Revert "Remove the need for AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_K…

…EY to be set with Digital Ocean deployment (#1344)" (#1355) This reverts commit 1686b3a.
nebari-dev · Jul 1, 2022 · 0638e35 · 0638e35
1 parent 1686b3a
commit 0638e35
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 42 deletions.
diff --git a/qhub/deploy.py b/qhub/deploy.py
@@ -10,7 +10,6 @@
     check_cloud_credentials,
     keycloak_provider_context,
     kubernetes_provider_context,
-    terraform_state_context,
     timer,
 )
 
@@ -202,33 +201,32 @@ def guided_install(
         else:
             provision_01_terraform_state(stage_outputs, config)
 
-    with terraform_state_context(config["provider"], config["terraform_state"]["type"]):
-        provision_02_infrastructure(stage_outputs, config)
+    provision_02_infrastructure(stage_outputs, config)
+
+    with kubernetes_provider_context(
+        stage_outputs["stages/02-infrastructure"]["kubernetes_credentials"]["value"]
+    ):
+        provision_03_kubernetes_initialize(stage_outputs, config)
+        provision_04_kubernetes_ingress(stage_outputs, config)
+        provision_ingress_dns(
+            stage_outputs,
+            config,
+            dns_provider=dns_provider,
+            dns_auto_provision=dns_auto_provision,
+            disable_prompt=disable_prompt,
+        )
+        provision_05_kubernetes_keycloak(stage_outputs, config)
 
-        with kubernetes_provider_context(
-            stage_outputs["stages/02-infrastructure"]["kubernetes_credentials"]["value"]
+        with keycloak_provider_context(
+            stage_outputs["stages/05-kubernetes-keycloak"]["keycloak_credentials"][
+                "value"
+            ]
         ):
-            provision_03_kubernetes_initialize(stage_outputs, config)
-            provision_04_kubernetes_ingress(stage_outputs, config)
-            provision_ingress_dns(
-                stage_outputs,
-                config,
-                dns_provider=dns_provider,
-                dns_auto_provision=dns_auto_provision,
-                disable_prompt=disable_prompt,
-            )
-            provision_05_kubernetes_keycloak(stage_outputs, config)
-
-            with keycloak_provider_context(
-                stage_outputs["stages/05-kubernetes-keycloak"]["keycloak_credentials"][
-                    "value"
-                ]
-            ):
-                provision_06_kubernetes_keycloak_configuration(stage_outputs, config)
-                provision_07_kubernetes_services(stage_outputs, config)
-                provision_08_qhub_tf_extensions(stage_outputs, config)
-
-                print("QHub deployed successfully")
+            provision_06_kubernetes_keycloak_configuration(stage_outputs, config)
+            provision_07_kubernetes_services(stage_outputs, config)
+            provision_08_qhub_tf_extensions(stage_outputs, config)
+
+            print("QHub deployed successfully")
 
     print("Services:")
     for service_name, service in stage_outputs["stages/07-kubernetes-services"][

diff --git a/qhub/initialize.py b/qhub/initialize.py
@@ -451,6 +451,8 @@ def github_auto_provision(config, owner, repo):
         # Secrets
         if config["provider"] == "do":
             for name in {
+                "AWS_ACCESS_KEY_ID",
+                "AWS_SECRET_ACCESS_KEY",
                 "SPACES_ACCESS_KEY_ID",
                 "SPACES_SECRET_ACCESS_KEY",
                 "DIGITALOCEAN_TOKEN",

diff --git a/qhub/utils.py b/qhub/utils.py
@@ -154,6 +154,8 @@ def check_cloud_credentials(config):
                 )
     elif config["provider"] == "do":
         for variable in {
+            "AWS_ACCESS_KEY_ID",
+            "AWS_SECRET_ACCESS_KEY",
             "SPACES_ACCESS_KEY_ID",
             "SPACES_SECRET_ACCESS_KEY",
             "DIGITALOCEAN_TOKEN",
@@ -163,6 +165,21 @@ def check_cloud_credentials(config):
                     f"""Missing the following required environment variable: {variable}\n
                     Please see the documentation for more information: {DO_ENV_DOCS}"""
                 )
+
+        if os.environ["AWS_ACCESS_KEY_ID"] != os.environ["SPACES_ACCESS_KEY_ID"]:
+            raise ValueError(
+                f"""The environment variables AWS_ACCESS_KEY_ID and SPACES_ACCESS_KEY_ID must be equal\n
+                See {DO_ENV_DOCS} for more information"""
+            )
+
+        if (
+            os.environ["AWS_SECRET_ACCESS_KEY"]
+            != os.environ["SPACES_SECRET_ACCESS_KEY"]
+        ):
+            raise ValueError(
+                f"""The environment variables AWS_SECRET_ACCESS_KEY and SPACES_SECRET_ACCESS_KEY must be equal\n
+                See {DO_ENV_DOCS} for more information"""
+            )
     elif config["provider"] == "local":
         pass
     else:
@@ -328,22 +345,6 @@ def keycloak_provider_context(keycloak_credentials: Dict[str, str]):
         yield
 
 
-@contextlib.contextmanager
-def terraform_state_context(provider: str, terraform_state: str):
-    credentials = {}
-
-    if provider == "do" and terraform_state == "remote":
-        credentials.update(
-            {
-                "AWS_ACCESS_KEY_ID": os.environ["SPACES_ACCESS_KEY_ID"],
-                "AWS_SECRET_ACCESS_KEY": os.environ["SPACES_SECRET_ACCESS_KEY"],
-            }
-        )
-
-    with modified_environ(**credentials):
-        yield
-
-
 def deep_merge(*args):
     """Deep merge multiple dictionaries.