2016-09-03 10:45:52 -04:00
|
|
|
package docker
|
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/base64"
|
|
|
|
"fmt"
|
|
|
|
"log"
|
|
|
|
"regexp"
|
|
|
|
"strings"
|
|
|
|
|
|
|
|
"github.com/aws/aws-sdk-go/aws"
|
|
|
|
"github.com/aws/aws-sdk-go/service/ecr"
|
2017-10-17 15:00:19 -04:00
|
|
|
"github.com/hashicorp/packer/builder/amazon/common"
|
2016-09-03 10:45:52 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
type AwsAccessConfig struct {
|
2019-05-28 11:50:58 -04:00
|
|
|
// The AWS access key used to communicate with
|
|
|
|
// AWS. Learn how to set
|
|
|
|
// this.
|
|
|
|
AccessKey string `mapstructure:"aws_access_key" required:"false"`
|
|
|
|
// The AWS secret key used to communicate with
|
|
|
|
// AWS. Learn how to set
|
|
|
|
// this.
|
|
|
|
SecretKey string `mapstructure:"aws_secret_key" required:"false"`
|
|
|
|
// The AWS access token to use. This is different from
|
|
|
|
// the access key and secret key. If you're not sure what this is, then you
|
|
|
|
// probably don't need it. This will also be read from the AWS_SESSION_TOKEN
|
|
|
|
// environmental variable.
|
|
|
|
Token string `mapstructure:"aws_token" required:"false"`
|
|
|
|
// The AWS shared credentials profile used to
|
|
|
|
// communicate with AWS. Learn how to set
|
|
|
|
// this.
|
|
|
|
Profile string `mapstructure:"aws_profile" required:"false"`
|
2017-10-17 15:00:19 -04:00
|
|
|
cfg *common.AccessConfig
|
2016-09-03 10:45:52 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
// Get a login token for Amazon AWS ECR. Returns username and password
|
|
|
|
// or an error.
|
|
|
|
func (c *AwsAccessConfig) EcrGetLogin(ecrUrl string) (string, string, error) {
|
|
|
|
|
2017-03-28 21:29:55 -04:00
|
|
|
exp := regexp.MustCompile(`(?:http://|https://|)([0-9]*)\.dkr\.ecr\.(.*)\.amazonaws\.com.*`)
|
2016-09-03 10:45:52 -04:00
|
|
|
splitUrl := exp.FindStringSubmatch(ecrUrl)
|
2017-01-11 14:21:13 -05:00
|
|
|
if len(splitUrl) != 3 {
|
|
|
|
return "", "", fmt.Errorf("Failed to parse the ECR URL: %s it should be on the form <account number>.dkr.ecr.<region>.amazonaws.com", ecrUrl)
|
|
|
|
}
|
2016-09-03 10:45:52 -04:00
|
|
|
accountId := splitUrl[1]
|
|
|
|
region := splitUrl[2]
|
|
|
|
|
|
|
|
log.Println(fmt.Sprintf("Getting ECR token for account: %s in %s..", accountId, region))
|
|
|
|
|
2017-10-17 15:00:19 -04:00
|
|
|
c.cfg = &common.AccessConfig{
|
|
|
|
AccessKey: c.AccessKey,
|
|
|
|
ProfileName: c.Profile,
|
|
|
|
RawRegion: region,
|
|
|
|
SecretKey: c.SecretKey,
|
|
|
|
Token: c.Token,
|
2016-09-03 10:45:52 -04:00
|
|
|
}
|
|
|
|
|
2017-10-17 15:00:19 -04:00
|
|
|
session, err := c.cfg.Session()
|
2016-09-03 10:45:52 -04:00
|
|
|
if err != nil {
|
|
|
|
return "", "", fmt.Errorf("failed to create session: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
service := ecr.New(session)
|
|
|
|
|
|
|
|
params := &ecr.GetAuthorizationTokenInput{
|
|
|
|
RegistryIds: []*string{
|
|
|
|
aws.String(accountId),
|
|
|
|
},
|
|
|
|
}
|
|
|
|
resp, err := service.GetAuthorizationToken(params)
|
|
|
|
if err != nil {
|
|
|
|
return "", "", fmt.Errorf(err.Error())
|
|
|
|
}
|
|
|
|
|
|
|
|
auth, err := base64.StdEncoding.DecodeString(*resp.AuthorizationData[0].AuthorizationToken)
|
|
|
|
if err != nil {
|
|
|
|
return "", "", fmt.Errorf("Error decoding ECR AuthorizationToken: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
authParts := strings.SplitN(string(auth), ":", 2)
|
|
|
|
log.Printf("Successfully got login for ECR: %s", ecrUrl)
|
|
|
|
|
|
|
|
return authParts[0], authParts[1], nil
|
|
|
|
}
|