Poor error when missing AWS creds about pulumi-aws HOT 3 CLOSED

I'll look into this in more detail today but I worry that there's not much we can do here. If we're ultimately bottoming-out with Terraform providers, their error messages when they fail to initialize will pretty much always be framed in terms of Terraform. With config keys, we're lucky in that we can inspect the schema for providers that use them and present an error before we involve Terraform providers at all.

If the AWS provider returns some sort of structured error, perhaps we can intercept it and present a better error message, but I suspect that we're going to get back a string error message (and in general, from the TF bridge level, we can't make any assumptions about the kinds of errors that get spit out).

Also, I'm not sure what we'd want this error message to say instead of what it does. We are using a Terraform provider, so it makes sense that we'd link to Terraform docs about how to authenticate with the provider. If we didn't, we'd have to write docs of our own that basically re-phrase exactly what the Terraform docs say.

from pulumi-aws.

FWIW - It's also not clear we could/would have been reporting a better error previously. We didn't ever have any of our own validation of AWS credentials, so we would always have been hitting the TF provider to be the place this error would get reported in a case that it does.

The only way I can imagine fixing this is to replicate all of the TF providers logic around configuration into our package, so that we can return our own error messages in all the failure cases instead of letting TF produce errors.

The only other option will be to string match errors with regexs and transform them. Feels pretty brittle, but maybe worth it if we think this is common?

from pulumi-aws.

I spent some time investigating with this and I agree with this 100%:

The only way I can imagine fixing this is to replicate all of the TF providers logic around configuration into our package, so that we can return our own error messages in all the failure cases instead of letting TF produce errors.

Our terraform wrapper in pulumi-aws is so thin that I don't see any good place for us to interpose on this error message. We could do so in pulumi-terraform, but it feels extremely wrong to me to try and regex parse error messages for specific providers in there. We can certainly do it, of course, but even if we did I'm not sure what the error message would say that it doesn't already say. If we're using the TF provider to handle authentication, we're going to have to direct people to the TF provider's documentation so they can see exactly how the provider is doing it.

from pulumi-aws.