Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

incorrect warning when logging into ECR #4058

Closed
nicks opened this issue Feb 28, 2023 · 3 comments
Closed

incorrect warning when logging into ECR #4058

nicks opened this issue Feb 28, 2023 · 3 comments

Comments

@nicks
Copy link
Contributor

nicks commented Feb 28, 2023

Description

I log into my ECR registry like this:

aws ecr get-login-password --region us-east-1
docker login --username AWS --password-stdin [my-account-id].dkr.ecr.us-east-1.amazonaws.com
Login Succeeded

This is the recommended way to log into ECR.
https://docs.aws.amazon.com/AmazonECR/latest/userguide/getting-started-cli.html

The Docker CLI gives me a warning about this:

Logging in with your password grants your terminal complete access to your account. 
For better security, log in with a limited-privilege personal access token. Learn more at https://docs.docker.com/go/access-tokens/

This warning isn't correct. I'm not logging into hub, docker hub PATs are irrelevant here.

Reproduce

docker login --username AWS --password-stdin [my-account-id].dkr.ecr.us-east-1.amazonaws.com

Expected behavior

No warning

docker version

Client: Docker Engine - Community
 Cloud integration: v1.0.31
 Version:           23.0.1
 API version:       1.42
 Go version:        go1.19.5
 Git commit:        a5ee5b1
 Built:             Thu Feb  9 19:47:01 2023
 OS/Arch:           linux/amd64
 Context:           desktop-linux

Server: Docker Desktop 4.17.0 (99144)
 Engine:
  Version:          22.06.0-beta.0-926-g914b02ebaf.m
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.18.4
  Git commit:       914b02ebaf
  Built:            Thu Feb  9 12:30:57 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.18
  GitCommit:        2456e983eb9e37e47538f59ea18f2043c9a73640
 runc:
  Version:          1.1.4
  GitCommit:        v1.1.4-0-g5fd4c4d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client:
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.10.3
    Path:     /usr/lib/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.15.1
    Path:     /usr/lib/docker/cli-plugins/docker-compose
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.0
    Path:     /usr/lib/docker/cli-plugins/docker-dev
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.18
    Path:     /usr/lib/docker/cli-plugins/docker-extension
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /usr/lib/docker/cli-plugins/docker-sbom
  scan: Docker Scan (Docker Inc.)
    Version:  v0.25.0
    Path:     /usr/lib/docker/cli-plugins/docker-scan
  scout: Command line tool for Docker Scout (Docker Inc.)
    Version:  v0.6.0
    Path:     /usr/lib/docker/cli-plugins/docker-scout
WARNING: Plugin "/usr/lib/docker/cli-plugins/docker-compose.14.backup" is not valid: plugin candidate "compose.14.backup" did not match "^[a-z][a-z0-9]*$"

Server:
 Containers: 12
  Running: 11
  Paused: 0
  Stopped: 1
 Images: 50
 Server Version: 22.06.0-beta.0-926-g914b02ebaf.m
 Storage Driver: stargz
  driver-type: io.containerd.snapshotter.v1
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 2456e983eb9e37e47538f59ea18f2043c9a73640
 runc version: v1.1.4-0-g5fd4c4d
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 5.15.49-linuxkit
 Operating System: Docker Desktop
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 3.658GiB
 Name: docker-desktop
 ID: a92cef06-564f-4766-91bd-bc9e839af9fa
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Registry: https://index.docker.io/v1/
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5000
  127.0.0.0/8
 Live Restore Enabled: false

Additional Info

Note that the warning is here:
https://github.com/docker/compose-cli/blob/f09336e5196183de06f359e5598c3f2d7f704809/cli/mobycli/pat_suggest.go

happy to move this bug to that repo. i filed it here because i presume most users don't know/care about the internal cli repo topology.

@thaJeztah
Copy link
Member

Yes, this looks to be an issue in the compose-cli wrapper. Looks like I don't have permissions there to move it though 😅

Let me close the ticket here for now; can you open a new ticket there?

@thaJeztah thaJeztah closed this as not planned Won't fix, can't repro, duplicate, stale Mar 7, 2023
@SteveLobdell
Copy link

Is this bug being tracked somewhere else? If so, can we get a link?

@nicks
Copy link
Contributor Author

nicks commented Jul 27, 2023

filed as docker-archive/compose-cli#2260

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants