From 40e27c2587919d62d1579f24325a744ed3a71dd2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?chrisDallas=20=E2=98=95=20=F0=9F=8C=A7=EF=B8=8F=20?= =?UTF-8?q?=E2=98=82?= Date: Thu, 8 Oct 2020 11:58:58 -0700 Subject: [PATCH] --EKS-PATCH-- (aws_credentials): update ecr url validation regex Description: * Updates the regex for ECR URL validation to support isolated regions and includes additional testcases for these. Upstream PR, Issue, KEP, etc. links: * Kubernetes PR #113087 (https://github.com/kubernetes/kubernetes/pull/113087) added this change to 1.26. This patch isn't a cherry pick, as it was created before the PR was opened. If this patch is based on an upstream commit, how (if at all) do this patch and the upstream source differ? * No differences. If this patch's changes have not been added by upstream, why not? * N/A Other patches related to this patch: * None Changes made to this patch after its initial creation and reasons for these changes: * None Kubernetes version this patch can be dropped: * v1.26 -- upstream includes these changes starting in this version Signed-off-by: Jyoti Mahapatra --- pkg/credentialprovider/aws/aws_credentials.go | 2 +- pkg/credentialprovider/aws/aws_credentials_test.go | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/pkg/credentialprovider/aws/aws_credentials.go b/pkg/credentialprovider/aws/aws_credentials.go index 9537f6b82e8b6..0641fa787d92c 100644 --- a/pkg/credentialprovider/aws/aws_credentials.go +++ b/pkg/credentialprovider/aws/aws_credentials.go @@ -41,7 +41,7 @@ import ( ) var ( - ecrPattern = regexp.MustCompile(`^(\d{12})\.dkr\.ecr(\-fips)?\.([a-zA-Z0-9][a-zA-Z0-9-_]*)\.amazonaws\.com(\.cn)?$`) + ecrPattern = regexp.MustCompile(`^(\d{12})\.dkr\.ecr(\-fips)?\.([a-zA-Z0-9][a-zA-Z0-9-_]*)\.(amazonaws\.com(\.cn)?|sc2s\.sgov\.gov|c2s\.ic\.gov)$`) once sync.Once isEC2 bool ) diff --git a/pkg/credentialprovider/aws/aws_credentials_test.go b/pkg/credentialprovider/aws/aws_credentials_test.go index a299d9ac109b6..b05e4d35327cb 100644 --- a/pkg/credentialprovider/aws/aws_credentials_test.go +++ b/pkg/credentialprovider/aws/aws_credentials_test.go @@ -82,6 +82,12 @@ func TestRegistryPatternMatch(t *testing.T) { {"123456789012.dkr.ecr-fips.lala-land-1.amazonaws.com", true}, // .cn {"123456789012.dkr.ecr.lala-land-1.amazonaws.com.cn", true}, + // iso + {"123456789012.dkr.ecr.us-iso-east-1.c2s.ic.gov", true}, + // iso-b + {"123456789012.dkr.ecr.us-isob-east-1.sc2s.sgov.gov", true}, + // invalid gov endpoint + {"123456789012.dkr.ecr.us-iso-east-1.amazonaws.gov", false}, // registry ID too long {"1234567890123.dkr.ecr.lala-land-1.amazonaws.com", false}, // registry ID too short