Conjur attempts to create .netrc file

[HauserV]

Summary

a539795 added logic to create .netrc file if it doesn't exist. This breaks our GitLab CI/CD pipelines which run on K8S runners with read-only filesystems.

Steps to Reproduce

Run conjur-summon with configuration provided via environment variables with a read-only $HOME.

Expected Results

The utility should fetch secrets just as it did in 0.8.0.

Actual Results

level=error msg="Failed creating a Conjur client: failed to ensure .netrc file exists: open /home/cloud/.netrc: read-only file system\n"

Reproducible

• Always
• Sometimes
• Non-Reproducible

Version/Tag number

v0.13.2

Environment setup

• Can you describe the environment in which this product is running? Is it running on a VM / in a container / in a cloud?
  GitLab K8S runner

• Which cloud provider? Which container orchestrator (including version)?
  AWS, K8S, version unknown

• The more info you can share about your runtime environment, the better we may be able to reproduce the issue.
  Read-only $HOME suffices.

Additional Information

N/A

[HauserV]

As a workaround, I've pointed the .netrc path to /dev/null (echo "netrc_path: /dev/null" > .conjurrc) but it feels quite hacky.

[szh]

Another workaround would be to add "credential_storage: none" to your .conjurrc file or set the environment variable "CONJUR_CREDENTIAL_STORAGE" to "none". Can you please try these and confirm it works?

[szh]

We're going to update the documentation to make this use case clearer. Thank you for your report.
Tracking internally as CNJR-10891.

[szh]

This was completed in 51b9101