diff --git a/config.yml b/config.yml index 4e18a8b..8d9cd9f 100644 --- a/config.yml +++ b/config.yml @@ -14,9 +14,12 @@ verify_tls: true # will be used to obtain access tokens. # When the registry_password_file entry is used, the password can be passed as a docker secret # and read from file. This overides the registry_password entry. +# When aws_region and aws_registry_id is used, it overrides the registry_username and registry_password entries. registry_username: user registry_password: pass # registry_password_file: /run/secrets/registry_password_file +#aws_region: us-east-1 +#aws_registry_id: 123456789123 # Event listener token. # The same one should be configured on Docker registry as Authorization Bearer token. diff --git a/go.mod b/go.mod index 28cdd44..14da84a 100644 --- a/go.mod +++ b/go.mod @@ -3,6 +3,7 @@ module github.com/quiq/docker-registry-ui require ( github.com/CloudyKit/fastprinter v0.0.0-20170127035650-74b38d55f37a // indirect github.com/CloudyKit/jet v2.1.2+incompatible + github.com/aws/aws-sdk-go v1.25.9 github.com/dgrijalva/jwt-go v3.2.0+incompatible // indirect github.com/elazarl/goproxy v0.0.0-20181111060418-2ce16c963a8a // indirect github.com/go-sql-driver/mysql v1.4.1 diff --git a/go.sum b/go.sum index 8f9f73a..00edd0d 100644 --- a/go.sum +++ b/go.sum @@ -2,6 +2,8 @@ github.com/CloudyKit/fastprinter v0.0.0-20170127035650-74b38d55f37a h1:3SgJcK9l5 github.com/CloudyKit/fastprinter v0.0.0-20170127035650-74b38d55f37a/go.mod h1:EFZQ978U7x8IRnstaskI3IysnWY5Ao3QgZUKOXlsAdw= github.com/CloudyKit/jet v2.1.2+incompatible h1:ybZoYzMBdoijK6I+Ke3vg9GZsmlKo/ZhKdNMWz0P26c= github.com/CloudyKit/jet v2.1.2+incompatible/go.mod h1:HPYO+50pSWkPoj9Q/eq0aRGByCL6ScRlUmiEX5Zgm+w= +github.com/aws/aws-sdk-go v1.25.9 h1:WtVzerf5wSgPwlTTwl+ktCq/0GCS5MI9ZlLIcjsTr+Q= +github.com/aws/aws-sdk-go v1.25.9/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= @@ -20,6 +22,8 @@ github.com/hhkbp2/go-strftime v0.0.0-20150709091403-d82166ec6782 h1:Evl9i7wBY3bj github.com/hhkbp2/go-strftime v0.0.0-20150709091403-d82166ec6782/go.mod h1:x8/IOQ5qQ4DKfiTmD9wBhQ40edg5wh7gMRwdLg07mMw= github.com/hhkbp2/testify v0.0.0-20150512090439-112845ebc045 h1:MmQwR3zANTXzs2yZexVBDY6qcH2vJXOl/2dZFkWVM7w= github.com/hhkbp2/testify v0.0.0-20150512090439-112845ebc045/go.mod h1:8DUHF4igllRoOCbQKJsylsDqROcRtPTdb+SQUfjCYLo= +github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM= +github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= diff --git a/main.go b/main.go index 9e6e865..356715a 100644 --- a/main.go +++ b/main.go @@ -17,6 +17,12 @@ import ( "github.com/robfig/cron" "github.com/tidwall/gjson" "gopkg.in/yaml.v2" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go/service/ecr" + + "encoding/base64" ) type configData struct { @@ -39,6 +45,8 @@ type configData struct { PurgeTagsKeepDays int `yaml:"purge_tags_keep_days"` PurgeTagsKeepCount int `yaml:"purge_tags_keep_count"` PurgeTagsSchedule string `yaml:"purge_tags_schedule"` + AWSRegion string `yaml:"aws_region"` + AWSRegistryID string `yaml:"aws_registry_id"` } type template struct { @@ -99,6 +107,34 @@ func main() { } a.config.Password = strings.TrimSuffix(string(passwordBytes[:]), "\n") } + // Get authorization token for AWS ECR. + if a.config.AWSRegion != "" { + sess, err := session.NewSession(&aws.Config{ + Region: aws.String(a.config.AWSRegion), + }) + if err != nil { + panic(err) + } + // Get authorization token + input := &ecr.GetAuthorizationTokenInput{ + RegistryIds: []*string{ + aws.String(a.config.AWSRegistryID), + }, + } + svc := ecr.New(sess) + authTokenOutput, err := svc.GetAuthorizationToken(input) + if err != nil { + panic(err) + } + authToken := *authTokenOutput.AuthorizationData[0].AuthorizationToken + decodedToken, err := base64.StdEncoding.DecodeString(authToken) + if err != nil { + panic(err) + } + // Override username and password with the ones found in token + a.config.Username = strings.Split(string(decodedToken), ":")[0] + a.config.Password = strings.Split(string(decodedToken), ":")[1] + } // Init registry API client. a.client = registry.NewClient(a.config.RegistryURL, a.config.VerifyTLS, a.config.Username, a.config.Password)