github.com/mmcquillan/packer@v1.1.1-0.20171009221028-c85cf0483a5d/builder/docker/ecr_login.go (about) 1 package docker 2 3 import ( 4 "encoding/base64" 5 "fmt" 6 "log" 7 "regexp" 8 "strings" 9 10 "github.com/aws/aws-sdk-go/aws" 11 "github.com/aws/aws-sdk-go/aws/credentials" 12 "github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds" 13 "github.com/aws/aws-sdk-go/aws/ec2metadata" 14 "github.com/aws/aws-sdk-go/aws/session" 15 "github.com/aws/aws-sdk-go/service/ecr" 16 ) 17 18 type AwsAccessConfig struct { 19 AccessKey string `mapstructure:"aws_access_key"` 20 SecretKey string `mapstructure:"aws_secret_key"` 21 Token string `mapstructure:"aws_token"` 22 } 23 24 // Config returns a valid aws.Config object for access to AWS services, or 25 // an error if the authentication and region couldn't be resolved 26 func (c *AwsAccessConfig) config(region string) (*aws.Config, error) { 27 var creds *credentials.Credentials 28 29 config := aws.NewConfig().WithRegion(region).WithMaxRetries(11) 30 session, err := session.NewSession(config) 31 if err != nil { 32 return nil, err 33 } 34 creds = credentials.NewChainCredentials([]credentials.Provider{ 35 &credentials.StaticProvider{Value: credentials.Value{ 36 AccessKeyID: c.AccessKey, 37 SecretAccessKey: c.SecretKey, 38 SessionToken: c.Token, 39 }}, 40 &credentials.EnvProvider{}, 41 &credentials.SharedCredentialsProvider{Filename: "", Profile: ""}, 42 &ec2rolecreds.EC2RoleProvider{ 43 Client: ec2metadata.New(session), 44 }, 45 }) 46 return config.WithCredentials(creds), nil 47 } 48 49 // Get a login token for Amazon AWS ECR. Returns username and password 50 // or an error. 51 func (c *AwsAccessConfig) EcrGetLogin(ecrUrl string) (string, string, error) { 52 53 exp := regexp.MustCompile(`(?:http://|https://|)([0-9]*)\.dkr\.ecr\.(.*)\.amazonaws\.com.*`) 54 splitUrl := exp.FindStringSubmatch(ecrUrl) 55 if len(splitUrl) != 3 { 56 return "", "", fmt.Errorf("Failed to parse the ECR URL: %s it should be on the form <account number>.dkr.ecr.<region>.amazonaws.com", ecrUrl) 57 } 58 accountId := splitUrl[1] 59 region := splitUrl[2] 60 61 log.Println(fmt.Sprintf("Getting ECR token for account: %s in %s..", accountId, region)) 62 63 awsConfig, err := c.config(region) 64 if err != nil { 65 return "", "", err 66 } 67 68 session, err := session.NewSession(awsConfig) 69 if err != nil { 70 return "", "", fmt.Errorf("failed to create session: %s", err) 71 } 72 73 service := ecr.New(session) 74 75 params := &ecr.GetAuthorizationTokenInput{ 76 RegistryIds: []*string{ 77 aws.String(accountId), 78 }, 79 } 80 resp, err := service.GetAuthorizationToken(params) 81 if err != nil { 82 return "", "", fmt.Errorf(err.Error()) 83 } 84 85 auth, err := base64.StdEncoding.DecodeString(*resp.AuthorizationData[0].AuthorizationToken) 86 if err != nil { 87 return "", "", fmt.Errorf("Error decoding ECR AuthorizationToken: %s", err) 88 } 89 90 authParts := strings.SplitN(string(auth), ":", 2) 91 log.Printf("Successfully got login for ECR: %s", ecrUrl) 92 93 return authParts[0], authParts[1], nil 94 }