Merge pull request #710 from vishal-chdhry/fips-support-aws-auth

feat: add support for fips endpoints in aws auth parse registry
fluxcd · Dec 20, 2023 · 1876c5e · 1876c5e
2 parents d22f98a + cfcfe2f
commit 1876c5e
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 1 deletion.
diff --git a/oci/auth/aws/auth.go b/oci/auth/aws/auth.go
@@ -34,7 +34,7 @@ import (
 	"github.com/fluxcd/pkg/oci"
 )
 
-var registryPartRe = regexp.MustCompile(`([0-9+]*).dkr.ecr.([^/.]*)\.(amazonaws\.com[.cn]*)`)
+var registryPartRe = regexp.MustCompile(`([0-9+]*).dkr.ecr(?:-fips)?\.([^/.]*)\.(amazonaws\.com[.cn]*)`)
 
 // ParseRegistry returns the AWS account ID and region and `true` if
 // the image registry/repository is hosted in AWS's Elastic Container Registry,

diff --git a/oci/auth/aws/auth_test.go b/oci/auth/aws/auth_test.go
@@ -57,6 +57,29 @@ func TestParseRegistry(t *testing.T) {
 			wantRegion:    "us-east-1",
 			wantOK:        true,
 		},
+		{
+			registry:      "https://012345678901.dkr.ecr.us-east-1.amazonaws.com/v2/part/part",
+			wantAccountID: "012345678901",
+			wantRegion:    "us-east-1",
+			wantOK:        true,
+		},
+		{
+			registry:      "012345678901.dkr.ecr.cn-north-1.amazonaws.com.cn/foo",
+			wantAccountID: "012345678901",
+			wantRegion:    "cn-north-1",
+			wantOK:        true,
+		},
+		{
+			registry:      "012345678901.dkr.ecr-fips.us-gov-west-1.amazonaws.com",
+			wantAccountID: "012345678901",
+			wantRegion:    "us-gov-west-1",
+			wantOK:        true,
+		},
+		// TODO: Fix: this invalid registry is allowed by the regex.
+		// {
+		// 	registry: ".dkr.ecr.error.amazonaws.com",
+		// 	wantOK:   false,
+		// },
 		{
 			registry: "gcr.io/foo/bar:baz",
 			wantOK:   false,