Support Docker external credential stores

[declension]

Hi

As of Docker 1.11 (via PR 20107), external credentials stores for registries are now supported.

e.g. in ~/.docker/config.json:

{
    "auths": {
        "localhost:5001": {}
    },
    "credsStore": "wincred"
}

However in latest dockerfile-maven-plugin, this seems not to be supported with lots of errors like:
[ERROR] Failed to execute goal com.spotify:dockerfile-maven-plugin:1.3.0:build (default) on project MY-PROJECT: Could not build image: Error: BASE-IMAGE:latest not found

On further inspection is seems unable to support (or in fact understand) the externalised credentials referred to in the config, instead parsing it as empty credentials, and then failing to log in to the private repo.

I guess the first improvement would be to recognise these newer configurations and fail / warn about them not being supported; even better would be to be able to use them, though I imagine this is quite hard.

Thanks!

[mattnworb]

This needs to be supported first in docker-client - see spotify/docker-client#657

[declension]

Thanks @mattnworb

[ben-gineer]

Are there any known workarounds to this? Downgrade docker I guess? I also note that the fabric8io docker-maven-plugin has the same constraint.

[declension]

@ben-gineer depends what you need to do I guess.

I'm not working on that (original) project any more but IIRC I just hacked the config.json to remove that key, and reauth-ed (to a private repo) which forced the CLI to use traditional credentials (i.e. leaving a token there), and voilà.

If you need the credentials store, though... guess that's a problem

[ben-gineer]

My problem is related to using Docker with Amazon ECR. I've installed the https://github.com/mainstreethub/ecr-maven-plugin which generates me a temporary token into a maven property as part of the maven build. Can I configure the dockerfile-maven plugin to use this instead of the default docker credentials resolution behaviour?

[declension]

No, AIUI. The plugin predates the existence of this credentials config

Best bet for now IMHO is to write a script, or plugin maybe, that inserts that token correctly into your config.json before this plugin executes...

[ben-gineer]

OK thanks for your suggestion. I tried injecting the token, but this failed.

I note that this PR adds support for ECR authentication support: spotify/docker-client#876. So perhaps once this has been merged, the dockerfile plugin could be enhanced to support it.

In the meantime I've reverted to the fabric8.io docker plugin which includes native support for ECR. It's not as elegant as the dockerfile-maven plugin, but it at least unblocks my current needs.

[DominiqueComte]

just solved my authentication problem on dockerfile:push by adding a server in my settings.xml file with an id = docker.io

I didn't need to remove the ~/.docker/config.json file and I use useMavenSettingsForAuth=true

[mhermosi]

hi,

Hey @dc55028, could you elaborate more on your workaround please?

[smuryginim]

Hi @dc55028, it will be extremely useful if you can provide some info on how to integrate this plugin with Amazon ECR

[smythie86]

I created a PR on docker-client (spotify/docker-client#945) that was merged and included in docker-client version 8.11.2.
Update to that version of the dependency should resolve this issue.

[declension]

Thanks!

[yueli9]

I have the same issue. I changed the dockerfile-maven version to 1.4.3, which is built on docker-client v8.11.4. Still got error.
[ERROR] Failed to execute goal com.spotify:dockerfile-maven-plugin:1.4.3:push (default) on project spark-sample-service: Could not push image: no basic auth credentials -> [Help 1]

[davemanton]

I'm interested in using this with the aws ecr-login docker credentials helper. At present it doesn't seem to support external cred helpers giving the no basic auth credentials error message.

This would mean not having to find a work around to store an ecr token in a settings file or updating a value in the pom for the password when using jenkins for the build pipeline.