Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

ECR authentication 401 error

See original GitHub issue

Hi, I am trying to push image to my private ECR registry using specific credentials and receive 401 error with com.google.cloud.tools.jib.registry.RegistryUnauthorizedException.

Here is my gradle file:

plugins {
	id 'org.springframework.boot' version '2.1.3.RELEASE'
	id 'java'
  	id 'com.google.cloud.tools.jib' version '1.0.2'
}

apply plugin: 'io.spring.dependency-management'

group = 'jib.example'
version = '0.0.1-SNAPSHOT'
sourceCompatibility = '1.8'

jib {
  to {
    image = 'ecrregistryname/imagename'
    auth {
      username = 'myusername'
      password = 'mypass'
    }
  }
}

repositories {
	mavenCentral()
}

dependencies {
	implementation 'org.springframework.boot:spring-boot-starter'
	testImplementation 'org.springframework.boot:spring-boot-starter-test'
}

When I run ‘./gradlew jib’ command for build and send image to registry I receive this stack trace:

➜  demo ./gradlew jib
Starting a Gradle Daemon (subsequent builds will be faster)

Containerizing application to ecrregistryname/imagename...

Container entrypoint set to [java, -cp, /app/resources:/app/classes:/app/libs/*, jib.example.demo.DemoApplication]
Executing tasks:
[===================           ] 63.3% complete
> pushing blob sha256:1d5094f53ae36d97e43cba46c...
> pushing blob sha256:fa01784221323d6d567b4da1c...
> pushing blob sha256:92e3c1d4d4f8e6d49263af6c8...
> pushing blob sha256:5f5edd681dcbc3a4a9df93e20...
> pushing blob sha256:3e010093287c245d72a774033...
> pushing blob sha256:41d633039bbf795b04c097c6f...
> pushing blob sha256:6cf9238d11686a3fe2c4cf833...

> Task :jib FAILED

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':jib'.
> com.google.cloud.tools.jib.plugins.common.BuildStepsExecutionException: Build image failed, perhaps you should make sure your credentials for 'ecrregistryname' are set up correctly

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
Got more than one input Future failure. Logging failures after the first
com.google.cloud.tools.jib.registry.RegistryUnauthorizedException: Unauthorized for ecrregistryname/imagename
        at com.google.cloud.tools.jib.registry.RegistryEndpointCaller.call(RegistryEndpointCaller.java:271)
        at com.google.cloud.tools.jib.registry.RegistryEndpointCaller.callWithAllowInsecureRegistryHandling(RegistryEndpointCaller.java:152)
        at com.google.cloud.tools.jib.registry.RegistryEndpointCaller.call(RegistryEndpointCaller.java:142)
        at com.google.cloud.tools.jib.registry.RegistryClient.callRegistryEndpoint(RegistryClient.java:356)
        at com.google.cloud.tools.jib.registry.RegistryClient.checkBlob(RegistryClient.java:241)
        at com.google.cloud.tools.jib.builder.steps.PushBlobStep.call(PushBlobStep.java:116)
        at com.google.cloud.tools.jib.builder.steps.PushBlobStep.call(PushBlobStep.java:40)
        at com.google.common.util.concurrent.CombinedFuture$CallableInterruptibleTask.runInterruptibly(CombinedFuture.java:180)
        at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:57)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: com.google.api.client.http.HttpResponseException: 401 Unauthorized
        at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1102)
        at com.google.cloud.tools.jib.http.Connection.send(Connection.java:200)
        at com.google.cloud.tools.jib.registry.RegistryEndpointCaller.call(RegistryEndpointCaller.java:232)
        ... 11 more

Got more than one input Future failure. Logging failures after the first
com.google.cloud.tools.jib.registry.RegistryUnauthorizedException: Unauthorized for 555818183070.dkr.ecr.us-east-2.amazonaws.com/jib-demo
        at com.google.cloud.tools.jib.registry.RegistryEndpointCaller.call(RegistryEndpointCaller.java:271)
        at com.google.cloud.tools.jib.registry.RegistryEndpointCaller.callWithAllowInsecureRegistryHandling(RegistryEndpointCaller.java:152)
        at com.google.cloud.tools.jib.registry.RegistryEndpointCaller.call(RegistryEndpointCaller.java:142)
        at com.google.cloud.tools.jib.registry.RegistryClient.callRegistryEndpoint(RegistryClient.java:356)
        at com.google.cloud.tools.jib.registry.RegistryClient.checkBlob(RegistryClient.java:241)
        at com.google.cloud.tools.jib.builder.steps.PushBlobStep.call(PushBlobStep.java:116)
        at com.google.cloud.tools.jib.builder.steps.PushBlobStep.call(PushBlobStep.java:40)
        at com.google.common.util.concurrent.CombinedFuture$CallableInterruptibleTask.runInterruptibly(CombinedFuture.java:180)
        at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:57)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: com.google.api.client.http.HttpResponseException: 401 Unauthorized
        at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1102)
        at com.google.cloud.tools.jib.http.Connection.send(Connection.java:200)
        at com.google.cloud.tools.jib.registry.RegistryEndpointCaller.call(RegistryEndpointCaller.java:232)
        ... 11 more
* Get more help at https://help.gradle.org

As I understand this could be an issue with http/https proxy. In documentation I found this section - https://github.com/GoogleContainerTools/jib/blob/master/docs/faq.md#how-do-i-configure-a-proxy, but I didn’t find how exactly build command should look like in my simple case to fix this issue. Could you please create some example how to do it?

Also, I tried to use allowInsecureRegistries flag, but this wasn’t have any impact on this issue.

Thank you!

Issue Analytics

State:
Created 5 years ago
Comments:15 (7 by maintainers)

Top GitHub Comments

4reactions

mboldyshcommented, Jul 26, 2020

Yes, I misunderstood the idea of proxy here. This is exactly not what I looking for. @briandealwis @chanseokoh you were right the problem was with credentials. Instead of using credentials provided by ‘aws ecr get-login --no-include-email’ I was using user credentials. Thank you for help! The gradle.build version which work for me looks like this:

plugins {
	id 'org.springframework.boot' version '2.1.3.RELEASE'
	id 'java'
  	id 'com.google.cloud.tools.jib' version '1.0.2'
}

apply plugin: 'io.spring.dependency-management'

group = 'jib.example'
version = '0.0.1-SNAPSHOT'
sourceCompatibility = '1.8'

jib {
  to {
    image = '555818183070.dkr.ecr.us-east-2.amazonaws.com/jib-demo'
    auth {
      username = 'AWS'
      password = 'aws ecr get-login --no-include-email --region us-east-2'.execute().text.split(" ")[5]
    }
  }
}

repositories {
	mavenCentral()
}

dependencies {
	implementation 'org.springframework.boot:spring-boot-starter'
	testImplementation 'org.springframework.boot:spring-boot-starter-test'
}

Also, as the information that for login to ECR we should use a password from ‘aws ecr get-login --no-include-email’ is not present in jib README file maybe it’s something that can be improved.

Thanks!

1reaction

mboldyshcommented, Oct 10, 2021

Hi @kunalnov Looks like your Gitlab CI job doesn’t have AWS CLI installed so that when you run aws ecr get-login --no-include-email --region ap-southeast-2 in the password section you received this error. So, you need to install AWS CLI and login to you AWS account before run gradle command