19913d85-f662-4518-a9a1-7adc1793dfd4.png){kind=small}
Channels
announcements
dagster-airbyte
dagster-airflow
dagster-bigquery
dagster-cloud
dagster-cube
dagster-dask
dagster-dbt
dagster-de
dagster-ecs
dagster-feedback
dagster-kubernetes
dagster-machine-learning
dagster-noteable
dagster-releases
dagster-serverless
dagster-showcase
dagster-snowflake
dagster-spatial
dagster-support
dagster-wandb
dagstereo
data-platform-design
events
faq-read-me-before-posting
gigs-freelance
github-discussions
introductions
jobs
random
tools
豆瓣酱帮
Title
z
Zach P
09/26/2022, 5:16 PMHey guys, still working on some IAM issues I’m having to enable our branch and main deployments in serverless. I’m wondering if there may be a bug.
I’ve created some IAM roles that are assumed as a resource during runtime, however, I’m having issues passing the base user to the deployments. To attempt to do this, I’m setting the repos AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in the repo secrets to a low-priv user “dagster_user”.
However, this ends up failing with the following error:
Dockerfile:44
--------------------
42 | ENV DAGSTER_CLOUD_URL=***
43 | ENV ACTIONS_STEP_DEBUG=true
44 | >>> ENV AWS_ACCESS_KEY_ID= ***
45 |
--------------------
ERROR: failed to solve: Syntax error - can't find = in "***". Must be of the form: name=value
Error: buildx failed with: ERROR: failed to solve: Syntax error - can't find = in "***". Must be of the form: name=value##[debug] "AWS_SECRET_ACCESS_KEY": "***",
##[debug] "DAGSTER_CLOUD_URL": "***",
##[debug] "ACTIONS_STEP_DEBUG": "true",
##[debug] "AWS_ACCESS_KEY_ID": " *** "d
daniel
09/26/2022, 5:27 PMHi Zach - that looks right to me, but the extra whitespace is decidedly unexpected... we'll take a look. env_vars is generated by JSON encoding the secrets dict and then JSON decoding it back into a dict. Without revealing the exact value of the AWS_ACCESS_KEY_ID secret of course, is there anything unique about it that might explain why the weird whitespace could be being added? Starting with an unusual character? Feels like we might be hitting some json-parsing-within-github-actions edge case.
Dunno if this is a situation where you could generate a new key and revoke the old one to make it more shareable, but if it is, having the exact value would probably make reproducing this a lot easier
z
Zach P
09/26/2022, 5:30 PMI’ll try regenerating it!
Okay, false alarm 🙂
while regenerating the keys, I noticed that while I was not adding any whitespace, a secret vault we use was adding whitespace.
Tweaking the vault seems to have resolved the issue 👍
Thanks again daniel!
:condagster: 2
d
daniel
09/26/2022, 6:13 PMahhhh mystery solved
thank goodness I didn't have to dig into JSON parsing code
:dagster-yay: 1