Closed 5stars217 closed 1 year ago
Hi!
I noticed some code changes a few hours ago related to AWS Authentication, I tested what is here, by pulling the new version of the code and reconfiguring my config.yml
files.
Where 34.215.117.212
is the address of the teamserver that a container image is being requested (cobaltstrike, using the container mappings example.yml updated with the appropriate image location).
skipping: [35.89.8.160]
included: /opt/new-terry-the-terraformer/terry-the-terraformer/playbooks/core/login-to-container-registry.yml for 34.215.117.212
TASK [Install the AWS CLI] *****************************************************
skipping: [34.215.117.212]
TASK [Prepare the container registry URL for parsing] **************************
skipping: [34.215.117.212]
TASK [Extract the AWS Account ID and Region from ECR URL] **********************
skipping: [34.215.117.212]
TASK [Authenticate to the container registry (aws strategy)] *******************
skipping: [34.215.117.212]
TASK [Authenticate to the container registry (default strategy)] ***************
fatal: [34.215.117.212]: FAILED! => {"changed": false, "msg": "Logging into 123456dkr.ecr.us-west-2.amazonaws.com for user AKIA.... failed - 500 Server Error for http+docker://localhost/v1.41/auth: Internal Server Error (\"login attempt to https://123456.dkr.ecr.us-west-2.amazonaws.com/v2/ failed with status: 401 Unauthorized\")"}
My config.yml
looks like this for AWS", which matches your new, updated descriptions: - thank you for those.
Something is still not right, but I am unable to troubleshoot why the login steps are skipped for a host where it is required.
container_registry: 123456.dkr.ecr.us-west-2.amazonaws.com
container_registry_username: AKIA....
container_registry_password: blah....
container_registry_strategy: aws # If using AWS ECR, specify "aws"
Hey! Totally missed the first issue, but I am still in development of support for AWS ECR. I have found a few bugs that still need working out
It looks like the bug you are seeing is exactly the bug I need to fix. Terry will not cascade the value in the config that you have set as aws
to the runtime. I will look into this tonight unless you want to make a PR
Hi,
Thank you for creating this project, I am enjoying it so far. I am having some difficulty configuring terry to login to my private AWS ECR. I had things working with public docker beforehand.
My repository URI is
repositoryUri": "123456.dkr.ecr.us-west-2.amazonaws.com/
aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin 123456.dkr.ecr.us-west-2.amazonaws.com
results in a successful login in local testing, and i've pushed containers with this method.my config.yml looks as such: (harcoding in the file while i troubleshooot)
output from terry on run:
I see that it's a 400 bad request, and probably an issue with my config.yml - but I can't figure out what syntax it's looking for, if I've done something wrong.
I"ll make a PR to improve the config-example.yml once I know what I'm doing wrong.