You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While debugging multi-account registry behavior, we discovered that pushes to an AWS Elastic Container Registry return an error message that that isn't as helpful as we'd like to users.
We should capture the EOF error produced below and emit an error that suggests to check the registry name and credentials instead.
Steps to reproduce
Given two AWS accounts numbers, 12345... and 67890... Log in with the first account in your terminal, generate Docker credentials using that account, then docker login to the second account:
REGION="us-west-2"# Log in to 12345
aws sso login
# Use the 12345 credentials to generate a token for the other account's registry# ⚠️ This is intentionally incorrect!
aws ecr get-login-password --region "$REGION" \
| docker login --username AWS --password-stdin "67890.dkr.ecr.${REGION}.amazonaws.com"
Then create a repository for that 67890 account, such as hello-world.
The Pulumi program errors due to incorrect credentials.
Actual result
As Pulumi is wrapping the output of the Docker Engine daemon, we see the same output that docker push provides:
The push refers to repository [67890.dkr.ecr.us-west-2.amazonaws.com/hello-world]
949acf1cb73a: Retrying in 1 second
4c67e4044f8c: Retrying in 1 second
EOF
The last line, "EOF", is the final error of the program, and fails to direct users toward identifying the issue as an authentication error or, likely the case with AWS' registry implementation, a 404 not found.
The text was updated successfully, but these errors were encountered:
While debugging multi-account registry behavior, we discovered that pushes to an AWS Elastic Container Registry return an error message that that isn't as helpful as we'd like to users.
We should capture the
EOF
error produced below and emit an error that suggests to check the registry name and credentials instead.Steps to reproduce
Given two AWS accounts numbers, 12345... and 67890... Log in with the first account in your terminal, generate Docker credentials using that account, then
docker login
to the second account:Then create a repository for that 67890 account, such as
hello-world
.Then run a Pulumi program like so:
Expected result
The Pulumi program errors due to incorrect credentials.
Actual result
As Pulumi is wrapping the output of the Docker Engine daemon, we see the same output that
docker push
provides:The last line, "EOF", is the final error of the program, and fails to direct users toward identifying the issue as an authentication error or, likely the case with AWS' registry implementation, a 404 not found.
The text was updated successfully, but these errors were encountered: