AWS ECR with jib.to.auth.username does not work
See original GitHub issueEnvironment:
- Jib version: 2.4.0
- Build tool: maven 3.6.3
- OS: MacOs
Description of the issue:
Running the command:
mvn compile com.google.cloud.tools:jib-maven-plugin:2.4.0:build Djib.to.auth.username=${AWS_ECR_KEY_USER} -Djib.to.auth.password=${AWS_ECR_SECRET} -Dimage=<MY IMAGE>
does not work and I get a 401 from the ECR registry
Expected behavior: Should build
Steps to reproduce: Create a mvn project with :
<build>
<plugins>
<plugin>
<groupId>com.google.cloud.tools</groupId>
<artifactId>jib-maven-plugin</artifactId>
<version>${jib.version}</version>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>build</goal>
</goals>
</execution>
</executions>
<configuration>
<from>
<image>gcr.io/distroless/java:8</image>
</from>
<to>
<image>
imageURI:/${project.artifactId}:${project.version}
</image>
<tags>latest</tags>
</to>
</configuration>
</plugin>
</plugins>
</build>
Log output: are set up correctly. See https://github.com/GoogleContainerTools/jib/blob/master/docs/faq.md#what-should-i-do-when-the-registry-responds-with-unauthorized for help: Unauthorized forimageURI: 401 Unauthorized -> [Help 1]
AWS_ECR_KEY_USER and AWS_ECR_SECRET are my aws credentials this seems not to work. If I don’t pass the -Djib.to.auth.username it will grab it from amazon-ecr-credential-helper which in my case works and the credentials are the same. That’s why I think this is a bug.
Issue Analytics
- State:
- Created 3 years ago
- Comments:6 (6 by maintainers)
Top GitHub Comments
For those coming to this thread, see https://serverfault.com/questions/1004915/what-is-the-proper-way-to-log-in-to-ecr and #2628 to understand the issue. However, we recommend using a credential helper instead of
jib.to.auth
. For a solution for GitHub Actions, see https://github.com/GoogleContainerTools/jib/issues/2627#issuecomment-663872634.Also, this Stack Overflow answer gives a more in-depth explanation on how registries accept credentials from registry clients (including Jib).
Then let’s close this. PS: Thanks for the extreme quick feedback !