Rename flag for enalbing ECR-specific login

This is my attempt at a descriptive flag for this feature. It mentions AWS and ECR, and suggests automatically getting credentials. It starts with `aws` so it will sort alongside any other AWS-specific flags that come along later. Signed-off-by: Michael Bridgen <michael@weave.works>
fluxcd · Oct 5, 2021 · 879ce9f · 879ce9f
1 parent 6de3efa
commit 879ce9f
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 6 deletions.
diff --git a/controllers/imagerepository_controller.go b/controllers/imagerepository_controller.go
@@ -80,7 +80,8 @@ type ImageRepositoryReconciler struct {
 		DatabaseWriter
 		DatabaseReader
 	}
-	UseAwsEcr bool
+
+	AwsAutoLogin bool // automatically attempt to get credentials for images in ECR
 }
 
 type ImageRepositoryReconcilerOptions struct {
@@ -267,7 +268,7 @@ func (r *ImageRepositoryReconciler) scan(ctx context.Context, imageRepo *imagev1
 		}
 		options = append(options, remote.WithAuth(auth))
 	} else if accountId, awsEcrRegion, ok := parseAwsImage(imageRepo.Spec.Image); ok {
-		if r.UseAwsEcr {
+		if r.AwsAutoLogin {
 			logr.FromContext(ctx).Info("Logging in to AWS ECR for " + imageRepo.Spec.Image)
 
 			authConfig, err := getAwsECRLoginAuth(accountId, awsEcrRegion)
@@ -284,7 +285,7 @@ func (r *ImageRepositoryReconciler) scan(ctx context.Context, imageRepo *imagev1
 			auth := authn.FromConfig(authConfig)
 			options = append(options, remote.WithAuth(auth))
 		} else {
-			logr.FromContext(ctx).Info("AWS ECR authentication is not enabled, to enable, set USE_ECR environment variable")
+			logr.FromContext(ctx).Info("No image credentials secret referenced, and ECR authentication is not enabled. To enable, set the controller flag --aws-autologin-for-ecr")
 		}
 	}
 

diff --git a/main.go b/main.go
@@ -69,7 +69,7 @@ func main() {
 		storagePath             string
 		storageValueLogFileSize int64
 		concurrent              int
-		useAwsEcr               bool
+		awsAutoLogin            bool
 	)
 
 	flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.")
@@ -80,7 +80,7 @@ func main() {
 	flag.StringVar(&storagePath, "storage-path", "/data", "Where to store the persistent database of image metadata")
 	flag.Int64Var(&storageValueLogFileSize, "storage-value-log-file-size", 1<<28, "Set the database's memory mapped value log file size in bytes. Effective memory usage is about two times this size.")
 	flag.IntVar(&concurrent, "concurrent", 4, "The number of concurrent resource reconciles.")
-	flag.BoolVar(&useAwsEcr, "use-aws-ecr", false, "Log in to AWS Elastic Container Registry with IAM")
+	flag.BoolVar(&awsAutoLogin, "aws-autologin-for-ecr", false, "(AWS) Attempt to get credentials for images in Elastic Container Registry, when no secret is referenced")
 
 	clientOptions.BindFlags(flag.CommandLine)
 	logOptions.BindFlags(flag.CommandLine)
@@ -147,7 +147,7 @@ func main() {
 		ExternalEventRecorder: eventRecorder,
 		MetricsRecorder:       metricsRecorder,
 		Database:              db,
-		UseAwsEcr:             useAwsEcr,
+		AwsAutoLogin:          awsAutoLogin,
 	}).SetupWithManager(mgr, controllers.ImageRepositoryReconcilerOptions{
 		MaxConcurrentReconciles: concurrent,
 	}); err != nil {