-
Bug
-
Resolution: Fixed
-
Blocker
-
None
-
Jenkins 2.4
Docker Build and Publish plugin 1.2.2 (+ PR #41)
In an attempt to start moving away from our self-hosted Docker Registry. I came across this plugin to make it easier to push to Amazon ECR. And after a (fairly) quick fix of the Docker Build and Publish plugin. Time had come to make that happen.
But instead I am getting the this error when it attempt to push. So something is wrong.
The push refers to a repository [somerepo.dkr.ecr.eu-west-1.amazonaws.com/imagename] 1b29323a75d2: Preparing 5bf87793f977: Preparing 5ccb950f635d: Preparing 965c3fc60463: Preparing f354df03c5c3: Preparing 5f70bf18a086: Preparing 5f70bf18a086: Preparing 9523ecdf69b1: Preparing 5f70bf18a086: Preparing 5f70bf18a086: Preparing 5f70bf18a086: Preparing 5f70bf18a086: Preparing 6d7b4f405a28: Preparing 5f70bf18a086: Preparing 5f70bf18a086: Preparing 099efa904cb9: Preparing 8f83f19c7186: Preparing 1621d30a7846: Preparing e989ce4ed35e: Preparing ae30a2e42fe4: Preparing 461f75075df2: Preparing 5f70bf18a086: Preparing 5f70bf18a086: Preparing 6d7b4f405a28: Waiting 099efa904cb9: Waiting 8f83f19c7186: Waiting 1621d30a7846: Waiting e989ce4ed35e: Waiting ae30a2e42fe4: Waiting 461f75075df2: Waiting 5f70bf18a086: Waiting 9523ecdf69b1: Waiting f354df03c5c3: Image push failed f354df03c5c3: Image push failed 461f75075df2: Waiting ae30a2e42fe4: Waiting e989ce4ed35e: Waiting 1621d30a7846: Waiting 8f83f19c7186: Waiting 099efa904cb9: Waiting 6d7b4f405a28: Waiting 9523ecdf69b1: Waiting 5f70bf18a086: Waiting Error parsing HTTP response: invalid character 'Y' looking for beginning of value: "Your Authorization Token has expired. Please run 'aws ecr get-login' to fetch a new one." Build step 'Docker Build and Publish' marked build as failure
In the panel for updating the credentials I also get the message:
These credentials are valid but do not have access to the "AmazonEC2" service in the region "us-east-1". This message is not a problem if you need to access to other services or to other regions. Message: "You are not authorized to perform this operation. (UnauthorizedOperation)"
But I am using the AWS Managed policy "AmazonEC2ContainerRegistryPowerUser" to grant Jenkins access. And should pretty much have full access to all the ECR calls it needs. We do use it in 'eu-west-1' though. But the warning clearly states not to worry about it if we are not in that region.
- is related to
-
-
- Reopened
-
-
-
- Resolved
-
[JENKINS-34958] Getting "Your Authorization Token has expired" when using ECR credentials
Byte Flinger
added a comment - I think this may be an issue with either the AWS library or AWS itself.
I am making use of the aws java ecr sdk and the token I get back for login does not work even though the expiration date on it says it has not yet expired
Byte Flinger
added a comment - I think this may be an issue with either the AWS library or AWS itself.
I am making use of the aws java ecr sdk and the token I get back for login does not work even though the expiration date on it says it has not yet expired 
Even André Fiskvik
added a comment - byteflinger no, the issue is because you can't set what region you want your login to be valid for and a fix has already been made in the plugin that should fix this when a new version is released.
Even André Fiskvik
added a comment - byteflinger no, the issue is because you can't set what region you want your login to be valid for and a fix has already been made in the plugin that should fix this when a new version is released. 
Stan Domula
added a comment - I saw that the fix was merged, is there a schedule for when the plugin gets a new release?
Stan Domula
added a comment - I saw that the fix was merged, is there a schedule for when the plugin gets a new release? 
Drew Halloran
added a comment - Adding my voice to the chorus clamoring for a release; this is holding me up from deploying an otherwise fantastically useful little plugin.
Drew Halloran
added a comment - Adding my voice to the chorus clamoring for a release; this is holding me up from deploying an otherwise fantastically useful little plugin. This is also preventing us from moving forward with this plugin. We are in us-west-2. Is there any timeline at all for this? It would greatly help to know so we can either wait or move on to other solutions.
Thanks
Alex Richards
added a comment - Hi davidfic_cybric, modeengage,
We managed to resolve this problem, after almost 3 weeks of conversation with AWS Support, by using the ecr-credential-helper.
You can find the helper and documentation here: https://github.com/awslabs/amazon-ecr-credential-helper
Good Luck!
Alex Richards
added a comment - Hi davidfic_cybric , modeengage ,
We managed to resolve this problem, after almost 3 weeks of conversation with AWS Support, by using the ecr-credential-helper.
You can find the helper and documentation here: https://github.com/awslabs/amazon-ecr-credential-helper
Good Luck! When this patch is going to be released? This is a blocking issue for our company.
Hi guys, i've found that adding the --region $region_name to the aws ecr get-login command fixed a similar issue. would it be possible to add --region to the plugin and deploy. You can see this usage from the AWS - ECS Console click your repository link. Then click the "View Push Command" button. It shows the use of the --region option. Is this being used by the ECR Jenkins plugin?
Although i'm not completely convinced this is just a problem with this plugin. prior to today the plugin worked fine. However I upgraded my AWSCLI client to the latest version as well today (for some stupid reason) and now this plugin doesn't work.
#annoying
CL W
added a comment - - edited Hi guys, i've found that adding the --region $region_name to the aws ecr get-login command fixed a similar issue. would it be possible to add --region to the plugin and deploy. You can see this usage from the AWS - ECS Console click your repository link. Then click the "View Push Command" button. It shows the use of the --region option. Is this being used by the ECR Jenkins plugin?
Although i'm not completely convinced this is just a problem with this plugin. prior to today the plugin worked fine. However I upgraded my AWSCLI client to the latest version as well today (for some stupid reason) and now this plugin doesn't work.
#annoying 
Chima Atufunwa
added a comment - Give setting this env a try, AWS_ECR_DISABLE_CACHE. It causes the plugin to not use the local cache.
Source, https://github.com/awslabs/amazon-ecr-credential-helper/pull/3
Chima Atufunwa
added a comment - Give setting this env a try, AWS_ECR_DISABLE_CACHE. It causes the plugin to not use the local cache.
Source, https://github.com/awslabs/amazon-ecr-credential-helper/pull/3 
Code changed in jenkins
User: Nicolas De loof
Path:
src/main/java/com/cloudbees/jenkins/plugins/amazonecr/AmazonECSRegistryCredential.java
src/main/java/com/cloudbees/jenkins/plugins/amazonecr/AmazonECSRegistryCredentialsProvider.java
http://jenkins-ci.org/commit/amazon-ecr-plugin/8e02db93ae9c92bda407e55ecb4fa23ce84986d2
Log:
Merge pull request #6 from logbon72/
JENKINS-34958-add-regionCompare: https://github.com/jenkinsci/amazon-ecr-plugin/compare/8004d9b6c556...8e02db93ae9c