Hey all, I'm having a problem accessing AWS resources from my EKS pod (running com.cognitect.aws/api com.cognitect.aws/secretsmanager)
The service is running and accessing AWS services locally with my creds in the .aws folder
But in EKS with service account I receive the error:
"Execution error (FileNotFoundException) at java.io.FileInputStream/open0 (FileInputStream.java:-2).\nclj (No such file or directory)\n",
:clojure.main/triage
{:clojure.error/class java.io.FileNotFoundException,
:clojure.error/line -2,
:clojure.error/cause "clj (No such file or directory)",
:clojure.error/symbol java.io.FileInputStream/open0,
:clojure.error/source "FileInputStream.java",
:clojure.error/phase :execution},
:clojure.main/trace
{:via
[{:type java.io.FileNotFoundException,
:message "clj (No such file or directory)",
:at [java.io.FileInputStream open0 "FileInputStream.java" -2]}],
:trace
[[java.io.FileInputStream open0 "FileInputStream.java" -2]
[java.io.FileInputStream open "FileInputStream.java" 213]
[java.io.FileInputStream <init> "FileInputStream.java" 152]
[java.io.FileInputStream <init> "FileInputStream.java" 106]
[clojure.lang.Compiler loadFile "Compiler.java" 7571]
[clojure.main$load_script invokeStatic "main.clj" 475]
[clojure.main$script_opt invokeStatic "main.clj" 535]
[clojure.main$script_opt invoke "main.clj" 530]
[clojure.main$main invokeStatic "main.clj" 664]
[clojure.main$main doInvoke "main.clj" 616]
[clojure.lang.RestFn applyTo "RestFn.java" 137]
[clojure.lang.Var applyTo "Var.java" 705]
[clojure.main main "main.java" 40]],
:cause "clj (No such file or directory)"}}
I do have the following env vars in the pod:
AWS_STS_REGIONAL_ENDPOINTS : regional
AWS_WEB_IDENTITY_TOKEN_FILE : /var/run/secrets/eks.amazonaws.com/serviceaccount/token
which set automatically by eks
The image I'm using is clojure:tools-deps-bullseye-slim which is executed by root and the permissions of the token file are also root
Why does java sdk can't find the file?It seems like it's just not implemented: https://github.com/cognitect-labs/aws-api/blob/main/src/cognitect/aws/credentials.clj https://github.com/cognitect-labs/aws-api/issues/133
The error you posted is because something is trying to execute the 'clj' script, which it cannot find
No, it is the error you'd get if you tried to do something like clj -M clj where the second clj is supposed to be the name of the script file, and the error is saying it cannot be found
I'm executing my container using CMD ["clj", "-M", "-m", "core"]
and after changing the credentials provider to read from the account service (like in the snippet) the service is working