Docker-py: Pulling after logging in to ecr registry appears not to work

Created on 18 Oct 2018  路  4Comments  路  Source: docker/docker-py

Apologies if this is just an oversight on my part, but it stumped me today.

Assuming I have gotten the ecr credentials from boto already in an object called creds, when I do:

client = from_env()
client.login(creds.username, password=creds.password, registry=creds.endpoint)

I get:

{u'IdentityToken': u'', u'Status': u'Login Succeeded'}

Great so far! And I inspect:

client.api.__dict__

I get:

{'_auth_configs': {'auths': {'registry_i_just_logged_into': {'email': None,
'password': 'xxxxxxxxxxxxx',
'serveraddress': 'registry_i_just_logged_into',
'username': 'xxxxxxx'},
u'some_other_registry': {},
'credsStore': u'osxkeychain'}
.... (etc, etc)

Still so far, so good. But when I then do:

client.images.pull("registry_i_just_logged_into/some_repo", tag="latest")

Or when I do (from a command line, and not expecting this to work):

docker pull registry_i_just_logged_into/some_repo:latest

I always get:

Error response from daemon: pull access denied for some_repo, repository does not exist or may require 'docker login'

Despite the fact that, if I do (with the same username and password I used to log in):

client.images.pull("registry_i_just_logged_into/some_repo", tag="latest", auth_config={'username': creds.username, 'password': creds.password})

It works no problems.

I'm dumb. What am I doing wrong?

Thanks!

kinbug leveapiclient
Source
picture Karhide

Most helpful comment

So to follow on, is there a way I can make this not happen? I'd like any users of my code to not have to go through the same thing.

picture Karhide on 18 Oct 2018
👍2

All 4 comments

What version of the library are you using?

Your credsStore probably overrides the login you provided through the command. Try removing that from your config file and see if that resolves the issue (not saying the current behavior is correct though, just that it's probably what's happening)

shin- picture shin- on 18 Oct 2018
👍1

Library version 3.5.0. I'll give your suggestion a try, thanks!

Edit: Can confirm, deleting credsStore from the config made this work.

Karhide picture Karhide on 18 Oct 2018

So to follow on, is there a way I can make this not happen? I'd like any users of my code to not have to go through the same thing.

Karhide picture Karhide on 18 Oct 2018
👍2

I'm running into this issue as well. I can't auth into ECR for one of my builds, and the build command doesn't accept auth_config, so I'm boned :(

new-guy picture new-guy on 14 Nov 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ko-christ picture ko-christ  路  3Comments
sureshsankaran picture sureshsankaran  路  4Comments
mlazze picture mlazze  路  3Comments
rcoh picture rcoh  路  4Comments
pavdmyt picture pavdmyt  路  3Comments