github.com/rahart/packer@v0.12.2-0.20161229105310-282bb6ad370f/builder/docker/ecr_login.go

github.com/rahart/packer@v0.12.2-0.20161229105310-282bb6ad370f/builder/docker/ecr_login.go (about)

     1  package docker
     2  
     3  import (
     4  	"encoding/base64"
     5  	"fmt"
     6  	"log"
     7  	"regexp"
     8  	"strings"
     9  
    10  	"github.com/aws/aws-sdk-go/aws"
    11  	"github.com/aws/aws-sdk-go/aws/credentials"
    12  	"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
    13  	"github.com/aws/aws-sdk-go/aws/ec2metadata"
    14  	"github.com/aws/aws-sdk-go/aws/session"
    15  	"github.com/aws/aws-sdk-go/service/ecr"
    16  )
    17  
    18  type AwsAccessConfig struct {
    19  	AccessKey string `mapstructure:"aws_access_key"`
    20  	SecretKey string `mapstructure:"aws_secret_key"`
    21  	Token     string `mapstructure:"aws_token"`
    22  }
    23  
    24  // Config returns a valid aws.Config object for access to AWS services, or
    25  // an error if the authentication and region couldn't be resolved
    26  func (c *AwsAccessConfig) config(region string) (*aws.Config, error) {
    27  	var creds *credentials.Credentials
    28  
    29  	config := aws.NewConfig().WithRegion(region).WithMaxRetries(11)
    30  	session, err := session.NewSession(config)
    31  	if err != nil {
    32  		return nil, err
    33  	}
    34  	creds = credentials.NewChainCredentials([]credentials.Provider{
    35  		&credentials.StaticProvider{Value: credentials.Value{
    36  			AccessKeyID:     c.AccessKey,
    37  			SecretAccessKey: c.SecretKey,
    38  			SessionToken:    c.Token,
    39  		}},
    40  		&credentials.EnvProvider{},
    41  		&credentials.SharedCredentialsProvider{Filename: "", Profile: ""},
    42  		&ec2rolecreds.EC2RoleProvider{
    43  			Client: ec2metadata.New(session),
    44  		},
    45  	})
    46  	return config.WithCredentials(creds), nil
    47  }
    48  
    49  // Get a login token for Amazon AWS ECR. Returns username and password
    50  // or an error.
    51  func (c *AwsAccessConfig) EcrGetLogin(ecrUrl string) (string, string, error) {
    52  
    53  	exp := regexp.MustCompile("(?:http://|https://|)([0-9]*)\\.dkr\\.ecr\\.(.*)\\.amazonaws\\.com.*")
    54  	splitUrl := exp.FindStringSubmatch(ecrUrl)
    55  	accountId := splitUrl[1]
    56  	region := splitUrl[2]
    57  
    58  	log.Println(fmt.Sprintf("Getting ECR token for account: %s in %s..", accountId, region))
    59  
    60  	awsConfig, err := c.config(region)
    61  	if err != nil {
    62  		return "", "", err
    63  	}
    64  
    65  	session, err := session.NewSession(awsConfig)
    66  	if err != nil {
    67  		return "", "", fmt.Errorf("failed to create session: %s", err)
    68  	}
    69  
    70  	service := ecr.New(session)
    71  
    72  	params := &ecr.GetAuthorizationTokenInput{
    73  		RegistryIds: []*string{
    74  			aws.String(accountId),
    75  		},
    76  	}
    77  	resp, err := service.GetAuthorizationToken(params)
    78  	if err != nil {
    79  		return "", "", fmt.Errorf(err.Error())
    80  	}
    81  
    82  	auth, err := base64.StdEncoding.DecodeString(*resp.AuthorizationData[0].AuthorizationToken)
    83  	if err != nil {
    84  		return "", "", fmt.Errorf("Error decoding ECR AuthorizationToken: %s", err)
    85  	}
    86  
    87  	authParts := strings.SplitN(string(auth), ":", 2)
    88  	log.Printf("Successfully got login for ECR: %s", ecrUrl)
    89  
    90  	return authParts[0], authParts[1], nil
    91  }