Merge pull request #104 from petercanva/peterarnott-ecr-china

Add support for authenticating to a China ECR
buildkite-plugins · Apr 10, 2024 · 73d58b9 · 73d58b9
2 parents e79d6c2 + fad2144
commit 73d58b9
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 1 deletion.
diff --git a/hooks/environment b/hooks/environment
@@ -209,9 +209,15 @@ function login_using_aws_ecr_get_login_password() {
       public_password="$(retry "${BUILDKITE_PLUGIN_ECR_RETRIES:-0}" aws --region us-east-1 ecr-public get-login-password)"
       retry "${BUILDKITE_PLUGIN_ECR_RETRIES:-0}" --with-stdin docker login --username AWS --password-stdin public.ecr.aws <<< "$public_password"
     else
+      if [[ ${region:0:3} == "cn-" ]]; then
+        # the ecr registry in China regions has a different URL
+        ecr_registry_url="$account_id.dkr.ecr.$region.amazonaws.com.cn"
+      else
+        ecr_registry_url="$account_id.dkr.ecr.$region.amazonaws.com"
+      fi
       # it is only necessary to get the password once
       password=${password:-"$(retry "${BUILDKITE_PLUGIN_ECR_RETRIES:-0}" aws ${login_args[@]+"${login_args[@]}"} ecr get-login-password)"}
-      retry "${BUILDKITE_PLUGIN_ECR_RETRIES:-0}" --with-stdin docker login --username AWS --password-stdin "$account_id.dkr.ecr.$region.amazonaws.com" <<< "$password"
+      retry "${BUILDKITE_PLUGIN_ECR_RETRIES:-0}" --with-stdin docker login --username AWS --password-stdin "$ecr_registry_url" <<< "$password"
     fi
   done
 }

diff --git a/tests/run.bats b/tests/run.bats
@@ -129,6 +129,57 @@ load "${BATS_PLUGIN_PATH}/load.bash"
   rm /tmp/password-stdin
 }
 
+@test "ECR login; configured account ID, configured China region, configured profile" {
+  export BUILDKITE_PLUGIN_ECR_LOGIN=true
+  export BUILDKITE_PLUGIN_ECR_ACCOUNT_IDS=321321321321
+  export BUILDKITE_PLUGIN_ECR_REGION=cn-north-1
+  export BUILDKITE_PLUGIN_ECR_PROFILE=ecr
+
+  stub aws \
+    "--version : echo aws-cli/2.0.0 Python/3.8.1 Linux/5.5.6-arch1-1 botocore/1.15.3" \
+    "--region cn-north-1 --profile ecr ecr get-login-password : echo hunter2"
+
+  stub docker \
+    "login --username AWS --password-stdin 321321321321.dkr.ecr.cn-north-1.amazonaws.com.cn : cat > /tmp/password-stdin ; echo logging in to docker"
+
+  run "$PWD/hooks/environment"
+
+  assert_success
+  assert_output --partial "~~~ Authenticating with AWS ECR :ecr: :docker:"
+  assert_output --partial "^^^ Authenticating with AWS ECR in cn-north-1 for 321321321321 :ecr: :docker:"
+  assert_output --partial "logging in to docker"
+  assert_equal "hunter2" "$(cat /tmp/password-stdin)"
+
+  unstub aws
+  unstub docker
+  rm /tmp/password-stdin
+}
+
+@test "ECR login; configured account ID, configured China region" {
+  export BUILDKITE_PLUGIN_ECR_LOGIN=true
+  export BUILDKITE_PLUGIN_ECR_ACCOUNT_IDS=321321321321
+  export BUILDKITE_PLUGIN_ECR_REGION=cn-north-1
+
+  stub aws \
+    "--version : echo aws-cli/2.0.0 Python/3.8.1 Linux/5.5.6-arch1-1 botocore/1.15.3" \
+    "--region cn-north-1 ecr get-login-password : echo hunter2"
+
+  stub docker \
+    "login --username AWS --password-stdin 321321321321.dkr.ecr.cn-north-1.amazonaws.com.cn : cat > /tmp/password-stdin ; echo logging in to docker"
+
+  run "$PWD/hooks/environment"
+
+  assert_success
+  assert_output --partial "~~~ Authenticating with AWS ECR :ecr: :docker:"
+  assert_output --partial "^^^ Authenticating with AWS ECR in cn-north-1 for 321321321321 :ecr: :docker:"
+  assert_output --partial "logging in to docker"
+  assert_equal "hunter2" "$(cat /tmp/password-stdin)"
+
+  unstub aws
+  unstub docker
+  rm /tmp/password-stdin
+}
+
 @test "ECR login; multiple account IDs" {
   export BUILDKITE_PLUGIN_ECR_LOGIN=true
   export BUILDKITE_PLUGIN_ECR_ACCOUNT_IDS_0=111111111111