我正面临使用docker-java客户端从Amazon ECR中提取图片的问题。 ECR注册表登录的身份验证成功,但无法从存储库中提取特定图像。奇怪的是,使用bash登录ECR并使用docker工作拉动图像。
我正在使用3.0版本的java-docker库(https://github.com/docker-java/docker-java/)。有关如何调试或解决此问题的任何帮助都将非常有用。
// ECR client
AmazonECRClient ecrClient = new AmazonECRClient(awsCredentialsProvider);
GetAuthorizationTokenRequest getAuthTokenRequest = new GetAuthorizationTokenRequest();
List<String> registryIds = new ArrayList<String>();
registryIds.add("accountid");
getAuthTokenRequest.setRegistryIds(registryIds);
// Get Authorization Token
GetAuthorizationTokenResult getAuthTokenResult = ecrClient.getAuthorizationToken(getAuthTokenRequest);
AuthorizationData authData = getAuthTokenResult.getAuthorizationData().get(0);
String userPassword = StringUtils.newStringUtf8(Base64.decodeBase64(authData.getAuthorizationToken()));
String user = userPassword.substring(0, userPassword.indexOf(":"));
String password = userPassword.substring(userPassword.indexOf(":")+1);
DockerClientConfigBuilder config = new DockerClientConfigBuilder();
config.withDockerHost("unix:///var/run/docker.sock");
config.withDockerTlsVerify(false);
config.withRegistryUsername(user);
config.withRegistryPassword(password);
config.withRegistryUrl(authData.getProxyEndpoint());
config.build();
DockerCmdExecFactory dockerCmdExecFactory = new DockerCmdExecFactoryImpl();
//Docker client
DockerClient dockerClient = DockerClientBuilder.getInstance(config)
.withDockerCmdExecFactory(dockerCmdExecFactory)
.build();
// Response
AuthResponse response = dockerClient.authCmd().exec();
System.out.println(response.getStatus());
// Pull image
PullImageCmd pullImageCmd = dockerClient.pullImageCmd(respositoryname);
pullImageCmd
.exec(new PullImageResultCallback())
.awaitSuccess();
标准输出是:
Login Succeeded
Exception in thread "main" com.github.dockerjava.api.exception.DockerClientException: Could not pull image: unauthorized: authentication required
答案 0 :(得分:1)
您需要将客户端的AuthConfig
传递给pull命令。
PullImageCmd pullImageCmd = dockerClient
.pullImageCmd(respositoryname)
.withAuthConfig(dockerClient.authConfig());
答案 1 :(得分:0)
对我来说,问题是authData.getEndpointProxy()返回了一个带有“ https://”的URL,但拉取图像cmd仅在没有该前缀的情况下可以使用,因此我必须将其删除。