containers-roadmap icon indicating copy to clipboard operation
containers-roadmap copied to clipboard
verified publisher icon aws

[ECR] [request]: public registry pulling manifests

Open elgohr opened this issue 3 years ago • 3 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request Enable pulling manifests of a public repository, possibly by implementing the /v2/name/manifests/reference endpoint https://github.com/opencontainers/distribution-spec/blob/main/spec.md#pull. At the moment this endpoint is returning HTTP 401. E.g.: https://public.ecr.aws:443/v2/lambda/go/manifests/latest -> 401

Which service(s) is this request for? ECR Public

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? Trying to use GitHub Dependabot for updating images hosted on public.ecr.aws. In addition to this request, https://github.com/aws/containers-roadmap/issues/1262 is also needed for that.

Are you currently working around this issue? No workaround.

elgohr avatar Aug 16 '22 07:08 elgohr

May relate to: https://github.com/dependabot/dependabot-core/issues/4212

Maximisch avatar Aug 16 '22 07:08 Maximisch

@elgohr is this reproducible for you? These API endpoints are implemented as you suggest, and I don't get the result above.

e.g.

$ TOKEN=$(curl -k https://public.ecr.aws/token/ | jq -r '.token')
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   665  100   665    0     0   5014      0 --:--:-- --:--:-- --:--:--  5195

$ curl -k -H "Authorization: Bearer $TOKEN"  https://public.ecr.aws/v2/lambda/go/manifests/latest

{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
   "config": {
      "mediaType": "application/vnd.docker.container.image.v1+json",
      "size": 2776,
      "digest": "sha256:3605ceac661f1ccc2f08c307a3f6fa54d48f3e97340314c6fb5d2cd140d4a74b"
   },
   "layers": [
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 327298686,
         "digest": "sha256:80c44bd2c8a9d905e3faa8d1ebddabb4b2e1c42cd0f34f842a1913c34b7728f3"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 94557,
         "digest": "sha256:7f030490281d0b7d9b10355babc35327481b1714d165faef751cb65fe5435bca"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 418,
         "digest": "sha256:6d4ef02dbc25ae24524bfd681ab9cbead25e9c8cd09e9ff29de3b57a402eaacb"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 2300040,
         "digest": "sha256:cdd8ca1359da62939937da9888140b5835b3c7455a177c059a6a3badb54a93fd"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 3094803,
         "digest": "sha256:6706fab784a6222a17b82a616cc03201fd5b15f59ef09355405ba8f95f86f548"
      }
   ]
}

jlbutler avatar Aug 26 '22 18:08 jlbutler

Thanks for the hint. Where did you get the token endpoint from? Didn't find any documentation and AWS support also didn't know anything about it.

elgohr avatar Aug 26 '22 18:08 elgohr

Closing in favor of https://github.com/dependabot/dependabot-core/issues/4212#issuecomment-1256862710

elgohr avatar Sep 29 '22 11:09 elgohr