diff --git a/aws/data_source_aws_ecr_authorization_token.go b/aws/data_source_aws_ecr_authorization_token.go new file mode 100644 index 000000000000..89535c2a076b --- /dev/null +++ b/aws/data_source_aws_ecr_authorization_token.go @@ -0,0 +1,84 @@ +package aws + +import ( + "encoding/base64" + "fmt" + "log" + "strings" + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/ecr" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" +) + +func dataSourceAwsEcrAuthorizationToken() *schema.Resource { + return &schema.Resource{ + Read: dataSourceAwsEcrAuthorizationTokenRead, + + Schema: map[string]*schema.Schema{ + "registry_id": { + Type: schema.TypeString, + Optional: true, + }, + "authorization_token": { + Type: schema.TypeString, + Computed: true, + Sensitive: true, + }, + "proxy_endpoint": { + Type: schema.TypeString, + Computed: true, + }, + "expires_at": { + Type: schema.TypeString, + Computed: true, + }, + "user_name": { + Type: schema.TypeString, + Computed: true, + }, + "password": { + Type: schema.TypeString, + Computed: true, + Sensitive: true, + }, + }, + } +} + +func dataSourceAwsEcrAuthorizationTokenRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).ecrconn + params := &ecr.GetAuthorizationTokenInput{} + if v, ok := d.GetOk("registry_id"); ok && len(v.(string)) > 0 { + params.RegistryIds = []*string{aws.String(v.(string))} + } + log.Printf("[DEBUG] Getting ECR authorization token") + out, err := conn.GetAuthorizationToken(params) + if err != nil { + return fmt.Errorf("error getting ECR authorization token: %s", err) + } + log.Printf("[DEBUG] Received ECR AuthorizationData %v", out.AuthorizationData) + authorizationData := out.AuthorizationData[0] + authorizationToken := aws.StringValue(authorizationData.AuthorizationToken) + expiresAt := aws.TimeValue(authorizationData.ExpiresAt).Format(time.RFC3339) + proxyEndpoint := aws.StringValue(authorizationData.ProxyEndpoint) + authBytes, err := base64.URLEncoding.DecodeString(authorizationToken) + if err != nil { + d.SetId("") + return fmt.Errorf("error decoding ECR authorization token: %s", err) + } + basicAuthorization := strings.Split(string(authBytes), ":") + if len(basicAuthorization) != 2 { + return fmt.Errorf("unknown ECR authorization token format") + } + userName := basicAuthorization[0] + password := basicAuthorization[1] + d.SetId(time.Now().UTC().String()) + d.Set("authorization_token", authorizationToken) + d.Set("proxy_endpoint", proxyEndpoint) + d.Set("expires_at", expiresAt) + d.Set("user_name", userName) + d.Set("password", password) + return nil +} diff --git a/aws/data_source_aws_ecr_authorization_token_test.go b/aws/data_source_aws_ecr_authorization_token_test.go new file mode 100644 index 000000000000..bbee53e8ebc3 --- /dev/null +++ b/aws/data_source_aws_ecr_authorization_token_test.go @@ -0,0 +1,60 @@ +package aws + +import ( + "fmt" + "regexp" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" +) + +func TestAccAWSEcrAuthorizationTokenDataSource_basic(t *testing.T) { + rName := acctest.RandomWithPrefix("tf-acc-test") + dataSourceName := "data.aws_ecr_authorization_token.repo" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccCheckAwsEcrAuthorizationTokenDataSourceBasicConfig, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet(dataSourceName, "authorization_token"), + resource.TestCheckResourceAttrSet(dataSourceName, "proxy_endpoint"), + resource.TestCheckResourceAttrSet(dataSourceName, "expires_at"), + resource.TestCheckResourceAttrSet(dataSourceName, "user_name"), + resource.TestMatchResourceAttr(dataSourceName, "user_name", regexp.MustCompile(`AWS`)), + resource.TestCheckResourceAttrSet(dataSourceName, "password"), + ), + }, + { + Config: testAccCheckAwsEcrAuthorizationTokenDataSourceRepositoryConfig(rName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair(dataSourceName, "registry_id", "aws_ecr_repository.repo", "registry_id"), + resource.TestCheckResourceAttrSet(dataSourceName, "authorization_token"), + resource.TestCheckResourceAttrSet(dataSourceName, "proxy_endpoint"), + resource.TestCheckResourceAttrSet(dataSourceName, "expires_at"), + resource.TestCheckResourceAttrSet(dataSourceName, "user_name"), + resource.TestMatchResourceAttr(dataSourceName, "user_name", regexp.MustCompile(`AWS`)), + resource.TestCheckResourceAttrSet(dataSourceName, "password"), + ), + }, + }, + }) +} + +var testAccCheckAwsEcrAuthorizationTokenDataSourceBasicConfig = ` +data "aws_ecr_authorization_token" "repo" {} +` + +func testAccCheckAwsEcrAuthorizationTokenDataSourceRepositoryConfig(rName string) string { + return fmt.Sprintf(` +resource "aws_ecr_repository" "repo" { + name = %q +} +data "aws_ecr_authorization_token" "repo" { + registry_id = "${aws_ecr_repository.repo.registry_id}" +} +`, rName) +} diff --git a/aws/provider.go b/aws/provider.go index f099bc0c14aa..027a7a20f170 100644 --- a/aws/provider.go +++ b/aws/provider.go @@ -228,6 +228,7 @@ func Provider() terraform.ResourceProvider { "aws_ec2_transit_gateway_route_table": dataSourceAwsEc2TransitGatewayRouteTable(), "aws_ec2_transit_gateway_vpc_attachment": dataSourceAwsEc2TransitGatewayVpcAttachment(), "aws_ec2_transit_gateway_vpn_attachment": dataSourceAwsEc2TransitGatewayVpnAttachment(), + "aws_ecr_authorization_token": dataSourceAwsEcrAuthorizationToken(), "aws_ecr_image": dataSourceAwsEcrImage(), "aws_ecr_repository": dataSourceAwsEcrRepository(), "aws_ecs_cluster": dataSourceAwsEcsCluster(), diff --git a/website/aws.erb b/website/aws.erb index 91480d751549..8286f2ab367b 100644 --- a/website/aws.erb +++ b/website/aws.erb @@ -1319,6 +1319,9 @@
  • Data Sources