Skip to content

Commit

Permalink
Merge pull request #362 from bnsfrt/fix-ecr-oci-registry
Browse files Browse the repository at this point in the history
Add regex to support ECR as OCI Helm registry
  • Loading branch information
darkowlzz authored Sep 29, 2022
2 parents be0e81e + f7c66eb commit 640a3ab
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 22 deletions.
14 changes: 7 additions & 7 deletions oci/auth/aws/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,13 +33,13 @@ import (
"github.com/fluxcd/pkg/oci"
)

var registryPartRe = regexp.MustCompile(`([0-9+]*).dkr.ecr.([^/.]*)\.(amazonaws\.com[.cn]*)/([^:]+):?(.*)`)
var registryPartRe = regexp.MustCompile(`([0-9+]*).dkr.ecr.([^/.]*)\.(amazonaws\.com[.cn]*)`)

// ParseImage returns the AWS account ID and region and `true` if
// the image repository is hosted in AWS's Elastic Container Registry,
// ParseRegistry returns the AWS account ID and region and `true` if
// the image registry/repository is hosted in AWS's Elastic Container Registry,
// otherwise empty strings and `false`.
func ParseImage(image string) (accountId, awsEcrRegion string, ok bool) {
registryParts := registryPartRe.FindAllStringSubmatch(image, -1)
func ParseRegistry(registry string) (accountId, awsEcrRegion string, ok bool) {
registryParts := registryPartRe.FindAllStringSubmatch(registry, -1)
if len(registryParts) < 1 || len(registryParts[0]) < 3 {
return "", "", false
}
Expand Down Expand Up @@ -108,11 +108,11 @@ func (c *Client) getLoginAuth(accountId, awsEcrRegion string) (authn.AuthConfig,

// Login attempts to get the authentication material for ECR. It extracts
// the account and region information from the image URI. The caller can ensure
// that the passed image is a valid ECR image using ParseImage().
// that the passed image is a valid ECR image using ParseRegistry().
func (c *Client) Login(ctx context.Context, autoLogin bool, image string) (authn.Authenticator, error) {
if autoLogin {
ctrl.LoggerFrom(ctx).Info("logging in to AWS ECR for " + image)
accountId, awsEcrRegion, ok := ParseImage(image)
accountId, awsEcrRegion, ok := ParseRegistry(image)
if !ok {
return nil, errors.New("failed to parse AWS ECR image, invalid ECR image")
}
Expand Down
22 changes: 12 additions & 10 deletions oci/auth/aws/auth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,40 +31,42 @@ const (
testValidECRImage = "012345678901.dkr.ecr.us-east-1.amazonaws.com/foo:v1"
)

func TestParseImage(t *testing.T) {
func TestParseRegistry(t *testing.T) {
tests := []struct {
image string
registry string
wantAccountID string
wantRegion string
wantOK bool
}{
{
image: "012345678901.dkr.ecr.us-east-1.amazonaws.com/foo:v1",
registry: "012345678901.dkr.ecr.us-east-1.amazonaws.com/foo:v1",
wantAccountID: "012345678901",
wantRegion: "us-east-1",
wantOK: true,
},
{
image: "012345678901.dkr.ecr.us-east-1.amazonaws.com/foo",
registry: "012345678901.dkr.ecr.us-east-1.amazonaws.com/foo",
wantAccountID: "012345678901",
wantRegion: "us-east-1",
wantOK: true,
},
{
image: "012345678901.dkr.ecr.us-east-1.amazonaws.com",
wantOK: false,
registry: "012345678901.dkr.ecr.us-east-1.amazonaws.com",
wantAccountID: "012345678901",
wantRegion: "us-east-1",
wantOK: true,
},
{
image: "gcr.io/foo/bar:baz",
wantOK: false,
registry: "gcr.io/foo/bar:baz",
wantOK: false,
},
}

for _, tt := range tests {
t.Run(tt.image, func(t *testing.T) {
t.Run(tt.registry, func(t *testing.T) {
g := NewWithT(t)

accId, region, ok := ParseImage(tt.image)
accId, region, ok := ParseRegistry(tt.registry)
g.Expect(ok).To(Equal(tt.wantOK), "unexpected OK")
g.Expect(accId).To(Equal(tt.wantAccountID), "unexpected account IDs")
g.Expect(region).To(Equal(tt.wantRegion), "unexpected regions")
Expand Down
8 changes: 4 additions & 4 deletions oci/auth/login/login.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,10 @@ import (
"github.com/fluxcd/pkg/oci/auth/gcp"
)

// ImageRegistryProvider analyzes the provided image and returns the identified
// ImageRegistryProvider analyzes the provided registry and returns the identified
// container image registry provider.
func ImageRegistryProvider(image string, ref name.Reference) oci.Provider {
_, _, ok := aws.ParseImage(image)
func ImageRegistryProvider(ref name.Reference) oci.Provider {
_, _, ok := aws.ParseRegistry(ref.Context().RegistryStr())
if ok {
return oci.ProviderAWS
}
Expand Down Expand Up @@ -95,7 +95,7 @@ func (m *Manager) WithACRClient(c *azure.Client) *Manager {
// Login performs authentication against a registry and returns the
// authentication material. For generic registry provider, it is no-op.
func (m *Manager) Login(ctx context.Context, image string, ref name.Reference, opts ProviderOptions) (authn.Authenticator, error) {
switch ImageRegistryProvider(image, ref) {
switch ImageRegistryProvider(ref) {
case oci.ProviderAWS:
return m.ecr.Login(ctx, opts.AwsAutoLogin, image)
case oci.ProviderGCP:
Expand Down
2 changes: 1 addition & 1 deletion oci/auth/login/login_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ func TestImageRegistryProvider(t *testing.T) {

ref, err := name.ParseReference(tt.image)
g.Expect(err).ToNot(HaveOccurred())
g.Expect(ImageRegistryProvider(tt.image, ref)).To(Equal(tt.want))
g.Expect(ImageRegistryProvider(ref)).To(Equal(tt.want))
})
}
}
Expand Down

0 comments on commit 640a3ab

Please sign in to comment.