Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to push/pull images from ECR on AWS GovCloud #346

Open
bartlett-ops opened this issue Aug 5, 2022 · 2 comments
Open

Unable to push/pull images from ECR on AWS GovCloud #346

bartlett-ops opened this issue Aug 5, 2022 · 2 comments

Comments

@bartlett-ops
Copy link
Contributor

bartlett-ops commented Aug 5, 2022

This resource is incompatible with ECR on AWS GovCloud. This is because the version of Amazon ECR Credentials Helper is very out of date.

Reproduction

resources:
  - name: my-image
    type: docker-image
    source:
      repository: 000000000000.dkr.ecr.us-gov-west-1.amazonaws.com/my-image
      aws_access_key_id: XXXXXXXXXXX
      aws_secret_access_key: YYYYYYYYYYY
  - name: repo
    type: git
    source:
      uri: example.git
jobs:
    - get: repo
    - put: my-image
      params:
        build: repo
        dockerfile: Dockerfile
      get_params:
        save: true

I get the following build output from concourse:

Successfully built 8126927e3d7a
Successfully tagged 000000000000.dkr.ecr.us-gov-west-1.amazonaws.com/my-image:latest
Removing login credentials for https://index.docker.io/v1/
The push refers to repository [000000000000.dkr.ecr.us-gov-west-1.amazonaws.com/my-image]
6cd6a1e2a03a: Preparing
86fbec0e27c2: Preparing
01b36ebbd637: Preparing
758cc9a35e2b: Preparing
0ca51c72c51a: Preparing
879c0d8666e3: Preparing
20a7b70bdf2f: Preparing
3fc750b41be7: Preparing
beee9f30bc1f: Preparing
758cc9a35e2b: Waiting
0ca51c72c51a: Waiting
879c0d8666e3: Waiting
beee9f30bc1f: Waiting
3fc750b41be7: Waiting
20a7b70bdf2f: Waiting
no basic auth credentials

On inspection of the log file ~/.ecr/log/ecr-login.log.2022-08-05-13 I see the following:

2022-08-05T13:28:14Z [DEBUG] Checking file cache for 000000000000
2022-08-05T13:28:14Z [DEBUG] Calling ECR.GetAuthorizationToken for 000000000000
2022-08-05T13:28:14Z [ERROR] Error retrieving credentials: MissingEndpoint: 'Endpoint' configuration is required for this service

Resolution

I attempted to update go.mod to use the following:

require (
  ...
  github.com/awslabs/amazon-ecr-credential-helper v0.6.0
  ...
)

But I'm not much of a Go programmer, so couldn't get the container to build properly.

Workaround

As a workaround I added the updated binary after the container is built which solved the problem.

FROM concourse/docker-image-resource:1.6.3
ADD --chown=root:root https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.6.0/linux-amd64/docker-credential-ecr-login /opt/resource/ecr-login
RUN chmod +x /opt/resource/ecr-login

Related Issues

@xtremerui
Copy link
Contributor

The lib is very outdated indeed. PR is welcome.

@bartlett-ops
Copy link
Contributor Author

This is my attempt at a PR: #347
Unfortunately the build fails with:

Step 16/27 : RUN go build -o /assets/ecr-login github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cmd
 ---> Running in 3fbc557b1092
no required module provides package github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cmd; to add it:
        go get github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cmd

Running the suggested command errors with:

root@09a0f42ba1b0:/concourse/docker-image-resource# go get github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cmd
go: module github.com/awslabs/amazon-ecr-credential-helper/ecr-login@upgrade found (v0.0.0-20220802171026-617dc7abb2ea), but does not contain package github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cmd

I'm not really sure how to proceed here. My guess is that the ecr-login package has been moved renamed?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants