Impotant:
Do not use this version because it has the Excessive CPU usage bug. Upgrade to v4.3.0 or downgrade to v4.0.2.
Summary
Due to moby/buildkit#5775, if you are setting CHAMBER_KMS_KEY_ALIAS in your Dockerfile, you are likely getting a warning when you build the Docker image:
1 warning found (use docker --debug to expand):
- SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "CHAMBER_KMS_KEY_ALIAS")
To get around the spurious warning, Geodesic now lets you set CHAMBER_KMS_ALIAS in your Docker file, and will convert that value to CHAMBER_KMS_KEY_ALIAS during startup processing.
🚀 Enhancements
Fix Role Prompt, bypass buggy secrets check, add lsb_release @Nuru (#971)
what
- Fix the script for converting the current AWS IAM role to something short and meaningful for the shell command prompt
- Add support for converting Identity Center Permission Sets to profile names in the shell prompt
- Support setting
CHAMBER_KMS_KEY_ALIASviaCHAMBER_KMS_ALIAS - Add the
lsb-releasepackage to providelsb_release
why
- The code was buggy due too piecemeal changes resulting in unreachable code
- Many people are using Identity Center now
- Setting
CHAMBER_KMS_KEY_ALIASas is customary in Cloud Posse Dockerfiles triggers theSecretsUsedInArgOrEnvwarning. While this is arguably a bug in the warning, this change allows concerned users to avoid the issue. - Some tool installation scripts require
lsb_releaseto be already installed
references
chamberKMS key alias- moby/buildkit#5775
Footnote
In every release, we update all unpinned packages to their latest packaged versions. These changes are not detailed here.