docker-credential-ecr-login breaks OSX network connection forces reboot
andrericardo opened this issue · comments
docker-credential-ecr-login breaks OSX network connection, the only way I found so far to recover is to reboot the laptop.
All hardware network devices disappear eg networksetup -listallhardwareports
no longer works, also have a screenshot below from Network Preferences.
The issue is so weird and hard to believe that made three videos and attached.
$ docker-credential-ecr-login -v
amazon-ecr-credential-helper
Version: 0.6.0
Git commit: 69c85dc22db6511932bbf119e1a0cc5c90c69a7f
$ docker-credential-ecr-login version
0.6.3
$ docker --version
Docker version 20.10.16, build aa7e414
$ cat ~/.docker/config.json
{
"auths": {},
"credHelpers": {
"087665217675.dkr.ecr.eu-west-1.amazonaws.com": "ecr-login"
},
"credsStore": "desktop",
"experimental": "disabled",
"stackOrchestrator": "swarm"
}
$ cat ~/.aws/credentials
[default]
region = eu-west-1
Steps to replicate, setup AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
aws-vault exec unstable-read-only -- env | grep AWS
export AWS_ACCESS_KEY_ID=(the keys from above)
export AWS_SECRET_ACCESS_KEY=
Then run docker-credential-ecr-login list
The command docker-credential-ecr-login get <<< 087665217675.dkr.ecr.eu-west-1.amazonaws.com
also causes this issue.
Is there a cached file somewhere that could be causing this? I've removed and reinstalled docker-credential-ecr-login already.
Any help just on how to kill docker-credential-ecr-login
and/or recover network connection would be useful.
docker-credential-ecr-login-break-network.mov
To prove it was not just one time fluke
docker-credential-ecr-login-break-network-again.mov
Third time with clean ~/.ecr
and logging on ~/.ecr/log/ecr-login.log
docker-credential-ecr-login-break-network-again-with-logs.mov
Alternative to docker-credential-helper-ecr
as per https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html#registry-auth-token
Also used this to confirm the issue is not in aws
, aws-vault
or docker pull
.
First you need aws to work, use
$ aws-vault exec [your profile] -- env | grep AWS_
Pass the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY to
$ aws configure
If using SSO you need to login, your login method probably will be different but for me it is
$ aws sso login --profile [some login profile]
Then login into Docker with the aws credentials
$ aws ecr get-login-password --profile [your profile] --region [region] | docker login -u AWS --password-stdin https://[aws_account_id].dkr.ecr.[region].amazonaws.com/
Login Succeeded
$ docker pull ...
This is really surprising to be honest. The helper shouldn't have this level of power...
@andrericardo Yeah, we had to adopt a similar workaround and did not uncover a root-cause for this. Any chance you've made progress?
I had to upgrade my OSX version ProductVersion: 12.6 BuildVersion: 21G115
and now have trouble getting the list command to show the relevant credHelpers...
$ cat ~/.docker/config.json
{
"auths": {},
"credHelpers": {
"087665217675.dkr.ecr.eu-west-1.amazonaws.com": "ecr-login"
},
"credsStore": "desktop",
"experimental": "disabled",
"stackOrchestrator": "swarm"
}
$ docker-credential-ecr-login list
{}
Brew installed
$ /usr/local/bin/docker-credential-ecr-login list
{}
Docker.app installed one
$ /Applications/Docker.app/Contents/Resources/bin/docker-credential-ecr-login list
{}
Also I've cloned this repository and now can run ecr-login/cli/docker-credential-ecr-login/main.go
in debug mode on VS Code. I don't have prior experience in Go but can breakpoint in some file and paste here the variables if it's any help...
Got the same {}
in debug mode.