finch icon indicating copy to clipboard operation
finch copied to clipboard

Published 20 hours ago verified publisher icon runfinch

Change ~/.finch/config.json to support compatibility with CDK `DockerImageAsset`

Open bestickley opened this issue 11 months ago • 2 comments

What is the problem you're trying to solve?. I want to use amazon-ecr-credential-helper and CDK DockerImageAsset with the default finch configuration when setting in ~/.finch/finch.yml:

...
creds_helpers:
    - ecr-login
...

The issue is that this is the default ~/.finch/config.json

{
  "auths": null,
  "credsStore": "ecr-login",
  "credHelpers": {
    "\u003caws_account_id\u003e.dkr.ecr.\u003cregion\u003e.amazonaws.com": "ecr-login",
    "public.ecr.aws": "ecr-login"
  }
}

which results in:

lh-stickb-ui:  fail: finch login --username AWS --password-stdin https://905418358903.dkr.ecr.us-east-1.amazonaws.com exited with error code 1: time="2024-03-22T14:51:19-04:00" level=fatal msg="error saving credentials: error storing credentials - err: exit status 1, out: `not implemented`"
time="2024-03-22T14:51:19-04:00" level=fatal msg="exit status 1"

 ✅  lh-stickb/waf (lh-stickb-waf)

✨  Deployment time: 16.95s

Outputs:
lhstickbwaf0E039344.ExportsOutputFnGetAttWebAclWebACL3192DCA0ArnBB7121F8 = arn:aws:wafv2:us-east-1:905418358903:global/webacl/WebAclWebACL3192DCA0-mrmywPfb2gdP/eda881af-134e-42d3-9e4d-a25cee84b343
Stack ARN:
arn:aws:cloudformation:us-east-1:905418358903:stack/lh-stickb-waf/2a42f010-e87d-11ee-8269-12325472a021

✨  Total time: 25.51s


 ❌ Deployment failed: Error: Failed to build asset 486609821cfe629a0d8dab810602b058c1bf37243dae58bada1c58c478602831:905418358903-us-east-1
    at Deployments.buildSingleAsset (/Users/stickb/Code/dos/lighthouse/node_modules/.pnpm/[email protected]/node_modules/aws-cdk/lib/index.js:431:11312)
    at async Object.buildAsset (/Users/stickb/Code/dos/lighthouse/node_modules/.pnpm/[email protected]/node_modules/aws-cdk/lib/index.js:431:194378)
    at async /Users/stickb/Code/dos/lighthouse/node_modules/.pnpm/[email protected]/node_modules/aws-cdk/lib/index.js:431:178767

Failed to build asset 486609821cfe629a0d8dab810602b058c1bf37243dae58bada1c58c478602831:905418358903-us-east-1
 ELIFECYCLE  Command failed with exit code 1.

The root issue seems to be "credsStore": "ecr-login",. When I remove it, CDK can deploy no problem and my ~/.finch/config.json then looks like:

{
	"auths": {
		"905418358903.dkr.ecr.us-east-1.amazonaws.com": {
			"auth": "QVdTOmV5SndZWGxzYjJGa0lqb2ljSGQ0VDNwS1dWWk5lRk4..."
		}
	},
	"credHelpers": {
		"\u003caws_account_id\u003e.dkr.ecr.\u003cregion\u003e.amazonaws.com": "ecr-login",
		"public.ecr.aws": "ecr-login"
	}
}

Describe the feature you'd like Fix finch configuration to be compatible with CDK DockerImageAsset

Additional context Add any other context or screenshots about the feature request here.

bestickley avatar Mar 22 '24 19:03 bestickley

Actually, removing "credsStore": "ecr-login", breaks finch pull using AWS Creds based on your profile. But then that breaks CDK. So I'm not sure how to create a solution that solves both cases :(

Is there any way for finch pull to use AWS creds but to also allow commands like finch login --username AWS --password-stdin https://905418358903.dkr.ecr.us-east-1.amazonaws.com to work?

This issues seems related: https://github.com/awslabs/amazon-ecr-credential-helper/issues/102

bestickley avatar Mar 27 '24 16:03 bestickley

Now that https://github.com/awslabs/amazon-ecr-credential-helper/pull/847, as soon as the next feature release of amazon-ecr-credential-helper is done, we can use the new AWS_ECR_IGNORE_CREDS_STORAGE

pendo324 avatar Aug 27 '24 14:08 pendo324