-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(assets): docker login clashes with ecr-login #32925
Comments
@SamStephens , Thanks for reporting this.CDK Team is aware of the issue. Apparently the issue was caused by ECR team's code change and they are working on a fix right now. Will share more updates as we get them. |
Hi,
While
returns:
As I said, extremely weird, but "Windows works in mysterious ways". |
Also getting the same issue on my CI pipelines and locally.
|
Thanks for having patience. Using IAM User credentials when calling ECR's GetAuthorizationToken API results in a shorter token size, which may be a potential workaround. Mitigation is currently in progress. |
@khushail it looks like the token length issue has been resolved: aws/aws-cli#5636 (comment). I've confirmed I'm now able to build and deploy docker images using CDK. Of course, this doesn't change the fact that amazon-ecr-credential-helper cannot be used with the CDK, and it would be good if it could be used with it. |
Thanks for sharing the update @SamStephens . Since this is still an issue from CDK Side, keeping this issue open for action by the team. |
Describe the bug
This is a reopening of #14265, which was closed for inactivity. However, allowing usage of https://github.com/awslabs/amazon-ecr-credential-helper has become substantially more urgent because ECR have recently made a change to increase the length of tokens beyond the size that the Windows credential manager can store, 2500 characters. This is completely breaking for Windows users of Docker with ECR, and as amazon-ecr-credential-helper does not work with CDK and https://github.com/dougrday/docker-credential-plaintext did not work for me, Windows users are left with no option other than to code their own credential manager (or patch amazon-ecr-credential-helper to behave as though
AWS_ECR_IGNORE_CREDS_STORAGE=true
were set).The only reason I'm not completely blocked by this is because I have an EC2 Ubuntu machine configured that I can use to do my CDK deploys.
See aws/aws-cli#5636 and aws/containers-roadmap#1589 for context.
Regression Issue
Last Known Working CDK Version
No response
Expected Behavior
Either to be able to use amazon-ecr-credential-helper with CDK, or for ECR tokens to comply with the 2,500 character limit Windows Credential Manager imposes.
Current Behavior
No way to use CDK Docker on Windows.
The actual issue I face is that when I try and use amazon-ecr-credential-helper, I need to set
AWS_ECR_IGNORE_CREDS_STORAGE=true
, as CDK expects to be able to usedocker login
with the credentials it receives. However when I call the CDK CLI with that environment variable set, I still see theError saving credentials: error storing credentials - err: exit status 1, out:
not implemented` error from Docker, indicating that however CDK invokes Docker, that environment variable is presumably not passed through.Reproduction Steps
Perform any deploy involving Docker on Windows.
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
n/a
Framework Version
No response
Node.js Version
n/a
OS
Windows and WSL
Language
Python, TypeScript, Java, .NET, Go
Language Version
No response
Other information
No response
The text was updated successfully, but these errors were encountered: