mirror of
https://github.com/goharbor/harbor.git
synced 2024-09-29 13:57:33 +02:00
Fix Replication to Cross-account AWS ECR (#17583)
Replication to Cross-account AWS ECR
This commit is contained in:
parent
cf5197246a
commit
805a36e7f0
@ -29,11 +29,11 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
regionPattern = "https://(?:api|\\d+\\.dkr)\\.ecr\\.([\\w\\-]+)\\.amazonaws\\.com"
|
||||
ecrPattern = "https://(?:api|(\\d+)\\.dkr)\\.ecr\\.([\\w\\-]+)\\.amazonaws\\.com"
|
||||
)
|
||||
|
||||
var (
|
||||
regionRegexp = regexp.MustCompile(regionPattern)
|
||||
ecrRegexp = regexp.MustCompile(ecrPattern)
|
||||
)
|
||||
|
||||
func init() {
|
||||
@ -45,12 +45,12 @@ func init() {
|
||||
}
|
||||
|
||||
func newAdapter(registry *model.Registry) (*adapter, error) {
|
||||
region, err := parseRegion(registry.URL)
|
||||
_, region, err := parseAccountRegion(registry.URL)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
svc, err := getAwsSvc(
|
||||
region, registry.Credential.AccessKey, registry.Credential.AccessSecret, registry.Insecure, ®istry.URL)
|
||||
region, registry.Credential.AccessKey, registry.Credential.AccessSecret, registry.Insecure, nil)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -62,12 +62,12 @@ func newAdapter(registry *model.Registry) (*adapter, error) {
|
||||
}, nil
|
||||
}
|
||||
|
||||
func parseRegion(url string) (string, error) {
|
||||
rs := regionRegexp.FindStringSubmatch(url)
|
||||
func parseAccountRegion(url string) (string, string, error) {
|
||||
rs := ecrRegexp.FindStringSubmatch(url)
|
||||
if rs == nil {
|
||||
return "", errors.New("bad aws url")
|
||||
return "", "", errors.New("bad aws url")
|
||||
}
|
||||
return rs[1], nil
|
||||
return rs[1], rs[2], nil
|
||||
}
|
||||
|
||||
type factory struct {
|
||||
|
@ -289,18 +289,18 @@ var urlForBenchmark = []string{
|
||||
"https://test-region.amazonaws.com",
|
||||
}
|
||||
|
||||
func compileRegexpEveryTime(url string) (string, error) {
|
||||
rs := regexp.MustCompile(regionPattern).FindStringSubmatch(url)
|
||||
func compileRegexpEveryTime(url string) (string, string, error) {
|
||||
rs := regexp.MustCompile(ecrPattern).FindStringSubmatch(url)
|
||||
if rs == nil {
|
||||
return "", errors.New("bad aws url")
|
||||
return "", "", errors.New("bad aws url")
|
||||
}
|
||||
return rs[1], nil
|
||||
return rs[1], rs[2], nil
|
||||
}
|
||||
|
||||
func BenchmarkGetRegion(b *testing.B) {
|
||||
func BenchmarkGetAccountRegion(b *testing.B) {
|
||||
for i := 0; i < b.N; i++ {
|
||||
for _, url := range urlForBenchmark {
|
||||
parseRegion(url)
|
||||
parseAccountRegion(url)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -63,7 +63,7 @@ func (a *awsAuthCredential) Modify(req *http.Request) error {
|
||||
return nil
|
||||
}
|
||||
if !a.isTokenValid() {
|
||||
endpoint, user, pass, expiresAt, err := a.getAuthorization()
|
||||
endpoint, user, pass, expiresAt, err := a.getAuthorization(req.URL.String())
|
||||
|
||||
if err != nil {
|
||||
return err
|
||||
@ -121,9 +121,15 @@ func getAwsSvc(region, accessKey, accessSecret string, insecure bool, forceEndpo
|
||||
return svc, nil
|
||||
}
|
||||
|
||||
func (a *awsAuthCredential) getAuthorization() (string, string, string, *time.Time, error) {
|
||||
func (a *awsAuthCredential) getAuthorization(url string) (string, string, string, *time.Time, error) {
|
||||
id, _, err := parseAccountRegion(url)
|
||||
if err != nil {
|
||||
return "", "", "", nil, err
|
||||
}
|
||||
|
||||
regIds := []*string{&id}
|
||||
svc := a.awssvc
|
||||
result, err := svc.GetAuthorizationToken(nil)
|
||||
result, err := svc.GetAuthorizationToken(&awsecrapi.GetAuthorizationTokenInput{RegistryIds: regIds})
|
||||
if err != nil {
|
||||
if aerr, ok := err.(awserr.Error); ok {
|
||||
return "", "", "", nil, fmt.Errorf("%s: %s", aerr.Code(), aerr.Error())
|
||||
|
Loading…
Reference in New Issue
Block a user