-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CDK CLI errors when run as a non-existent user #7937
Comments
The error goes away if you mount an /etc/passwd containing a user with UID 502
or if you provide a CDK_HOME env var
|
@jonathanmorley I think this is because of the fix we introduced in #7674 which addressed the issue of a bug where Otherwise since this is an opportunistic cache, we also simply shouldn't fail if we can't create the dir. can you run your cdk command with I can't quite tell if this is expected or another bug just yet. |
Running
|
expected behaviour is that it would be successful. We have not been setting |
Just running into this error in a Jenkins build while upgrading from CDK 1.18 -> 1.42. I've temporarily worked around this issue by setting the |
duplicate of #15415 ? I am running into the same issue in jenkins / docker. |
Any news on this? Hit this error with CDK v2.12.0. @mitchlloyd to which path did you set |
As reported in #19401 it's just small function that needs change. By looking at code of function safeUsername() {
return os.userInfo().username.replace(/[^\w+=,.@-]/g, '@');
} |
I had this problem while running CDK with Jenkins/Docker. Jenkins runs the pipeline script inside of a Docker agent container with user id 1024. This user, by default, has no name, which causes the problem. As a workaround, I created a user for id 1024:
|
In case user does not have entry in `/etc/passwd` the `os.userInfo()` call will throw `SystemError` exception as documented: https://nodejs.org/docs/latest-v16.x/api/os.html#osuserinfooptions Fixes aws#19401 issue. It can be tested inside Docker for ad-hoc 1234 user ID: ```sh docker run -u 1234 -e CDK_HOME=/tmp npm run cdk diff ``` The `CDK_HOME=/tmp` is a workaround for aws#7937 issue, where CDK complains that it can't write cached info in user homedir, because it does not exists. Once aws#7937 will be fixed then aws#19401 will most likely hit users. However above workaround is a viable option. Hence those two issues are related, but not duplicated.
In case user does not have entry in `/etc/passwd` the `os.userInfo()` call will throw `SystemError` exception as documented: https://nodejs.org/docs/latest-v16.x/api/os.html#osuserinfooptions Fixes #19401 issue. It can be tested inside Docker for ad-hoc 1234 user ID: ```sh docker run -u 1234 -e CDK_HOME=/tmp npm run cdk diff ``` The `CDK_HOME=/tmp` is a workaround for #7937 issue, where CDK complains that it can't write cached info in user homedir, because it does not exists. Once #7937 will be fixed then #19401 will most likely hit users. However above workaround is a viable option. Hence those two issues are related, but not duplicated. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) Yes, followed the guide. ### Adding new Unconventional Dependencies: * [x] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) No new dependencies. ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? No, it's a bugfix, not a feature. *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The CDK home directory was being created in the users home directory, but this causes an error if for some reason the user does not have a home directory. This PR adds some fallback logic so that if the users home directory does not exist it will fall back to creating a tmp directory. fix #7937 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
The CDK home directory was being created in the users home directory, but this causes an error if for some reason the user does not have a home directory. This PR adds some fallback logic so that if the users home directory does not exist it will fall back to creating a tmp directory. fix aws#7937 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
A regression in 1.37 means that the CDK CLI will error out if it is run by a user not in /etc/passwd
Reproduction Steps
npx cdk init app --language=typescript npm install docker run -u 502:502 -v $(pwd):/app -w /app node ./node_modules/.bin/cdk list
Error Log
Environment
This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: