags = false
-	addAWSCredentialsFlags(_clusterUpCmd)
-	addClusterAWSCredentialsFlags(_clusterUpCmd)
 	_clusterUpCmd.Flags().StringVarP(&_flagClusterUpEnv, "configure-env", "e", "aws", "name of environment to configure")
 	_clusterUpCmd.Flags().BoolVarP(&_flagClusterDisallowPrompt, "yes", "y", false, "skip prompts")
 	_clusterCmd.AddCommand(_clusterUpCmd)
@@ -77,15 +75,12 @@ func clusterInit() {
 	addClusterConfigFlag(_clusterInfoCmd)
 	addClusterNameFlag(_clusterInfoCmd)
 	addClusterRegionFlag(_clusterInfoCmd)
-	addAWSCredentialsFlags(_clusterInfoCmd)
 	_clusterInfoCmd.Flags().StringVarP(&_flagClusterInfoEnv, "configure-env", "e", "", "name of environment to configure")
 	_clusterInfoCmd.Flags().BoolVarP(&_flagClusterInfoDebug, "debug", "d", false, "save the current cluster state to a file")
 	_clusterInfoCmd.Flags().BoolVarP(&_flagClusterDisallowPrompt, "yes", "y", false, "skip prompts")
 	_clusterCmd.AddCommand(_clusterInfoCmd)
 
 	_clusterConfigureCmd.Flags().SortFlags = false
-	addAWSCredentialsFlags(_clusterConfigureCmd)
-	addClusterAWSCredentialsFlags(_clusterConfigureCmd)
 	_clusterConfigureCmd.Flags().StringVarP(&_flagClusterConfigureEnv, "configure-env", "e", "", "name of environment to configure")
 	_clusterConfigureCmd.Flags().BoolVarP(&_flagClusterDisallowPrompt, "yes", "y", false, "skip prompts")
 	_clusterCmd.AddCommand(_clusterConfigureCmd)
@@ -94,7 +89,6 @@ func clusterInit() {
 	addClusterConfigFlag(_clusterDownCmd)
 	addClusterNameFlag(_clusterDownCmd)
 	addClusterRegionFlag(_clusterDownCmd)
-	addAWSCredentialsFlags(_clusterDownCmd)
 	_clusterDownCmd.Flags().BoolVarP(&_flagClusterDisallowPrompt, "yes", "y", false, "skip prompts")
 	_clusterDownCmd.Flags().BoolVar(&_flagClusterDownKeepVolumes, "keep-volumes", false, "keep cortex provisioned persistent volumes")
 	_clusterCmd.AddCommand(_clusterDownCmd)
@@ -103,7 +97,6 @@ func clusterInit() {
 	addClusterConfigFlag(_clusterExportCmd)
 	addClusterNameFlag(_clusterExportCmd)
 	addClusterRegionFlag(_clusterExportCmd)
-	addAWSCredentialsFlags(_clusterExportCmd)
 	_clusterCmd.AddCommand(_clusterExportCmd)
 }
 
@@ -120,16 +113,6 @@ func addClusterRegionFlag(cmd *cobra.Command) {
 	cmd.Flags().StringVarP(&_flagClusterRegion, "region", "r", "", "aws region of the cluster")
 }
 
-func addAWSCredentialsFlags(cmd *cobra.Command) {
-	cmd.Flags().StringVar(&_flagAWSAccessKeyID, "aws-key", "", "aws access key id")
-	cmd.Flags().StringVar(&_flagAWSSecretAccessKey, "aws-secret", "", "aws secret access key")
-}
-
-func addClusterAWSCredentialsFlags(cmd *cobra.Command) {
-	cmd.Flags().StringVar(&_flagClusterAWSAccessKeyID, "cluster-aws-key", "", "aws access key id to be used by the cluster")
-	cmd.Flags().StringVar(&_flagClusterAWSSecretAccessKey, "cluster-aws-secret", "", "aws secret access key to be used by the cluster")
-}
-
 var _clusterCmd = &cobra.Command{
 	Use:   "cluster",
 	Short: "manage AWS clusters (contains subcommands)",
@@ -160,11 +143,6 @@ var _clusterUpCmd = &cobra.Command{
 			exit.Error(err)
 		}
 
-		// Deprecation: specifying aws creds in cluster configuration is no longer supported
-		if err := detectAWSCredsInConfigFile(cmd.Use, clusterConfigFile); err != nil {
-			exit.Error(err)
-		}
-
 		accessConfig, err := getNewClusterAccessConfig(clusterConfigFile)
 		if err != nil {
 			exit.Error(err)
@@ -325,11 +303,6 @@ var _clusterConfigureCmd = &cobra.Command{
 			exit.Error(err)
 		}
 
-		// Deprecation: specifying aws creds in cluster configuration is no longer supported
-		if err := detectAWSCredsInConfigFile(cmd.Use, clusterConfigFile); err != nil {
-			exit.Error(err)
-		}
-
 		accessConfig, err := getClusterAccessConfigWithCache()
 		if err != nil {
 			exit.Error(err)
@@ -393,11 +366,6 @@ var _clusterInfoCmd = &cobra.Command{
 			exit.Error(err)
 		}
 
-		// Deprecation: specifying aws creds in cluster configuration is no longer supported
-		if err := detectAWSCredsInConfigFile(cmd.Use, _flagClusterConfig); err != nil {
-			exit.Error(err)
-		}
-
 		accessConfig, err := getClusterAccessConfigWithCache()
 		if err != nil {
 			exit.Error(err)
@@ -427,11 +395,6 @@ var _clusterDownCmd = &cobra.Command{
 			exit.Error(err)
 		}
 
-		// Deprecation: specifying aws creds in cluster configuration is no longer supported
-		if err := detectAWSCredsInConfigFile(cmd.Use, _flagClusterConfig); err != nil {
-			exit.Error(err)
-		}
-
 		accessConfig, err := getClusterAccessConfigWithCache()
 		if err != nil {
 			exit.Error(err)
@@ -548,11 +511,6 @@ var _clusterExportCmd = &cobra.Command{
 	Run: func(cmd *cobra.Command, args []string) {
 		telemetry.Event("cli.cluster.export", map[string]interface{}{"provider": types.AWSProviderType})
 
-		// Deprecation: specifying aws creds in cluster configuration is no longer supported
-		if err := detectAWSCredsInConfigFile(cmd.Use, _flagClusterConfig); err != nil {
-			exit.Error(err)
-		}
-
 		accessConfig, err := getClusterAccessConfigWithCache()
 		if err != nil {
 			exit.Error(err)
diff --git a/cli/cmd/errors.go b/cli/cmd/errors.go
@@ -223,28 +223,6 @@ func ErrorOnlyAWSClusterEnvVarSet() error {
 	})
 }
 
-func ErrorOnlyAWSClusterFlagSet() error {
-	return errors.WithStack(&errors.Error{
-		Kind:    ErrOnlyAWSClusterFlagSet,
-		Message: "when specifying --cluster-aws-key and --cluster-aws-secret, please also specify --aws-key and --aws-secret",
-	})
-}
-
-func ErrorMissingAWSCredentials() error {
-	return errors.WithStack(&errors.Error{
-		Kind:    ErrMissingAWSCredentials,
-		Message: "unable to find aws credentials; please specify aws credentials using the flags --aws-key and --aws-secret",
-	})
-}
-
-// Deprecation: specifying aws creds in cluster configuration is no longer supported
-func ErrorCredentialsInClusterConfig(cmd string, path string) error {
-	return errors.WithStack(&errors.Error{
-		Kind:    ErrCredentialsInClusterConfig,
-		Message: fmt.Sprintf("specifying credentials in the cluster configuration is no longer supported, please specify aws credentials using flags (e.g. cortex cluster %s --config %s --aws-key <AWS_ACCESS_KEY_ID> --aws-secret <AWS_SECRET_ACCESS_KEY>) or set environment variables; see https://docs.cortex.dev/v/%s/ for more information", cmd, path, consts.CortexVersionMinor),
-	})
-}
-
 func ErrorClusterUp(out string) error {
 	return errors.WithStack(&errors.Error{
 		Kind:    ErrClusterUp,
diff --git a/cli/cmd/lib_aws_creds.go b/cli/cmd/lib_aws_creds.go
@@ -21,10 +21,6 @@ import (
 
 	"github.com/cortexlabs/cortex/pkg/consts"
 	"github.com/cortexlabs/cortex/pkg/lib/aws"
-	cr "github.com/cortexlabs/cortex/pkg/lib/configreader"
-	"github.com/cortexlabs/cortex/pkg/lib/errors"
-
-	"github.com/cortexlabs/cortex/pkg/lib/sets/strset"
 
 	"github.com/cortexlabs/cortex/pkg/lib/prompt"
 	"github.com/cortexlabs/cortex/pkg/types/clusterconfig"
@@ -75,20 +71,3 @@ func warnIfNotAdmin(awsClient *aws.Client) {
 		fmt.Println(fmt.Sprintf("warning: your IAM user or assumed role%s does not have administrator access. This may prevent this command from executing correctly, so it is recommended to attach the AdministratorAccess policy to your IAM user or role.", accessKeyMsg), "", "")
 	}
 }
-
-// Deprecation: specifying aws creds in cluster configuration is no longer supported; returns an error if aws credentials were found in cluster configuration yaml
-func detectAWSCredsInConfigFile(cmd, path string) error {
-	credentialFieldKeys := strset.New("aws_access_key_id", "aws_secret_access_key", "cortex_aws_access_key_id", "cortex_aws_secret_access_key")
-	fieldMap, err := cr.ReadYAMLFileStrMap(path)
-	if err != nil {
-		return nil
-	}
-
-	for key := range fieldMap {
-		if credentialFieldKeys.Has(key) {
-			return errors.Wrap(ErrorCredentialsInClusterConfig(cmd, path), path, key)
-		}
-	}
-
-	return nil
-}
diff --git a/docs/clients/cli.md b/docs/clients/cli.md
@@ -101,13 +101,9 @@ Usage:
   cortex cluster up [CLUSTER_CONFIG_FILE] [flags]
 
 Flags:
-      --aws-key string              aws access key id
-      --aws-secret string           aws secret access key
-      --cluster-aws-key string      aws access key id to be used by the cluster
-      --cluster-aws-secret string   aws secret access key to be used by the cluster
-  -e, --configure-env string        name of environment to configure (default "aws")
-  -y, --yes                         skip prompts
-  -h, --help                        help for up
+  -e, --configure-env string   name of environment to configure (default "aws")
+  -y, --yes                    skip prompts
+  -h, --help                   help for up
 ```
 
 ## cluster info
@@ -122,8 +118,6 @@ Flags:
   -c, --config string          path to a cluster configuration file
   -n, --name string            name of the cluster
   -r, --region string          aws region of the cluster
-      --aws-key string         aws access key id
-      --aws-secret string      aws secret access key
   -e, --configure-env string   name of environment to configure
   -d, --debug                  save the current cluster state to a file
   -y, --yes                    skip prompts
@@ -139,13 +133,9 @@ Usage:
   cortex cluster configure [CLUSTER_CONFIG_FILE] [flags]
 
 Flags:
-      --aws-key string              aws access key id
-      --aws-secret string           aws secret access key
-      --cluster-aws-key string      aws access key id to be used by the cluster
-      --cluster-aws-secret string   aws secret access key to be used by the cluster
-  -e, --configure-env string        name of environment to configure
-  -y, --yes                         skip prompts
-  -h, --help                        help for configure
+  -e, --configure-env string   name of environment to configure
+  -y, --yes                    skip prompts
+  -h, --help                   help for configure
 ```
 
 ## cluster down
@@ -157,14 +147,12 @@ Usage:
   cortex cluster down [flags]
 
 Flags:
-  -c, --config string       path to a cluster configuration file
-  -n, --name string         name of the cluster
-  -r, --region string       aws region of the cluster
-      --aws-key string      aws access key id
-      --aws-secret string   aws secret access key
-  -y, --yes                 skip prompts
-      --keep-volumes        keep cortex provisioned persistent volumes
-  -h, --help                help for down
+  -c, --config string   path to a cluster configuration file
+  -n, --name string     name of the cluster
+  -r, --region string   aws region of the cluster
+  -y, --yes             skip prompts
+      --keep-volumes    keep cortex provisioned persistent volumes
+  -h, --help            help for down
 ```
 
 ## cluster export
@@ -176,12 +164,10 @@ Usage:
   cortex cluster export [API_NAME] [API_ID] [flags]
 
 Flags:
-  -c, --config string       path to a cluster configuration file
-  -n, --name string         name of the cluster
-  -r, --region string       aws region of the cluster
-      --aws-key string      aws access key id
-      --aws-secret string   aws secret access key
-  -h, --help                help for export
+  -c, --config string   path to a cluster configuration file
+  -n, --name string     name of the cluster
+  -r, --region string   aws region of the cluster
+  -h, --help            help for export
 ```
 
 ## cluster-gcp up
