From 65066f8e13a6c03ed9dbd5c3ef2ce6c0ec106ec7 Mon Sep 17 00:00:00 2001 From: Erikson Tung Date: Mon, 19 Dec 2022 15:49:24 -0800 Subject: [PATCH] host-ctr: use user-provided reg creds for 'public.ecr.aws' If users provide their own registry credential for 'public.ecr.aws' then use that credential instead of the fetched credentials from ECR public. --- sources/host-ctr/cmd/host-ctr/main.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sources/host-ctr/cmd/host-ctr/main.go b/sources/host-ctr/cmd/host-ctr/main.go index 1c2b79c3aa0..b0cffb555df 100644 --- a/sources/host-ctr/cmd/host-ctr/main.go +++ b/sources/host-ctr/cmd/host-ctr/main.go @@ -1036,6 +1036,11 @@ func withDynamicResolver(ctx context.Context, ref string, registryConfig *Regist } // For Amazon ECR Public registries, we should try and fetch credentials before resolving the image reference case strings.HasPrefix(ref, "public.ecr.aws/"): + // ... not if the user has specified their own registry credentials for 'public.ecr.aws'; In that case we use the default resolver. + if _, found := registryConfig.Credentials["public.ecr.aws"]; found { + return defaultResolver + } + // Try to get credentials for authenticated pulls from ECR Public session := session.Must(session.NewSession()) // The ECR Public API is only available in us-east-1 today