You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Trying to set up Concourse at work for my team and push to an ECR repo. This is currently not working as I'm getting an error about an invalid header field for "Authorization".
I have verified that the aws_access_key_id and aws_secret_access_key combination works on my local terminal.
Here's my current resource definition (with the repository name changed).
For clarification, foo in this context is just the repository name, not the full uri. I have however, tried that, and many other combinations with the aws_region set to both us-east-1 and 012345678910.dkr.ecr.us-east-1.amazonaws.com (account number obviously changed, and using the example from the very poorly worded docs entry for aws_region).
Full error message and logs:
selected worker: concourse-worker-0
WARN[0000] ECR integration is experimental and untested
ERRO[0000] failed to authenticate to ECR: RequestError: send request failed
caused by: Post "https://api.ecr.us-east-1.amazonaws.com/": net/http: invalid header field value for "Authorization"
ERRO[0000] cannot authenticate with ECR
I've seen several issues where people have requested using roles attached to ec2 instances, but that keeps getting rejected. I also wonder why not add a field for the account number portion of the ecr repo, or just allow to fully specify the full path since this seems to cause a lot of confusion. I did try to search for other issues about this and found several about ECR in general but few if any seem to ever get resolved. What needs to be done to fix this? I'm half tempted to just write a script to do a docker push instead of relying on the 'put'. But what's the point of using concourse at that point and not just use Jenkins or some other pipeline as code solution?
The text was updated successfully, but these errors were encountered:
Hi @AXington, in repository you need to pass the full path which you can get in ECR(open the image and copy the URI) paste that in your repository and pass the tag seperately for example.
URI : account_nr.dkr.ecr.eu-west-1.amazonaws.com/aws-credentials-resource:0.13.0
The issue actually lied in escaping the URI when it was stored in a Kube secret. We weren't using Vault or another secret manager, just straight kube secrets.
Trying to set up Concourse at work for my team and push to an ECR repo. This is currently not working as I'm getting an error about an invalid header field for "Authorization".
I have verified that the
aws_access_key_id
andaws_secret_access_key
combination works on my local terminal.Here's my current resource definition (with the repository name changed).
For clarification,
foo
in this context is just the repository name, not the full uri. I have however, tried that, and many other combinations with theaws_region
set to bothus-east-1
and012345678910.dkr.ecr.us-east-1.amazonaws.com
(account number obviously changed, and using the example from the very poorly worded docs entry foraws_region
).Full error message and logs:
I've seen several issues where people have requested using roles attached to ec2 instances, but that keeps getting rejected. I also wonder why not add a field for the account number portion of the ecr repo, or just allow to fully specify the full path since this seems to cause a lot of confusion. I did try to search for other issues about this and found several about ECR in general but few if any seem to ever get resolved. What needs to be done to fix this? I'm half tempted to just write a script to do a docker push instead of relying on the 'put'. But what's the point of using concourse at that point and not just use Jenkins or some other pipeline as code solution?
The text was updated successfully, but these errors were encountered: