Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(asset-staging): local bundling fails inside a docker container with non-existent user #15415

Closed
akuntsch opened this issue Jul 5, 2021 · 8 comments · Fixed by #15313
Closed

(asset-staging): local bundling fails inside a docker container with non-existent user #15415

akuntsch opened this issue Jul 5, 2021 · 8 comments · Fixed by #15313
Labels
bug This issue is a bug. effort/medium Medium work item – several days of effort p2 package/tools Related to AWS CDK Tools or CLI

Comments

@akuntsch
Copy link

akuntsch commented Jul 5, 2021

We run our CDK scripts inside a Node.js docker container inside a Jenkins pipeline. Jenkins runs docker containers with the host user (docker run -u ...) which does not necessarily exist inside the docker container. Bundling fails inside the Jenkins pipeline because CDK tries to read the user from /etc/passwd, even though the user is not used when using local asset bundling.

Reproduction Steps

Run CDK code with local asset bundling inside a docker container with non-existent user (e.g. docker run -u 1234:1234).

What did you expect to happen?

Local asset bundling works inside a docker container with non-existent user.

What actually happened?

Asset bundling fails with the following error:

SystemError [ERR_SYSTEM_ERROR]: A system error occurred: uv_os_get_passwd returned ENOENT (no such file or directory)

Environment

  • CDK CLI Version : 1.108.0 (build b23f781)
  • Framework Version: 1.108.0
  • Node.js Version: v14.17.0
  • OS : Docker on Linux (node:14 docker image)
  • Language (Version): TypeScript (4.3.4)

Other

Should be fixed by #15313.

This is 🐛 Bug Report
@akuntsch akuntsch added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jul 5, 2021
@peterwoodworth peterwoodworth added the package/tools Related to AWS CDK Tools or CLI label Jul 6, 2021
@rix0rrr rix0rrr added effort/medium Medium work item – several days of effort p2 and removed needs-triage This issue or PR still needs to be triaged. labels Jul 7, 2021
@rix0rrr rix0rrr removed their assignment Jul 7, 2021
@akuntsch akuntsch mentioned this issue Jul 30, 2021
Merged
@mergify mergify bot closed this as completed in #15313 Aug 11, 2021
mergify bot pushed a commit that referenced this issue Aug 11, 2021
fix(core): asset bundling fails for non-existent user (#15313)
bf5882f 
Currently, when not explicitly passing a user in BundlingOptions, `os.userInfo()` is called as a default fallback. Even though the user is only used and needed when using docker bundling, it is still called when using local bundling. This can be problematic e.g. when running cdk scripts inside a docker container where the user does not exist inside the container (see #15415).

Fixes #15415.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

hollanddd pushed a commit to hollanddd/aws-cdk that referenced this issue Aug 26, 2021
@hollanddd
fix(core): asset bundling fails for non-existent user (aws#15313)
113a155 
Currently, when not explicitly passing a user in BundlingOptions, `os.userInfo()` is called as a default fallback. Even though the user is only used and needed when using docker bundling, it is still called when using local bundling. This can be problematic e.g. when running cdk scripts inside a docker container where the user does not exist inside the container (see aws#15415).

Fixes aws#15415.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@serverhorror
Copy link

@peterwoodworth, @akuntsch I think I just ran into this same issue, could there be a regression/edge case?

This happens inside of OpenShift where the user doesn't exist. Only a UID. It doesn't happen when it runs with a user that is actually visible via e.g. getent passwd ...

Runing a plain cdk version fails miserably:

cdk version
SystemError [ERR_SYSTEM_ERROR]: A system error occurred: uv_os_get_passwd returned ENOENT (no such file or directory)
    at Object.userInfo (os.js:347:11)
    at cdkHomeDir (/opt/node/lib/node_modules/aws-cdk/lib/util/directories.ts:7:21)
    at Object.cdkCacheDir (/opt/node/lib/node_modules/aws-cdk/lib/util/directories.ts:11:20)
    at new AccountAccessKeyCache (/opt/node/lib/node_modules/aws-cdk/lib/api/aws-auth/account-cache.ts:25:44)
    at Object.<anonymous> (/opt/node/lib/node_modules/aws-cdk/lib/api/aws-auth/sdk.ts:51:42)
    at Module._compile (internal/modules/cjs/loader.js:1072:14)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1101:10)
    at Module.load (internal/modules/cjs/loader.js:937:32)
    at Function.Module._load (internal/modules/cjs/loader.js:778:12)
    at Module.require (internal/modules/cjs/loader.js:961:19)

Same for cdk synth

cdk synth --context vpc-id=vpc-0123456789 --context irods-ami-id=ami-0123456789 iRods
os.js:347

SystemError [ERR_SYSTEM_ERROR]: A system error occurred: uv_os_get_passwd returned ENOENT (no such file or directory)
    at Object.userInfo (os.js:347:11)
    at cdkHomeDir (/opt/node/lib/node_modules/aws-cdk/lib/util/directories.ts:7:21)
    at Object.cdkCacheDir (/opt/node/lib/node_modules/aws-cdk/lib/util/directories.ts:11:20)
    at new (/opt/node/lib/node_modules/aws-cdk/lib/api/aws-auth/account-cache.ts:25:44)
    at Object.<anonymous> (/opt/node/lib/node_modules/aws-cdk/lib/api/aws-auth/sdk.ts:51:42)
    at Module._compile (internal/modules/cjs/loader.js:1072:14)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1101:10)
    at Module.load (internal/modules/cjs/loader.js:937:32)
    at Function.Module._load (internal/modules/cjs/loader.js:778:12)

Environment

  • CDK CLI Version : 1.121.0 (build 026cb8f)
  • Framework Version: 1.108.0
  • Node.js Version: v14.17.0
  • OS : RedHat OpenShift 3.11 (node v14.17.5, based on docker.io/amazon/aws-cli:2.2.33 )
  • Language (Version): Python 3.7.10

@peterwoodworth peterwoodworth reopened this Sep 2, 2021
@peterwoodworth
Copy link
Contributor

Thanks for the ping, I've reopened the issue for investigation

david-doyle-as24 pushed a commit to david-doyle-as24/aws-cdk that referenced this issue Sep 7, 2021
@david-doyle-as24
fix(core): asset bundling fails for non-existent user (aws#15313)
02df3c3 
Currently, when not explicitly passing a user in BundlingOptions, `os.userInfo()` is called as a default fallback. Even though the user is only used and needed when using docker bundling, it is still called when using local bundling. This can be problematic e.g. when running cdk scripts inside a docker container where the user does not exist inside the container (see aws#15415).

Fixes aws#15415.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@mb-dev mb-dev mentioned this issue Sep 25, 2021
Closed
@a-h
Copy link

a-h commented Jan 12, 2022
edited
Loading

I'm encountering this with CDK 1.138.2, deploying inside a custom container based on the node:16 Docker container.

Github actions uses the root user which doesn't exist in the Node image (only the node user does), so this is the scenario where a user home directory doesn't exist.

I worked around it by not using my custom Docker image, and used the built-in Github Actions Ubuntu image with the setup-node Github Action applied until this is sorted.

@dennispost dennispost mentioned this issue Feb 18, 2022
Closed
@adambro
Copy link
Contributor

adambro commented Mar 22, 2022

Try setting CDK_HOME=/tmp as I did in #19401 that should do the trick for asset building. For running a CDK Pipelines like in #19401 issue it might not be enough, due to bug in safeUsername() function.

@adambro
Copy link
Contributor

adambro commented May 11, 2022

I've proposed trivial fix in #20188 PR already. PR validation failed, because there's no test. For such simple function that is a helper called in private method from private method it's hard to write a proper test without crazy os module mock.

@TheRealAmazonKendra
Copy link
Contributor

Looks like this was fixed in #20188. If that is not correct and there are still issues around this, please open a new issue.

@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue is a bug. effort/medium Medium work item – several days of effort p2 package/tools Related to AWS CDK Tools or CLI
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(core): asset bundling fails for non-existent user akuntsch/aws-cdk
7 participants
@serverhorror @rix0rrr @adambro @a-h @akuntsch @peterwoodworth @TheRealAmazonKendra