mirror of
https://github.com/Quiq/docker-registry-ui.git
synced 2025-07-17 15:51:27 +00:00
Added AWS ECR self authentication to client
This commit is contained in:
Daniel Olsson
parent
ee38e35ba6
commit
422847a8de
@ -14,9 +14,12 @@ verify_tls: true
|
||||
# will be used to obtain access tokens.
|
||||
# When the registry_password_file entry is used, the password can be passed as a docker secret
|
||||
# and read from file. This overides the registry_password entry.
|
||||
# When aws_region and aws_registry_id is used, it overrides the registry_username and registry_password entries.
|
||||
registry_username: user
|
||||
registry_password: pass
|
||||
# registry_password_file: /run/secrets/registry_password_file
|
||||
#aws_region: us-east-1
|
||||
#aws_registry_id: 123456789123
|
||||
|
||||
# Event listener token.
|
||||
# The same one should be configured on Docker registry as Authorization Bearer token.
|
||||
|
||||
1
go.mod
1
go.mod
@ -3,6 +3,7 @@ module github.com/quiq/docker-registry-ui
|
||||
require (
|
||||
github.com/CloudyKit/fastprinter v0.0.0-20170127035650-74b38d55f37a // indirect
|
||||
github.com/CloudyKit/jet v2.1.2+incompatible
|
||||
github.com/aws/aws-sdk-go v1.25.9
|
||||
github.com/dgrijalva/jwt-go v3.2.0+incompatible // indirect
|
||||
github.com/elazarl/goproxy v0.0.0-20181111060418-2ce16c963a8a // indirect
|
||||
github.com/go-sql-driver/mysql v1.4.1
|
||||
|
||||
4
go.sum
4
go.sum
@ -2,6 +2,8 @@ github.com/CloudyKit/fastprinter v0.0.0-20170127035650-74b38d55f37a h1:3SgJcK9l5
|
||||
github.com/CloudyKit/fastprinter v0.0.0-20170127035650-74b38d55f37a/go.mod h1:EFZQ978U7x8IRnstaskI3IysnWY5Ao3QgZUKOXlsAdw=
|
||||
github.com/CloudyKit/jet v2.1.2+incompatible h1:ybZoYzMBdoijK6I+Ke3vg9GZsmlKo/ZhKdNMWz0P26c=
|
||||
github.com/CloudyKit/jet v2.1.2+incompatible/go.mod h1:HPYO+50pSWkPoj9Q/eq0aRGByCL6ScRlUmiEX5Zgm+w=
|
||||
github.com/aws/aws-sdk-go v1.25.9 h1:WtVzerf5wSgPwlTTwl+ktCq/0GCS5MI9ZlLIcjsTr+Q=
|
||||
github.com/aws/aws-sdk-go v1.25.9/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
|
||||
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
|
||||
@ -20,6 +22,8 @@ github.com/hhkbp2/go-strftime v0.0.0-20150709091403-d82166ec6782 h1:Evl9i7wBY3bj
|
||||
github.com/hhkbp2/go-strftime v0.0.0-20150709091403-d82166ec6782/go.mod h1:x8/IOQ5qQ4DKfiTmD9wBhQ40edg5wh7gMRwdLg07mMw=
|
||||
github.com/hhkbp2/testify v0.0.0-20150512090439-112845ebc045 h1:MmQwR3zANTXzs2yZexVBDY6qcH2vJXOl/2dZFkWVM7w=
|
||||
github.com/hhkbp2/testify v0.0.0-20150512090439-112845ebc045/go.mod h1:8DUHF4igllRoOCbQKJsylsDqROcRtPTdb+SQUfjCYLo=
|
||||
github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM=
|
||||
github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
|
||||
github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
|
||||
github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
|
||||
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
|
||||
|
||||
36
main.go
36
main.go
@ -17,6 +17,12 @@ import (
|
||||
"github.com/robfig/cron"
|
||||
"github.com/tidwall/gjson"
|
||||
"gopkg.in/yaml.v2"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/aws/session"
|
||||
"github.com/aws/aws-sdk-go/service/ecr"
|
||||
|
||||
"encoding/base64"
|
||||
)
|
||||
|
||||
type configData struct {
|
||||
@ -39,6 +45,8 @@ type configData struct {
|
||||
PurgeTagsKeepDays int `yaml:"purge_tags_keep_days"`
|
||||
PurgeTagsKeepCount int `yaml:"purge_tags_keep_count"`
|
||||
PurgeTagsSchedule string `yaml:"purge_tags_schedule"`
|
||||
AWSRegion string `yaml:"aws_region"`
|
||||
AWSRegistryID string `yaml:"aws_registry_id"`
|
||||
}
|
||||
|
||||
type template struct {
|
||||
@ -99,6 +107,34 @@ func main() {
|
||||
}
|
||||
a.config.Password = strings.TrimSuffix(string(passwordBytes[:]), "\n")
|
||||
}
|
||||
// Get authorization token for AWS ECR.
|
||||
if a.config.AWSRegion != "" {
|
||||
sess, err := session.NewSession(&aws.Config{
|
||||
Region: aws.String(a.config.AWSRegion),
|
||||
})
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
// Get authorization token
|
||||
input := &ecr.GetAuthorizationTokenInput{
|
||||
RegistryIds: []*string{
|
||||
aws.String(a.config.AWSRegistryID),
|
||||
},
|
||||
}
|
||||
svc := ecr.New(sess)
|
||||
authTokenOutput, err := svc.GetAuthorizationToken(input)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
authToken := *authTokenOutput.AuthorizationData[0].AuthorizationToken
|
||||
decodedToken, err := base64.StdEncoding.DecodeString(authToken)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
// Override username and password with the ones found in token
|
||||
a.config.Username = strings.Split(string(decodedToken), ":")[0]
|
||||
a.config.Password = strings.Split(string(decodedToken), ":")[1]
|
||||
}
|
||||
|
||||
// Init registry API client.
|
||||
a.client = registry.NewClient(a.config.RegistryURL, a.config.VerifyTLS, a.config.Username, a.config.Password)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user