search

awslabs / amazon-ecr-credential-helper

Automatically gets credentials for Amazon ECR on docker push/docker pull
Apache License 2.0
2.47k stars 337 forks source link

Missing trailing newline results in: `invalid state with ASTKind and TokenType none` #317

Open omus opened 2 years ago

omus commented 2 years ago

I've noticed the following error when using amazon-ecr-credential-helper:

❯ docker pull ...
panic: failed to load shared config file, /Users/cvogt/.aws/config, invalid state with ASTKind  and TokenType none

goroutine 1 [running]:
github.com/awslabs/amazon-ecr-credential-helper/ecr-login/api.DefaultClientFactory.NewClientFromRegion({}, {0x1400012b05d, 0x9})
    /private/tmp/docker-credential-helper-ecr-20220115-84616-mklz1o/src/github.com/awslabs/amazon-ecr-credential-helper/ecr-login/api/factory.go:84 +0x178
github.com/awslabs/amazon-ecr-credential-helper/ecr-login.ECRHelper.Get({{0x104bb29b8, 0x104deb288}}, {0x140001344b0, 0x2c})
    /private/tmp/docker-credential-helper-ecr-20220115-84616-mklz1o/src/github.com/awslabs/amazon-ecr-credential-helper/ecr-login/ecr.go:63 +0x2f0
github.com/docker/docker-credential-helpers/credentials.Get({0x104bb11f0, 0x14000111160}, {0x104ba9240, 0x1400012c000}, {0x104ba9260, 0x1400012c008})
    /private/tmp/docker-credential-helper-ecr-20220115-84616-mklz1o/pkg/mod/github.com/docker/docker-credential-helpers@v0.6.3/credentials/credentials.go:130 +0x208
github.com/docker/docker-credential-helpers/credentials.HandleCommand({0x104bb11f0, 0x14000111160}, {0x16b61ed04, 0x3}, {0x104ba9240, 0x1400012c000}, {0x104ba9260, 0x1400012c008})
    /private/tmp/docker-credential-helper-ecr-20220115-84616-mklz1o/pkg/mod/github.com/docker/docker-credential-helpers@v0.6.3/credentials/credentials.go:73 +0x84
github.com/docker/docker-credential-helpers/credentials.Serve({0x104bb11f0, 0x14000111160})
    /private/tmp/docker-credential-helper-ecr-20220115-84616-mklz1o/pkg/mod/github.com/docker/docker-credential-helpers@v0.6.3/credentials/credentials.go:58 +0x124
main.main()
    /private/tmp/docker-credential-helper-ecr-20220115-84616-mklz1o/src/github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login/main.go:45 +0x1f0
Error response from daemon: Head "https://...": no basic auth credentials

After some investigating I discovered that the cause of the issue is having my ~/.aws/config file including a null assignment as the last line of my config:

...
cli_pager =

The AWS CLI does not have any issues processing my configuration file.

The issue can be worked around by adding a trailing newline to the configuration file or by having the last configuration value be a line which isn't a null assignment.

kzys commented 2 years ago

The error is coming from https://github.com/aws/aws-sdk-go-v2/blob/b7ee4d682d420063191dfa74be8daca379d092fe/config/shared_config.go#L1089 and the panic is from the below.

https://github.com/awslabs/amazon-ecr-credential-helper/blob/d0e3d704ec3e59ac509acfc92fd2f5ecf39b11b7/ecr-login/api/factory.go#L84

The helper shouldn't panic. But we need to fix AWS Go SDK to close the gap vs. AWS CLI.