cp: don't store aws access key id in values

this accommodates shared values file + remote state better

internal/cli/command/controlplane/init.go

@@ -52,13 +52,15 @@ const (
 		}
 	}
 }`
+	exportPath   = "/export"
+	metadataFile = "export/metadata.yaml"
 )
 
 type ImageMetadata struct {
 	Custom struct {
-		CredentialType      *string `yaml:"credentialType,omitempty"`
-		Enabled             bool    `yaml:"enabled"`
-		GenerateClusterName bool    `yaml:"generateClusterName"`
+		CredentialType      string `yaml:"credentialType,omitempty"`
+		Enabled             bool   `yaml:"enabled"`
+		GenerateClusterName bool   `yaml:"generateClusterName"`
 	}
 }
 
@@ -149,17 +151,6 @@ func askProvider(k8sContext string) (string, error) {
 	return lookup[provider], nil
 }
 
-func askCredential() (string, error) {
-	choices := []string{"Use Amazon credentials", "Don't use provider credentials"}
-	lookup := []string{"aws", "none"}
-
-	var providerCreds int
-	if err := survey.AskOne(&survey.Select{Message: "Select provider:", Options: choices}, &providerCreds); err != nil {
-		return "", err
-	}
-	return lookup[providerCreds], nil
-}
-
 func runInit(options initOptions, banzaiCli cli.Cli) error {
 	if err := options.Init(); err != nil {
 		return err
@@ -276,17 +267,12 @@ func runInit(options initOptions, banzaiCli cli.Cli) error {
 			return err
 		}
 		providerConfig["region"] = region
-		providerConfig["accessKey"] = id
 		providerConfig["tags"] = map[string]string{
 			"banzaicloud-pipeline-controlplane-uuid": uuID,
 			"local-id":                               fmt.Sprintf("%s@%s/%s", os.Getenv("USER"), hostname, filepath.Base(options.workspace)),
 		}
 
-		var confirmed bool
-		_ = survey.AskOne(&survey.Confirm{Message: fmt.Sprintf("Do you want to use the following AWS access key: %s?", id)}, &confirmed)
-		if !confirmed {
-			return errors.New("cancelled")
-		}
+		log.Infof("The following AWS key will be used: %v", id)
 
 		if out[externalHost] == nil {
 			out[externalHost] = autoHost // address of ec2 instance
@@ -304,48 +290,35 @@ func runInit(options initOptions, banzaiCli cli.Cli) error {
 		out[externalHost] = guessExternalAddr()
 
 	case providerCustom:
-		source := "/export"
-
-		hasExports, err := imageFileExists(options.cpContext, source)
+		hasExports, err := imageFileExists(options.cpContext, exportPath)
 		if err != nil {
 			return err
 		}
 
+		if !hasExports {
+			return errors.New("The provided custom image has no metadata")
+		}
+
 		imageMeta := &ImageMetadata{}
-		if hasExports {
-			metadataFile := filepath.Join(strings.TrimPrefix(source, "/"), "metadata.yaml")
-			exportHandlers := []ExportedFilesHandler{
-				metadataExporter(metadataFile, imageMeta),
-			}
-			if err := processExports(options.cpContext, source, exportHandlers); err != nil {
-				return err
-			}
+		exportHandlers := []ExportedFilesHandler{
+			metadataExporter(metadataFile, imageMeta),
 		}
 
-		var providerCreds string
-		if imageMeta.Custom.CredentialType == nil {
-			providerCreds, err = askCredential()
-			if err != nil {
-				return err
-			}
-		} else {
-			providerCreds = *imageMeta.Custom.CredentialType
+		if err := processExports(options.cpContext, exportPath, exportHandlers); err != nil {
+			return err
 		}
 
-		if providerCreds == "aws" {
+		switch imageMeta.Custom.CredentialType {
+		case "aws":
 			id, region, err := getAmazonCredentialsRegion(defaultAwsRegion)
 			if err != nil {
 				return err
 			}
 			providerConfig["region"] = region
-			providerConfig["accessKey"] = id
 
-			var confirmed bool
-			_ = survey.AskOne(&survey.Confirm{Message: fmt.Sprintf("Do you want to use the following AWS access key: %s?", id)}, &confirmed)
-			if !confirmed {
-				return errors.New("cancelled")
-			}
+			log.Infof("The following AWS key will be used: %v", id)
 		}
+
 		out["ingressHostPort"] = false
 		providerConfig["tags"] = map[string]string{
 			"banzaicloud-pipeline-controlplane-uuid": uuID,

internal/cli/command/controlplane/up.go

@@ -30,7 +30,6 @@ import (
 	"github.com/google/uuid"
 	"github.com/imdario/mergo"
 	log "github.com/sirupsen/logrus"
-	"github.com/spf13/cast"
 	"github.com/spf13/cobra"
 	"gopkg.in/yaml.v2"
 
@@ -132,33 +131,31 @@ func runUp(options *createOptions, banzaiCli cli.Cli) error {
 		return errors.New("workspace is already initialized but a different --provider is specified")
 	}
 
-	source := "/export"
 	var defaultValues map[string]interface{}
 	exportHandlers := []ExportedFilesHandler{
-		defaultValuesExporter(filepath.Join(strings.TrimPrefix(source, "/"), "values.yaml"), &defaultValues),
+		defaultValuesExporter("export/values.yaml", &defaultValues),
 	}
-	if err := processExports(options.cpContext, source, exportHandlers); err != nil {
+
+	var imageMeta ImageMetadata
+	if values["provider"] == providerCustom {
+		log.Debug("parsing metadata")
+		exportHandlers = append(exportHandlers, metadataExporter(metadataFile, &imageMeta))
+	}
+
+	if err := processExports(options.cpContext, exportPath, exportHandlers); err != nil {
 		return err
 	}
+
+	log.Debugf("custom image metadata: %+v", imageMeta)
+
 	if err := writeMergedValues(options.cpContext, defaultValues, values); err != nil {
 		return err
 	}
 
 	env := make(map[string]string)
 
-	switch values["provider"] {
-	case providerCustom:
-		if pc, ok := values["providerConfig"]; ok {
-			pc := cast.ToStringMap(pc)
-			if _, ok := pc["accessKey"]; ok { // if using aws key
-				_, creds, err := input.GetAmazonCredentials()
-				if err != nil {
-					return errors.WrapIf(err, "failed to get AWS credentials")
-				}
-				env = creds
-			}
-		}
-	case providerEc2:
+	if values["provider"] == providerEc2 || imageMeta.Custom.CredentialType == "aws" {
+		log.Debug("using local AWS credentials")
 		_, creds, err := input.GetAmazonCredentials()
 		if err != nil {
 			return errors.WrapIf(err, "failed to get AWS credentials")