Open chaychoong opened 2 months ago
austinvazquez
commented
2 months ago Hi @chaychoong, thanks for reporting the issue and including so much detail. Initial triage leads me to believe this is a software bug introduced with the AWS Go SDK the credential helper uses for parsing the AWS CLI configuration. Can you share the Amazon ECR credential helper version you used when you experienced the issue?
austinvazquez
commented
2 months ago Docker is configured to fetch credentials via Amazon ECR credential helper. Users can configure credential helper via AWS CLI configuration to fetch credentials via an external process. The credential helper uses the AWS SDK Go V2 for parsing the AWS CLI configuration and providing credentials.
Docker -> Amazon ECR Credential Helper -> External Process (via .aws/config)
The issue occurs when the external process is quoted for encapsulating a file path or parameter with spaces: From AWS CLI v2 user guide:
- If the path or file name contains a space, surround the complete path and file name with double-quotation marks (" "). The path and file name can consist of only the characters: A-Z a-z 0-9 - _ . space
- If a parameter name or a parameter value contains a space, surround that element with double-quotation marks (" "). Surround only the name or value, not the pair.
According to the documentation here, I should be able to do the following
However, when I am using the following, it does not work:
Using Process Monitor, we can see that the arguments are not being passed into the process. To reproduce this, set up the following dummy
~/.aws/config:Open up Process Monitor, filter by
Process Name contains aws_signing_helperandOperation contains Process Start, then rundocker pull, you should see the following:Modify the
~/.aws/configto contain this:Make sure
aws_signing_helperis inPATH, of course. Rundocker pullagain and you should see the followingRelevant info:
aws_signing_helperversion:1.1.1