upstream/terraform-provider-docker
1
0
Fork 0
mirror of https://github.com/kreuzwerker/terraform-provider-docker.git synced 2026-02-03 04:09:29 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

fix: Authentication to ECR public (#690)

Browse source 
Originally proposed by @achille-roussel in https://github.com/kreuzwerker/terraform-provider-docker/pull/666
This commit is contained in:
Martin 2025-04-15 19:05:52 +02:00 committed by GitHub
parent dacb5dfe73
commit 4a46383d4c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 22 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
internal/provider/authentication_helpers.go
View file

@ -41,8 +41,12 @@ func normalizeECRPasswordForDockerCLIUsage(password string) string {
return password[4:]
}
func isECRPublicRepositoryURL(url string) bool {
return url == "public.ecr.aws"
}
func isECRRepositoryURL(url string) bool {
if url == "public.ecr.aws" {
if isECRPublicRepositoryURL(url) {
return true
}
// Regexp is based on the ecr urls shown in https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html

10
internal/provider/authentication_helpers_test.go
View file

@ -4,8 +4,16 @@ import (
"testing"
)
func TestIsECRRepositoryURL(t *testing.T) {
func TestIsECRPublicRepositoryURL(t *testing.T) {
if !isECRPublicRepositoryURL("public.ecr.aws") {
t.Fatalf("Expected true")
}
if isECRPublicRepositoryURL("public.ecr.aws.com") {
t.Fatalf("Expected false")
}
}
func TestIsECRRepositoryURL(t *testing.T) {
if !isECRRepositoryURL("2385929435838.dkr.ecr.eu-central-1.amazonaws.com") {
t.Fatalf("Expected true")
}

5
internal/provider/data_source_docker_registry_image.go
View file

@ -85,7 +85,10 @@ func getImageDigest(registry string, registryWithProtocol string, image, tag, us
if registry != "ghcr.io" && !isECRRepositoryURL(registry) && !isAzureCRRepositoryURL(registry) && registry != "gcr.io" {
req.SetBasicAuth(username, password)
} else {
if isECRRepositoryURL(registry) {
if isECRPublicRepositoryURL(registry) {
password = normalizeECRPasswordForHTTPUsage(password)
req.Header.Add("Authorization", "Bearer "+password)
} else if isECRRepositoryURL(registry) {
password = normalizeECRPasswordForHTTPUsage(password)
req.Header.Add("Authorization", "Basic "+password)
} else {

5
internal/provider/resource_docker_registry_image_funcs.go
View file

@ -270,7 +270,10 @@ func deleteDockerRegistryImage(pushOpts internalPushImageOptions, registryWithPr
if pushOpts.Registry != "ghcr.io" && !isECRRepositoryURL(pushOpts.Registry) && !isAzureCRRepositoryURL(pushOpts.Registry) && pushOpts.Registry != "gcr.io" {
req.SetBasicAuth(username, password)
} else {
if isECRRepositoryURL(pushOpts.Registry) {
if isECRPublicRepositoryURL(pushOpts.Registry) {
password = normalizeECRPasswordForHTTPUsage(password)
req.Header.Add("Authorization", "Bearer "+password)
} else if isECRRepositoryURL(pushOpts.Registry) {
password = normalizeECRPasswordForHTTPUsage(password)
req.Header.Add("Authorization", "Basic "+password)
} else {