使用 AWS Systems Manager Parameter Store 构建 ASP.NET Core 2.2 Docker 映像

Question

设置

• 视窗 10
• Visual Studio 专业版 2017
• Docker CE v 2.0.0.3
• ASP.NET 核心 2.2
• PowerShell v6.1.0

我正在使用 AWS Systems Manager Parameter Store 来保存我的 ASP.NET 应用程序的加密连接字符串。

我找到了这个扩展来在我的应用程序中配置 Parameter Store，如下所示：

程序.cs

public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
    WebHost.CreateDefaultBuilder(args)
        .UseStartup<Startup>()
        .ConfigureAppConfiguration(builder =>
        {
            builder.AddSystemsManager(configureSource =>
            {
                var env = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT").ToLower();
                configureSource.Path = $"/my-app-name/{env}";

                configureSource.Optional = false;
            });
        });

当我在 Visual Studio 中构建、运行或测试应用程序时，这一切正常，因为我有一个appsettings.json文件，用于配置 .NET SDK 的 aws 配置文件

"AWS": {
    "Profile": "default",
    "Region": "eu-west-1"
}

但是，我现在想在本地构建映像。 我看过这篇StackOverflow 帖子，它描述了将 AWS 凭证作为参数传递给docker build命令

我的Dockerfile看起来像这样（为简洁起见，我删除了运行时阶段）：

FROM microsoft/dotnet:2.2.100-sdk AS build
ENV ASPNETCORE_ENVIRONMENT=Development
ARG AWS_DEFAULT_REGION
ARG AWS_ACCESS_KEY_ID
ARG AWS_SECRET_ACCESS_KEY
WORKDIR /src
COPY . .
RUN dotnet restore --configfile NuGet.config
RUN dotnet build MyApp.sln --no-restore -c Release -o /app

FROM build as unittest
WORKDIR /src/tests/MyApp.UnitTests
RUN dotnet test

FROM build as integrationtest
WORKDIR /src/tests/MyApp.IntegrationTests
RUN dotnet test

当我运行我的构建命令时：

docker build -t my-org/my-app:1.0.0-integrationtest `
    --build-arg AWS_DEFAULT_REGION="eu-west-1" `
    --build-arg AWS_ACCESS_KEY_ID="my-access-key" `
    --build-arg AWS_SECRET_ACCESS_KEY="my-secret-key" `
    --target integrationtest .

问题

我的集成测试失败，因为我的应用程序无法连接到 AWS Parameter Store

仅供参考 - 我已将连接字符串作为环境变量添加到我的 Dockerfile 中，并且一切正常（所以我知道前面的陈述是正确的）

所以问题是：当我在 docker 容器内本地构建时，如何将 AWS 凭证传递给我的 .net 核心应用程序？

如果有帮助，这是来自 PowerShell 的错误：

System.AggregateException : One or more errors occurred. (Connection refused) (The following constructor parameters did not have matching fixture data: APITestsFixture`1 fixture)
---- System.Net.Http.HttpRequestException : Connection refused
-------- System.Net.Sockets.SocketException : Connection refused
---- The following constructor parameters did not have matching fixture data: APITestsFixture`1 fixture
Stack Trace:

----- Inner Stack Trace #1 (System.Net.Http.HttpRequestException) -----
   at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Net.Http.HttpConnectionPool.CreateConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Net.Http.HttpConnectionPool.WaitForCreatedConnectionAsync(ValueTask`1 creationTask)
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at System.Net.Http.HttpClient.GetStringAsyncCore(Task`1 getTask)
   at Amazon.Runtime.Internal.Util.AsyncHelpers.<>c__DisplayClass1_1`1.<<RunSync>b__0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at Amazon.Runtime.Internal.Util.AsyncHelpers.ExclusiveSynchronizationContext.BeginMessageLoop() in D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Core\Amazon.Runtime\Internal\Util\_mobile\AsyncHelpers.cs:line 142
   at Amazon.Runtime.Internal.Util.AsyncHelpers.RunSync[T](Func`1 task) in D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Core\Amazon.Runtime\Internal\Util\_mobile\AsyncHelpers.cs:line 87
   at Amazon.Util.AWSSDKUtils.DownloadStringContent(Uri uri, TimeSpan timeout, IWebProxy proxy) in D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Core\Amazon.Util\AWSSDKUtils.cs:line 1008
   at Amazon.Util.EC2InstanceMetadata.GetItems(String relativeOrAbsolutePath, Int32 tries, Boolean slurp) in D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Core\Amazon.Util\_bcl+netstandard\EC2InstanceMetadata.cs:line 513
   at Amazon.Util.EC2InstanceMetadata.get_IAMSecurityCredentials() in D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Core\Amazon.Util\_bcl+netstandard\EC2InstanceMetadata.cs:line 311
   at Amazon.Runtime.DefaultInstanceProfileAWSCredentials.FetchCredentials() in D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Core\Amazon.Runtime\Credentials\_bcl+netstandard\DefaultInstanceProfileAWSCredentials.cs:line 142
   at Amazon.Runtime.DefaultInstanceProfileAWSCredentials.GetCredentials() in D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Core\Amazon.Runtime\Credentials\_bcl+netstandard\DefaultInstanceProfileAWSCredentials.cs:line 88
   at Amazon.Runtime.DefaultInstanceProfileAWSCredentials.GetCredentialsAsync() in D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Core\Amazon.Runtime\Credentials\_bcl+netstandard\DefaultInstanceProfileAWSCredentials.cs:line 106
   at Amazon.Runtime.Internal.CredentialsRetriever.InvokeAsync[T](IExecutionContext executionContext) in D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Core\Amazon.Runtime\Pipeline\Handlers\CredentialsRetriever.cs:line 90
   at Amazon.Runtime.Internal.RetryHandler.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.RetryHandler.InvokeAsync[T](IExecutionContext executionContext) in D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Core\Amazon.Runtime\Pipeline\RetryHandler\RetryHandler.cs:line 137
   at Amazon.Runtime.Internal.CallbackHandler.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.CallbackHandler.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.ErrorCallbackHandler.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.MetricsHandler.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Extensions.Configuration.SystemsManager.Internal.SystemsManagerProcessor.GetParametersByPathAsync()
   at Amazon.Extensions.Configuration.SystemsManager.Internal.SystemsManagerProcessor.GetDataAsync()
   at Amazon.Extensions.Configuration.SystemsManager.SystemsManagerConfigurationProvider.LoadAsync(Boolean reload)
   at Amazon.Extensions.Configuration.SystemsManager.SystemsManagerConfigurationProvider.Load()
   at Microsoft.Extensions.Configuration.ConfigurationRoot..ctor(IList`1 providers)
   at Microsoft.Extensions.Configuration.ConfigurationBuilder.Build()
   at Microsoft.AspNetCore.Hosting.WebHostBuilder.BuildCommonServices(AggregateException& hostingStartupErrors)
   at Microsoft.AspNetCore.Hosting.WebHostBuilder.Build()
   at Microsoft.AspNetCore.TestHost.TestServer..ctor(IWebHostBuilder builder, IFeatureCollection featureCollection)
   at Microsoft.AspNetCore.Mvc.Testing.WebApplicationFactory`1.CreateServer(IWebHostBuilder builder)
   at Microsoft.AspNetCore.Mvc.Testing.WebApplicationFactory`1.EnsureServer()
   at Microsoft.AspNetCore.Mvc.Testing.WebApplicationFactory`1.CreateDefaultClient(DelegatingHandler[] handlers)
   at Microsoft.AspNetCore.Mvc.Testing.WebApplicationFactory`1.CreateClient(WebApplicationFactoryClientOptions options)
   at MyApp.IntegrationTests.TestsFixture`1..ctor() in /src/tests/MyApp.IntegrationTests/TestsFixture.cs:line 20
----- Inner Stack Trace -----
   at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
----- Inner Stack Trace #2 (Xunit.Sdk.TestClassException) -----

Answer 1

您可以在 ARGS 后向 docker 文件添加额外的 ENV 行

ENV AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
ENV AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
ENV AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION}