Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Credentials error when using a common docker asset as base image for other docker assets #6466

Closed
jogold opened this issue Feb 26, 2020 · 1 comment · Fixed by #6471
Closed

Credentials error when using a common docker asset as base image for other docker assets #6466

jogold opened this issue Feb 26, 2020 · 1 comment · Fixed by #6471
Assignees
@eladb
Labels
@aws-cdk/assets Related to the @aws-cdk/assets package bug This issue is a bug. in-progress This issue is being actively worked on.

Comments

@jogold
Copy link
Contributor

jogold commented Feb 26, 2020
edited
Loading

Using a common docker asset as base image for other docker assets can lead to credentials error when building.

If the common docker asset already exists docker build and docker login will be skipped. When building the docker asset that uses the common docker asset as base image docker build will fail because it won't be able to pull the base image.

The fix is simple: always call docker login before calling docker build.

Reproduction Steps

Consider the following pattern to "reuse" a common docker asset as base image in other docker assets:

/**
 * A construct that creates a common docker asset that can be used
 * in multiple stacks as base image
 */
class CommonDockerAsset extends cdk.Construct {
  public readonly imageTag: string;

  constructor(scope: cdk.Construct, id: string) {
    super(scope, id);

    const asset = new assets.DockerImageAsset(this, 'Image', {
      directory: path.join(__dirname, '../common-docker'),
    });

    this.imageTag = asset.sourceHash;
  }
}
# Dockerfile for asset in StackA that should use the common docker
# asset as base image
ARG TAG
FROM 123456789012.dkr.ecr.eu-west-1.amazonaws.com/aws-cdk/assets:$TAG

COPY ...

/**
 * Use it in StackA and pass TAG as build arg
 */
class StackA extends TaggedStack {
  constructor(scope: cdk.Construct, id: string) {
    super(scope, id);

    const commonDockerAsset = new CommonDockerAsset(this, 'CommonDockerAsset');
    const taskDefinition = new ecs.FargateTaskDefinition(this, 'TaskDef');
    taskDefinition.addContainer('Container', {
      image: ecs.ContainerImage.fromAsset(path.join(__dirname, '../stack-docker'), {
        buildArgs: { TAG: commonDockerAsset.imageTag },
      }),
    });
  }
}

Error Log

The error no basic auth credentials is returned on docker build if the docker asset in StackA has changed but not the common docker asset.

Environment

  • CLI Version : 1.25.0
  • Framework Version: 1.25.0
  • OS : all
  • Language : all

This is 🐛 Bug Report
@jogold jogold added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Feb 26, 2020
jogold added a commit to jogold/aws-cdk that referenced this issue Feb 26, 2020
@jogold
fix(docker): cannot use cdk docker assets as base image
a6ae88f 
Ensure `docker login` is called before `docker build` to allow using cdk docker
assets as base image for other docker assets.

Fixes aws#6466
@jogold jogold mentioned this issue Feb 26, 2020
Merged
@SomayaB SomayaB added in-progress This issue is being actively worked on. @aws-cdk/assets Related to the @aws-cdk/assets package and removed needs-triage This issue or PR still needs to be triaged. labels Feb 27, 2020
@mergify mergify bot closed this as completed in #6471 Feb 27, 2020
mergify bot added a commit that referenced this issue Feb 27, 2020
@jogold @mergify
fix(docker): cannot use cdk docker assets as base image (#6471)
983dd40 
Ensure `docker login` is called before `docker build` to allow using cdk docker
assets as base image for other docker assets.

Fixes #6466

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
@jogold
Copy link
Contributor Author

jogold commented Feb 27, 2020
edited
Loading

@rix0rrr this pattern is not perfect since the account id and region are tokens meaning that you cannot use them in FROM 123456789012.dkr.ecr.eu-west-1.amazonaws.com/aws-cdk/assets:$TAG but it works by manually setting those values and I'm using it.

I think that the build order is preserved and if not you can make a stack instead of a construct for the common docker asset. The stack will be empty but will always be processed before the consuming stacks.

@jogold jogold mentioned this issue May 12, 2021
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eladb eladb

Labels
@aws-cdk/assets Related to the @aws-cdk/assets package bug This issue is a bug. in-progress This issue is being actively worked on.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(docker): cannot use cdk docker assets as base image jogold/aws-cdk
3 participants
@eladb @jogold @SomayaB