From 0da25e5da491b0778eed0444cbb05455bd562b42 Mon Sep 17 00:00:00 2001 From: Yu Bingjiao Date: Thu, 18 Apr 2024 06:37:59 +0800 Subject: [PATCH] fix(eks): add support of Helm charts located in ECR of AWS CN region (#29778) ### Issue # (if applicable) Closes #28460. ### Reason for this change Current implementation will not identity helm charts stored in ECR on AWS CN regions, and will treat ECR as simple, unauthorized repository. ### Description of changes This change add support of ECR on AWS CN region by adding a optional suffix of .cn to the regex. ### Description of how you validated changes Run the affected regex against helm repo in ECR China (123456789012.dkr.ecr.cn-northwest-1.amazonaws.com.cn) ``` import re repository = 'oci://123456789012.dkr.ecr.cn-northwest-1.amazonaws.com.cn' private_ecr_pattern = 'oci://(?P\d+\.dkr\.ecr\.(?P[a-z0-9\-]+)\.amazonaws\.com(\.cn)?)*' private_registry = re.match(private_ecr_pattern, repository).groupdict() print(private_registry['registry']) ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../lib/aws-eks/kubectl-handler/helm/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/custom-resource-handlers/lib/aws-eks/kubectl-handler/helm/__init__.py b/packages/@aws-cdk/custom-resource-handlers/lib/aws-eks/kubectl-handler/helm/__init__.py index 94694e4eb6251..f3df9835039af 100644 --- a/packages/@aws-cdk/custom-resource-handlers/lib/aws-eks/kubectl-handler/helm/__init__.py +++ b/packages/@aws-cdk/custom-resource-handlers/lib/aws-eks/kubectl-handler/helm/__init__.py @@ -100,7 +100,7 @@ def helm_handler(event, context): def get_oci_cmd(repository, version): # Generates OCI command based on pattern. Public ECR vs Private ECR are treated differently. - private_ecr_pattern = 'oci://(?P\d+\.dkr\.ecr\.(?P[a-z0-9\-]+)\.amazonaws\.com)*' + private_ecr_pattern = 'oci://(?P\d+\.dkr\.ecr\.(?P[a-z0-9\-]+)\.amazonaws\.com(\.cn)?)*' public_ecr_pattern = 'oci://(?Ppublic\.ecr\.aws)*' private_registry = re.match(private_ecr_pattern, repository).groupdict()