Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pushing to an AWS registry with invalid credentials returns the error "EOF" #485

Closed
AaronFriel opened this issue Feb 9, 2023 · 0 comments · Fixed by #506
Closed

Pushing to an AWS registry with invalid credentials returns the error "EOF" #485

AaronFriel opened this issue Feb 9, 2023 · 0 comments · Fixed by #506
Assignees
Labels
4.x.x kind/enhancement Improvements or new features resolution/fixed This issue was fixed
Milestone

Comments

@AaronFriel
Copy link
Contributor

While debugging multi-account registry behavior, we discovered that pushes to an AWS Elastic Container Registry return an error message that that isn't as helpful as we'd like to users.

We should capture the EOF error produced below and emit an error that suggests to check the registry name and credentials instead.

Steps to reproduce

Given two AWS accounts numbers, 12345... and 67890... Log in with the first account in your terminal, generate Docker credentials using that account, then docker login to the second account:

REGION="us-west-2"
# Log in to 12345
aws sso login
# Use the 12345 credentials to generate a token for the other account's registry
# ⚠️ This is intentionally incorrect!
aws ecr get-login-password --region "$REGION" \
  | docker login --username AWS --password-stdin "67890.dkr.ecr.${REGION}.amazonaws.com"

Then create a repository for that 67890 account, such as hello-world.

Then run a Pulumi program like so:

const REGION = "us-west-2"
const image2 = new docker.Image("my-image", {
    imageName: `67890.dkr.ecr.${REGION}.amazonaws.com/hello-world,
    build: {
        context: "./app",
    },
});

Expected result

The Pulumi program errors due to incorrect credentials.

Actual result

As Pulumi is wrapping the output of the Docker Engine daemon, we see the same output that docker push provides:

The push refers to repository [67890.dkr.ecr.us-west-2.amazonaws.com/hello-world]
949acf1cb73a: Retrying in 1 second 
4c67e4044f8c: Retrying in 1 second 
EOF

The last line, "EOF", is the final error of the program, and fails to direct users toward identifying the issue as an authentication error or, likely the case with AWS' registry implementation, a 404 not found.

@AaronFriel AaronFriel added 4.x.x kind/task Work that's part of an ongoing epic kind/enhancement Improvements or new features and removed kind/task Work that's part of an ongoing epic labels Feb 9, 2023
@AaronFriel AaronFriel added this to the 0.85 milestone Feb 9, 2023
@guineveresaenger guineveresaenger self-assigned this Feb 28, 2023
@pulumi-bot pulumi-bot added the resolution/fixed This issue was fixed label Mar 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
4.x.x kind/enhancement Improvements or new features resolution/fixed This issue was fixed
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants