使用docker-java从Amazon ECR中提取图像

时间:2016-10-18 04:29:43

标签: java amazon-web-services docker docker-java

我正面临使用docker-java客户端从Amazon ECR中提取图片的问题。 ECR注册表登录的身份验证成功,但无法从存储库中提取特定图像。奇怪的是,使用bash登录ECR并使用docker工作拉动图像。

我正在使用3.0版本的java-docker库(https://github.com/docker-java/docker-java/)。有关如何调试或解决此问题的任何帮助都将非常有用。

    // ECR client
    AmazonECRClient ecrClient = new AmazonECRClient(awsCredentialsProvider);
    GetAuthorizationTokenRequest getAuthTokenRequest = new GetAuthorizationTokenRequest();
    List<String> registryIds = new ArrayList<String>();
    registryIds.add("accountid");
    getAuthTokenRequest.setRegistryIds(registryIds);

    // Get Authorization Token
    GetAuthorizationTokenResult getAuthTokenResult = ecrClient.getAuthorizationToken(getAuthTokenRequest);
    AuthorizationData authData = getAuthTokenResult.getAuthorizationData().get(0);
    String userPassword = StringUtils.newStringUtf8(Base64.decodeBase64(authData.getAuthorizationToken()));
    String user = userPassword.substring(0, userPassword.indexOf(":"));
    String password = userPassword.substring(userPassword.indexOf(":")+1);

    DockerClientConfigBuilder config = new DockerClientConfigBuilder();
    config.withDockerHost("unix:///var/run/docker.sock");
    config.withDockerTlsVerify(false);
    config.withRegistryUsername(user);
    config.withRegistryPassword(password);
    config.withRegistryUrl(authData.getProxyEndpoint());
    config.build();

    DockerCmdExecFactory dockerCmdExecFactory = new DockerCmdExecFactoryImpl();
    //Docker client
    DockerClient dockerClient = DockerClientBuilder.getInstance(config)
        .withDockerCmdExecFactory(dockerCmdExecFactory)
    .build();

    // Response
    AuthResponse response = dockerClient.authCmd().exec();
    System.out.println(response.getStatus()); 

    // Pull image
    PullImageCmd pullImageCmd = dockerClient.pullImageCmd(respositoryname);
    pullImageCmd
        .exec(new PullImageResultCallback())
        .awaitSuccess(); 

标准输出是:

    Login Succeeded
    Exception in thread "main" com.github.dockerjava.api.exception.DockerClientException: Could not pull image: unauthorized: authentication required

2 个答案:

答案 0 :(得分:1)

您需要将客户端的AuthConfig传递给pull命令。

PullImageCmd pullImageCmd = dockerClient
    .pullImageCmd(respositoryname)
    .withAuthConfig(dockerClient.authConfig());

答案 1 :(得分:0)

对我来说,问题是authData.getEndpointProxy()返回了一个带有“ https://”的URL,但拉取图像cmd仅在没有该前缀的情况下可以使用,因此我必须将其删除。