Skip to content

Commit 21cc7d3

Browse files
mselim00mselim00
committed
feat(ecr-cred-provider): support public dualstack endpoints
1 parent fff707b commit 21cc7d3

2 files changed

Lines changed: 21 additions & 2 deletions

File tree

cmd/ecr-credential-provider/main.go

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ import (
2424
"net/url"
2525
"os"
2626
"regexp"
27+
"slices"
2728
"strings"
2829
"time"
2930

@@ -40,7 +41,8 @@ import (
4041
)
4142

4243
const ecrPublicRegion string = "us-east-1"
43-
const ecrPublicHost string = "public.ecr.aws"
44+
45+
var ecrPublicHosts []string = []string{"public.ecr.aws", "ecr-public.aws.com"}
4446

4547
var ecrPrivateHostPattern = regexp.MustCompile(`^(\d{12})\.dkr[\.\-]ecr(\-fips)?\.([a-zA-Z0-9][a-zA-Z0-9-_]*)\.(amazonaws\.(?:com(?:\.cn)?|eu)|on\.(?:aws|amazonwebservices\.com\.cn)|sc2s\.sgov\.gov|c2s\.ic\.gov|cloud\.adc-e\.uk|csp\.hci\.ic\.gov)$`)
4648

@@ -154,7 +156,7 @@ func (e *ecrPlugin) GetCredentials(ctx context.Context, image string, args []str
154156
return nil, err
155157
}
156158

157-
if imageHost == ecrPublicHost {
159+
if slices.Contains(ecrPublicHosts, imageHost) {
158160
creds, err = e.getPublicCredsData(ctx)
159161
} else {
160162
creds, err = e.getPrivateCredsData(ctx, imageHost, image)

cmd/ecr-credential-provider/main_test.go

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -196,6 +196,12 @@ func Test_GetCredentials_Public(t *testing.T) {
196196
getAuthorizationTokenOutput: generatePublicGetAuthorizationTokenOutput("user", "pass", "", nil),
197197
response: generateResponse("public.ecr.aws", "user", "pass"),
198198
},
199+
{
200+
name: "dualstack success",
201+
image: "ecr-public.aws.com",
202+
getAuthorizationTokenOutput: generatePublicGetAuthorizationTokenOutput("user", "pass", "", nil),
203+
response: generateResponse("ecr-public.aws.com", "user", "pass"),
204+
},
199205
{
200206
name: "empty authorization data",
201207
image: "public.ecr.aws",
@@ -235,6 +241,17 @@ func Test_GetCredentials_Public(t *testing.T) {
235241
getAuthorizationTokenError: nil,
236242
expectedError: errors.New("error parsing username and password from authorization token"),
237243
},
244+
{
245+
name: "dualstack invalid authorization token",
246+
image: "ecr-public.aws.com",
247+
getAuthorizationTokenOutput: &ecrpublic.GetAuthorizationTokenOutput{
248+
AuthorizationData: &ecrpublictypes.AuthorizationData{
249+
AuthorizationToken: aws.String(base64.StdEncoding.EncodeToString([]byte("foo"))),
250+
},
251+
},
252+
getAuthorizationTokenError: nil,
253+
expectedError: errors.New("error parsing username and password from authorization token"),
254+
},
238255
}
239256

240257
for _, testcase := range testcases {

0 commit comments

Comments
 (0)