Update aws sdk to v1.37.32

[lachlancooper]

Description of changes:

Fixes #229

aws-sdk-go v1.37.0 includes support for the AWS Single Sign-On (SSO) credential provider.

This allows the use of AWS SSO directly, without requiring an intermediate credential_process.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[kzys]

Did you run go mod tidy? I think we should be able to remove 1.36.0 here.

[lachlancooper]

Done in 09001a6

[samuelkarp]

@lachlancooper Thanks for opening this PR! I haven't had the chance to try out AWS SSO yet; were you able to validate that this change makes it work properly? If so, can you tell me a bit about how you tested it?

[lachlancooper]

@lachlancooper Thanks for opening this PR! I haven't had the chance to try out AWS SSO yet; were you able to validate that this change makes it work properly? If so, can you tell me a bit about how you tested it?

Apologies, I should have included that information in the PR first up!

I validated this by successfully pulling a private ECR image, using an AWS profile properly configured for SSO:

# setup
$ aws sso login --profile test
<LOGIN REDACTED>
$ PATH="${PWD}/bin/local:${PATH}"

# build
$ git co update-aws-sdk-go
Switched to branch 'update-aws-sdk-go'
Your branch is up to date with 'lachlancooper/update-aws-sdk-go'.
$ make
git rev-parse --short=7 HEAD > GITCOMMIT_SHA
./scripts/build_binary.sh ./bin/local 0.5.0 09001a6
Built ecr-login
$ docker-credential-ecr-login -v
amazon-ecr-credential-helper
Version:    0.5.0
Git commit: 09001a6

# test
$ AWS_PROFILE=test docker pull <REDACTED>.dkr.ecr.us-east-1.amazonaws.com/<REDACTED>:1.13
1.13: Pulling from <REDACTED>
d6ff36c9ec48: Already exists
c958d65b3090: Already exists
edaf0a6b092f: Already exists
80931cf68816: Already exists
...
Status: Downloaded newer image for <REDACTED>.dkr.ecr.us-east-1.amazonaws.com/<REDACTED>:1.13

Compare that behaviour against a build from current main:

# build
$ git co main
Switched to branch 'main'
Your branch is up to date with 'origin/main'.
$ make
git rev-parse --short=7 HEAD > GITCOMMIT_SHA
./scripts/build_binary.sh ./bin/local 0.5.0 7cf3d3d
go: downloading github.com/aws/aws-sdk-go v1.36.0
Built ecr-login
$ PATH="${PWD}/bin/local:${PATH}"
$ docker-credential-ecr-login -v
amazon-ecr-credential-helper
Version:    0.5.0
Git commit: 7cf3d3d

# test
$ AWS_PROFILE=test docker pull <REDACTED>.dkr.ecr.us-east-1.amazonaws.com/<REDACTED>
Error response from daemon: Head https://<REDACTED>.dkr.ecr.us-east-1.amazonaws.com/v2/<REDACTED>: no basic auth credentials

Please let me know if there's any other information I can include here.

[DavidJacob]

@samuelkarp I can confirm this also works for me. I built @lachlancooper 's fork locally, logged into AWS SSO (which is the only AWS CLI access I have locally) and successfully pulled images from private repos.

[dancmeyers]

This is something that would also be really useful for us, as it's the last thing in the way of SSOifying our processes. 👍

[ejhayes]

This works great for me on mac, but the windows version returns a basic auth error. I was able to confirm this works on both mac/windows after updating the aws-sdk go version (from v1.37.0 -> v1.37.32):

$ go get github.com/aws/aws-sdk-go
go: github.com/aws/aws-sdk-go upgrade => v1.37.32
go: downloading github.com/aws/aws-sdk-go v1.37.32

$ make windows-amd64
...
$ make build
...

Windows:

Mac:

**** ~/Projects/****  $ AWS_PROFILE=**** aws sso login
Attempting to automatically open the SSO authorization page in your default browser.
If the browser does not open or you wish to use a different device to authorize this request, open the following URL:

https://device.sso.us-west-2.amazonaws.com/

Then enter the code:

ML****
Successully logged into Start URL: http://****.com/start

**** ~/Projects/****  $ AWS_PROFILE=**** docker-compose pull ****
Pulling **** ... done

I have the update and binaries on my fork of @lachlancooper here:
https://github.com/ejhayes/amazon-ecr-credential-helper/releases/tag/0.5.0-1

[lachlancooper]

I have the update and binaries on my fork of @lachlancooper here:
ejhayes/amazon-ecr-credential-helper@0.5.0-1 (release)

Thanks! I've pulled your commit into my branch.

[samuelkarp]

@lachlancooper Thanks for providing the testing details!

[mkantzer]

Now that this is merged, are there any plans on doing a release with this feature set included?

[eg-firebolt]

+1 Can we get a release? Looks like the last release on this repo was way back in Feb 2021

https://github.com/awslabs/amazon-ecr-credential-helper/releases/tag/v0.5.0