search

aws / aws-extensions-for-dotnet-cli

Extensions to the dotnet CLI to simplify the process of building and publishing .NET Core applications to AWS services
Apache License 2.0
369 stars 87 forks source link

Obtaining ECR token fails with AWS SSO #172

Closed runebaas closed 3 years ago

runebaas commented 3 years ago

Description

I'm currently running into this issue https://github.com/aws/aws-sdk-net/issues/1821

A fix (https://github.com/aws/aws-sdk-net/pull/1850) has been released in SDK version 7.36.1

Reproduction Steps

  1. Locally autheticate with AWS SSO
  2. Create a new Lambda function that uses a container image
    • dotnet new serverless.image.AspNetCoreWebAPI
  3. Try to deploy it using the dotnet lambda deploy-serverless command

Logs

Amazon Lambda Tools for .NET Core applications (5.1.2)
Project Home: https://github.com/aws/aws-extensions-for-dotnet-cli, https://github.com/aws/aws-lambda-dotnet

Warning: Unable to determine region for bucket aws-sam-cli-managed-default-samclisourcebucket-redacted, assuming bucket is in correct region: Value cannot be null.
Parameter name: Options property cannot be empty: ClientName
Processing CloudFormation resource AspNetCoreFunction
Initiate packaging of . for resource AspNetCoreFunction
Building Docker image for redacted\api\.
Creating image tag from project: api
Executing publish command
Deleted previous publish folder
... invoking 'dotnet publish', working folder 'redacted\api\.\./bin/Release/net5.0/linux-x64/publish'
... dotnet publish "redacted\api\." --output "redacted\api\.\./bin/Release/net5.0/linux-x64/publish" --configuration "Release" /p:GenerateRuntimeConfigurationFiles=true --runtime linux-x64 --self-contained false
... publish: Microsoft (R) Build Engine version 16.10.0-preview-21181-07+073022eb4 for .NET
... publish: Copyright (C) Microsoft Corporation. All rights reserved.
... publish:   Determining projects to restore...
... publish:   All projects are up-to-date for restore.
... publish:   You are using a preview version of .NET. See: https://aka.ms/dotnet-core-preview
... publish:   api -> redacted\api\bin\Release\net5.0\linux-x64\api.dll
... publish:   api -> redacted\api\bin\Release\net5.0\linux-x64\publish\
Inspecting Dockerfile to figure how to build project and docker image
Executing docker build
... invoking 'docker build', working folder 'redacted\api\., docker file redacted\api\.\Dockerfile, image name api:latest'
... docker build -f "redacted\api\.\Dockerfile" -t api:latest .
... docker build: #1 [internal] load build definition from Dockerfile
... docker build: #1 sha256:43a9e56586ac90242e7974aecce2b8554699889e6f0cedfe2659fc7312ee4ee1
... docker build: #1 transferring dockerfile: 32B done
... docker build: #1 DONE 0.0s
... docker build: #2 [internal] load .dockerignore
... docker build: #2 sha256:55461c88b1bc168940546268090b021414766a60e4b82d65d8338eba19e58dce
... docker build: #2 transferring context: 2B done
... docker build: #2 DONE 0.0s
... docker build: #3 [internal] load metadata for public.ecr.aws/lambda/dotnet:5.0
... docker build: #3 sha256:4274afd762d97e4babe0b28bef11b464cc69d25cae3320462e6250dc533d1f3a
... docker build: #3 DONE 0.0s
... docker build: #7 [1/3] FROM public.ecr.aws/lambda/dotnet:5.0
... docker build: #7 sha256:efc80f9bf43a6515302ef01239ba931ca91a748d4cf31e3eac2b24aa1fcdc579
... docker build: #7 DONE 0.0s
... docker build: #5 [internal] load build context
... docker build: #5 sha256:daf3e4bbcd8cd524b39f30aef23bf52072eeff4a78d932d0e73f358a0132b71a
... docker build: #5 transferring context: 1.50kB done
... docker build: #5 DONE 0.0s
... docker build: #4 [2/3] WORKDIR /var/task
... docker build: #4 sha256:17cff9c02faa889c8c87be54b34e3b6b36f9fbe069a4b5690b8a684de8720a46
... docker build: #4 CACHED
... docker build: #6 [3/3] COPY bin/Release/net5.0/linux-x64/publish  .
... docker build: #6 sha256:e2732dea1bcde6bdb9a60a67e2b68d9790f926a497634f6f8b3166c46ea32de4
... docker build: #6 CACHED
... docker build: #8 exporting to image
... docker build: #8 sha256:e8c613e07b0b7ff33893b694f7759a10d42e180f2b4dc349fb57dc6b71dcab00
... docker build: #8 exporting layers done
... docker build: #8 writing image sha256:3c5e7e6f4e1f10d7f2a3d6679185a22997290e9a01dd63d225b4d05975582423
... docker build: #8 writing image sha256:3c5e7e6f4e1f10d7f2a3d6679185a22997290e9a01dd63d225b4d05975582423 0.0s done
... docker build: #8 naming to docker.io/library/api:latest done
... docker build: #8 DONE 0.0s
Fetching ECR authorization token to use to login with the docker CLI
Error logging on with the docker CLI: Value cannot be null.
Parameter name: Options property cannot be empty: ClientName

Environment

Resolution

Upgrading the .NET SDK to 7.36.1 or newer should fix this issue (haven't tried/tested it)

This is a :bug: bug-report

ashishdhingra commented 3 years ago
  1. Enabled AWS SSO in a region (with permission sets, new user, etc.).
  2. Used guide at https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html to configure SSO profile.
  3. Used customer repro steps with --profile parameter. Reproducible using Amazon.Lambda.Tools version 5.1.2.

Looks like we need to update .NET CLI tools with latest version of AWSSDK.Core dependency containing SSO fix.

ashishdhingra commented 3 years ago

The following packages have been released which reference of AWSSDK.Core 3.7.0.27 and AWSSDK.SecurityToken 3.7.1.15:

Using latest version, these do not give the error Error logging on with the docker CLI: Value cannot be null. and Parameter name: Options property cannot be empty: ClientName.

runebaas commented 3 years ago

Thank you very much, the error is indeed gone 🎉

However, another error has showed up Error logging on with the docker CLI: Assembly AWSSDK.SSOOIDC could not be found or loaded. This assembly must be available at runtime to use Amazon.Runtime.SSOAWSCredentials, AWSSDK.Core, Version=3.3.0.0, Culture=neutral, PublicKeyToken=.......

ashishdhingra commented 3 years ago

Thank you very much, the error is indeed gone 🎉

However, another error has showed up Error logging on with the docker CLI: Assembly AWSSDK.SSOOIDC could not be found or loaded. This assembly must be available at runtime to use Amazon.Runtime.SSOAWSCredentials, AWSSDK.Core, Version=3.3.0.0, Culture=neutral, PublicKeyToken=.......

Hi @runebaas,

The following packages have been released to fix the issue:

The command dotnet lambda deploy-serverless --profile <<sso-profile-name>> now works successfully. Please update to the latest version of Lambda tools using command dotnet tool update -g Amazon.Lambda.Tools to verify the fix and confirm if this issue could be closed.

Thanks, Ashish

runebaas commented 3 years ago

Hi @ashishdhingra

Everything is working as expected and i was able to deploy successfully this time. Thank you very much for the fix!

github-actions[bot] commented 3 years ago

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.