Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Role arn not read from profile in config when using config file with web_identity_token_file #729

Open
imcdo opened this issue Jan 30, 2024 · 0 comments
Open

Role arn not read from profile in config when using config file with web_identity_token_file #729

imcdo opened this issue Jan 30, 2024 · 0 comments

Comments

@imcdo
Copy link

imcdo commented Jan 30, 2024
edited
Loading

When using amazon-ecr-credential-helper to pull from ECR, it fails to pull credentials from the default profile with the following stack trace:

Unable to find image '<account>.dkr.ecr.us-west-2.amazonaws.com/<image>' locally 37:21
panic: role ARN is not set 37:21
goroutine 1 [running]: 37:21
github.com/awslabs/amazon-ecr-credential-helper/ecr-login/api.DefaultClientFactory.NewClientFromRegion({}, {0xc00002bf9d?, 0x0?}) 37:21
 	/home/semaphore/git/go/1.21.5/pkg/mod/github.com/awslabs/amazon-ecr-credential-helper/[email protected]/api/factory.go:84 +0x190 37:21
 github.com/awslabs/amazon-ecr-credential-helper/ecr-login.ECRHelper.Get({{0x8aa120?, 0xb28ba0?}, 0xaf2cc0?}, {0xc000028f30, 0x2c}) 37:21
 	/home/semaphore/git/go/1.21.5/pkg/mod/github.com/awslabs/amazon-ecr-credential-helper/[email protected]/ecr.go:101 +0x113 37:21
 github.com/docker/docker-credential-helpers/credentials.Get({0x8a9d30, 0xc000012108}, {0x8a4e40?, 0xc00005e028?}, {0x8a4dc0, 0xc00005e030}) 37:21
 	/home/semaphore/git/go/1.21.5/pkg/mod/github.com/docker/[email protected]/credentials/credentials.go:154 +0x1fa 37:21
 github.com/docker/docker-credential-helpers/credentials.HandleCommand({0x8a9d30?, 0xc000012108?}, {0x7ffc942bad3e, 0x3}, {0x8a4e40?, 0xc00005e028?}, {0x8a4dc0?, 0xc00005e030?}) 37:21
 	/home/semaphore/git/go/1.21.5/pkg/mod/github.com/docker/[email protected]/credentials/credentials.go:96 +0x97 37:21
 github.com/docker/docker-credential-helpers/credentials.Serve({0x8a9d30, 0xc000012108}) 37:21
 	/home/semaphore/git/go/1.21.5/pkg/mod/github.com/docker/[email protected]/credentials/credentials.go:80 +0x325 37:21
 main.main() 37:21
 	/home/semaphore/git/go/1.21.5/pkg/mod/github.com/awslabs/amazon-ecr-credential-helper/[email protected]/cli/docker-credential-ecr-login/main.go:52 +0x154 37:21
 docker: Error response from daemon: Head "https://<accoun>.dkr.ecr.us-west-2.amazonaws.com/v2/<image>": no basic auth credentials.

The default profile in the ~/.aws/config file is simply:

[profile default]
role_arn = arn:aws:iam::<account>:role/<role-name>
web_identity_token_file=<absolute path to existing token>

the panic originally coming from this projects call here.

eventually throwing the error here

Expected Behavior

It reads the default profile as it was not specified in the environment variables, and reads the role name specified there.

Current Behavior

It fails to find the specified role name even though it is specified in the config.
Reproduction Steps

create a .aws/config file that has a default profile that assumes a role via a web_identity_token_file
configure docker to use amazon-ecr-credential-helper
attempt to pull an image

Operating System and version

Ubuntu 20.04

also opened a similar issue here that was closed as I was asked to redirect here.
aws/aws-sdk-go-v2#2469
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@imcdo