This repository has been archived by the owner on Nov 27, 2021. It is now read-only.
/
ecr.go
98 lines (83 loc) · 2.3 KB
/
ecr.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
package registry
import (
"context"
"encoding/base64"
"fmt"
"strings"
"time"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/ecr"
)
// @see https://pkg.go.dev/github.com/aws/aws-sdk-go-v2
// Credential is a parameter for Kubernetes secret of docker-registry type
type Credential struct {
Server string
UserName string
Password string
Email string
}
// ECRClient is a client for AWS ECR service
type ECRClient struct {
svc *ecr.Client
region string
}
const (
awsUserNameForRegistry = "AWS"
timeout = 10 * time.Second
)
// NewECRClient is a constructor
func NewECRClient(region, endpointURL string) (*ECRClient, error) {
cfg, err := loadAWSConfig(region, endpointURL)
if err != nil {
return nil, err
}
return &ECRClient{svc: ecr.NewFromConfig(cfg), region: region}, nil
}
func loadAWSConfig(region, endpointURL string) (aws.Config, error) {
if endpointURL == "" {
return config.LoadDefaultConfig(context.TODO(), config.WithRegion(region))
}
return config.LoadDefaultConfig(
context.TODO(),
config.WithRegion(region),
config.WithEndpointResolver(
aws.EndpointResolverFunc(
func(service, region string) (aws.Endpoint, error) {
return aws.Endpoint{
PartitionID: "aws",
URL: endpointURL,
SigningRegion: region,
}, nil
},
),
),
)
}
// Login is authorization for AWS ECR
func (c *ECRClient) Login(accountID, email string) (*Credential, error) {
input := &ecr.GetAuthorizationTokenInput{RegistryIds: []string{accountID}}
ctx, cancel := context.WithTimeout(context.Background(), timeout)
defer cancel()
output, err := c.svc.GetAuthorizationToken(ctx, input)
if err != nil {
return nil, err
}
if len(output.AuthorizationData) == 0 {
return nil, fmt.Errorf("failed to get auth token from AWS ECR")
}
token, err := base64.StdEncoding.DecodeString(*output.AuthorizationData[0].AuthorizationToken)
if err != nil {
return nil, err
}
parts := strings.Split(string(token), ":")
if len(parts) < 2 {
return nil, fmt.Errorf("failed to parse auth token of AWS ECR")
}
return &Credential{
Server: fmt.Sprintf("https://%s.dkr.ecr.%s.amazonaws.com", accountID, c.region),
UserName: awsUserNameForRegistry,
Password: parts[1],
Email: email,
}, nil
}