search

runfinch / finch

The Finch CLI is an open source client for container development
https://www.runfinch.com
Apache License 2.0
3.47k stars 87 forks source link

Change ~/.finch/config.json to support compatibility with CDK `DockerImageAsset` #868

Open bestickley opened 3 months ago

bestickley commented 3 months ago

What is the problem you're trying to solve?. I want to use amazon-ecr-credential-helper and CDK DockerImageAsset with the default finch configuration when setting in ~/.finch/finch.yml:

...
creds_helpers:
    - ecr-login
...

The issue is that this is the default ~/.finch/config.json

{
  "auths": null,
  "credsStore": "ecr-login",
  "credHelpers": {
    "\u003caws_account_id\u003e.dkr.ecr.\u003cregion\u003e.amazonaws.com": "ecr-login",
    "public.ecr.aws": "ecr-login"
  }
}

which results in:

lh-stickb-ui:  fail: finch login --username AWS --password-stdin https://905418358903.dkr.ecr.us-east-1.amazonaws.com exited with error code 1: time="2024-03-22T14:51:19-04:00" level=fatal msg="error saving credentials: error storing credentials - err: exit status 1, out: `not implemented`"
time="2024-03-22T14:51:19-04:00" level=fatal msg="exit status 1"

 ✅  lh-stickb/waf (lh-stickb-waf)

✨  Deployment time: 16.95s

Outputs:
lhstickbwaf0E039344.ExportsOutputFnGetAttWebAclWebACL3192DCA0ArnBB7121F8 = arn:aws:wafv2:us-east-1:905418358903:global/webacl/WebAclWebACL3192DCA0-mrmywPfb2gdP/eda881af-134e-42d3-9e4d-a25cee84b343
Stack ARN:
arn:aws:cloudformation:us-east-1:905418358903:stack/lh-stickb-waf/2a42f010-e87d-11ee-8269-12325472a021

✨  Total time: 25.51s

 ❌ Deployment failed: Error: Failed to build asset 486609821cfe629a0d8dab810602b058c1bf37243dae58bada1c58c478602831:905418358903-us-east-1
    at Deployments.buildSingleAsset (/Users/stickb/Code/dos/lighthouse/node_modules/.pnpm/aws-cdk@2.126.0/node_modules/aws-cdk/lib/index.js:431:11312)
    at async Object.buildAsset (/Users/stickb/Code/dos/lighthouse/node_modules/.pnpm/aws-cdk@2.126.0/node_modules/aws-cdk/lib/index.js:431:194378)
    at async /Users/stickb/Code/dos/lighthouse/node_modules/.pnpm/aws-cdk@2.126.0/node_modules/aws-cdk/lib/index.js:431:178767

Failed to build asset 486609821cfe629a0d8dab810602b058c1bf37243dae58bada1c58c478602831:905418358903-us-east-1
 ELIFECYCLE  Command failed with exit code 1.

The root issue seems to be "credsStore": "ecr-login",. When I remove it, CDK can deploy no problem and my ~/.finch/config.json then looks like:

{
    "auths": {
        "905418358903.dkr.ecr.us-east-1.amazonaws.com": {
            "auth": "QVdTOmV5SndZWGxzYjJGa0lqb2ljSGQ0VDNwS1dWWk5lRk4..."
        }
    },
    "credHelpers": {
        "\u003caws_account_id\u003e.dkr.ecr.\u003cregion\u003e.amazonaws.com": "ecr-login",
        "public.ecr.aws": "ecr-login"
    }
}

Describe the feature you'd like Fix finch configuration to be compatible with CDK DockerImageAsset

Additional context Add any other context or screenshots about the feature request here.

bestickley commented 3 months ago

Actually, removing "credsStore": "ecr-login", breaks finch pull using AWS Creds based on your profile. But then that breaks CDK. So I'm not sure how to create a solution that solves both cases :(

Is there any way for finch pull to use AWS creds but to also allow commands like finch login --username AWS --password-stdin https://905418358903.dkr.ecr.us-east-1.amazonaws.com to work?

This issues seems related: https://github.com/awslabs/amazon-ecr-credential-helper/issues/102