使用BOTO3客户端更新ECR权限时出错
我们正在尝试使用BOTO3 SDK更新ECR存储库的许可。
import json
import boto3
access_key = "*******"
secret_access = "*******"
ecr_repo_name = 'repo-name'
client = boto3.client('ecr', region_name="eu-west-1",
aws_access_key_id=access_key,
aws_secret_access_key=secret_access)
single_template = {
"Version": "2008-10-17",
"Statement": [
{
"Sid": "ECR_cross_account_access",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<account_id>:root"
},
"Action": [
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:CompleteLayerUpload",
"ecr:GetDownloadUrlForLayer",
"ecr:InitiateLayerUpload",
"ecr:PutImage",
"ecr:UploadLayerPart"
]
}
]
}
response = client.put_registry_policy(policyText=json.dumps(single_template))
print(response)
我们遇到以下错误。
Traceback (most recent call last):
File "miscs/update_ecr_policy.py", line 89, in <module>
response = client.put_registry_policy(policyText=json.dumps(single_template))
File "/home/nandha/projects/venv3/lib/python3.7/site-packages/botocore/client.py", line 401, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/home/nandha/projects/venv3/lib/python3.7/site-packages/botocore/client.py", line 731, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.errorfactory.InvalidParameterException: An error occurred (InvalidParameterException) when calling the PutRegistryPolicy operation: Invalid parameter at 'PolicyText' failed to satisfy constraint: 'Invalid registry policy provided'
当我们使用AWS CLI命令提供相同的策略时,我们能够成功更新策略。
AWS ECR Set-Repository-Policy - Repository-name Repo_name-Policy-Text File://policy.json
当我们使用Boto3 SDK更新以及如何修复它们时,该问题是什么问题?
We are trying to update the permission of an ECR repository using boto3 sdk.
import json
import boto3
access_key = "*******"
secret_access = "*******"
ecr_repo_name = 'repo-name'
client = boto3.client('ecr', region_name="eu-west-1",
aws_access_key_id=access_key,
aws_secret_access_key=secret_access)
single_template = {
"Version": "2008-10-17",
"Statement": [
{
"Sid": "ECR_cross_account_access",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<account_id>:root"
},
"Action": [
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:CompleteLayerUpload",
"ecr:GetDownloadUrlForLayer",
"ecr:InitiateLayerUpload",
"ecr:PutImage",
"ecr:UploadLayerPart"
]
}
]
}
response = client.put_registry_policy(policyText=json.dumps(single_template))
print(response)
We are getting the following error.
Traceback (most recent call last):
File "miscs/update_ecr_policy.py", line 89, in <module>
response = client.put_registry_policy(policyText=json.dumps(single_template))
File "/home/nandha/projects/venv3/lib/python3.7/site-packages/botocore/client.py", line 401, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/home/nandha/projects/venv3/lib/python3.7/site-packages/botocore/client.py", line 731, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.errorfactory.InvalidParameterException: An error occurred (InvalidParameterException) when calling the PutRegistryPolicy operation: Invalid parameter at 'PolicyText' failed to satisfy constraint: 'Invalid registry policy provided'
When we give the same policy using aws cli command, we are able to update the policy successfully.
aws ecr set-repository-policy --repository-name repo_name --policy-text file://policy.json
What is the issue when we update using boto3 sdk and how to fix them?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我应该使用
set_repository_policy来设置存储库策略。I should have used
set_repository_policyfunction for setting repository policy.