-
Notifications
You must be signed in to change notification settings - Fork 9
/
auth.go
54 lines (43 loc) · 1.58 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
// Copyright 2022 Namespace Labs Inc; All rights reserved.
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
package ecr
import (
"context"
"encoding/base64"
"strings"
"github.com/aws/aws-sdk-go-v2/service/ecr/types"
dockertypes "github.com/docker/cli/cli/config/types"
"namespacelabs.dev/foundation/internal/fnerrors"
)
type tokenProducerFunc func(context.Context) ([]types.AuthorizationData, error)
type makeServerAddressFunc func(context.Context) (string, error)
func refreshAuth(ctx context.Context, login tokenProducerFunc, makeServerAddress makeServerAddressFunc) (*dockertypes.AuthConfig, error) {
authData, err := login(ctx)
if err != nil {
return nil, err
}
if len(authData) == 0 {
return nil, fnerrors.InvocationError("aws/ecr", "expected at least one authorization data back")
}
if authData[0].AuthorizationToken == nil {
return nil, fnerrors.InvocationError("aws/ecr", "expected the authorization tokens to be set")
}
decoded, err := base64.StdEncoding.DecodeString(*authData[0].AuthorizationToken)
if err != nil {
return nil, fnerrors.InvocationError("aws/ecr", "failed to decode authorization token: %w", err)
}
parts := strings.SplitN(string(decoded), ":", 2)
if len(parts) < 2 {
return nil, fnerrors.InvocationError("aws/ecr", "unexpected authorization token format")
}
serverAddr, err := makeServerAddress(ctx)
if err != nil {
return nil, err
}
return &dockertypes.AuthConfig{
Username: parts[0],
Password: parts[1],
ServerAddress: serverAddr,
}, nil
}