From 09968e6c034b914f8edc9330901406f692aeb087 Mon Sep 17 00:00:00 2001 From: Davanum Srinivas Date: Sun, 16 Oct 2022 19:12:26 -0400 Subject: [PATCH] (aws_credentials): update ecr url validation regex Updates the regex for ECR URL validation to support isolated regions and includes additional testcases for these. Signed-off-by: Jyoti Mahapatra Signed-off-by: Davanum Srinivas --- pkg/credentialprovider/aws/aws_credentials.go | 2 +- pkg/credentialprovider/aws/aws_credentials_test.go | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/pkg/credentialprovider/aws/aws_credentials.go b/pkg/credentialprovider/aws/aws_credentials.go index 9537f6b82e8..0641fa787d9 100644 --- a/pkg/credentialprovider/aws/aws_credentials.go +++ b/pkg/credentialprovider/aws/aws_credentials.go @@ -41,7 +41,7 @@ import ( ) var ( - ecrPattern = regexp.MustCompile(`^(\d{12})\.dkr\.ecr(\-fips)?\.([a-zA-Z0-9][a-zA-Z0-9-_]*)\.amazonaws\.com(\.cn)?$`) + ecrPattern = regexp.MustCompile(`^(\d{12})\.dkr\.ecr(\-fips)?\.([a-zA-Z0-9][a-zA-Z0-9-_]*)\.(amazonaws\.com(\.cn)?|sc2s\.sgov\.gov|c2s\.ic\.gov)$`) once sync.Once isEC2 bool ) diff --git a/pkg/credentialprovider/aws/aws_credentials_test.go b/pkg/credentialprovider/aws/aws_credentials_test.go index a299d9ac109..b05e4d35327 100644 --- a/pkg/credentialprovider/aws/aws_credentials_test.go +++ b/pkg/credentialprovider/aws/aws_credentials_test.go @@ -82,6 +82,12 @@ func TestRegistryPatternMatch(t *testing.T) { {"123456789012.dkr.ecr-fips.lala-land-1.amazonaws.com", true}, // .cn {"123456789012.dkr.ecr.lala-land-1.amazonaws.com.cn", true}, + // iso + {"123456789012.dkr.ecr.us-iso-east-1.c2s.ic.gov", true}, + // iso-b + {"123456789012.dkr.ecr.us-isob-east-1.sc2s.sgov.gov", true}, + // invalid gov endpoint + {"123456789012.dkr.ecr.us-iso-east-1.amazonaws.gov", false}, // registry ID too long {"1234567890123.dkr.ecr.lala-land-1.amazonaws.com", false}, // registry ID too short