-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update ECR parsing regex to include non-public AWS partitions #835
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
16ad2a1
to
5a82673
Compare
Signed-off-by: Noah Gearhart <[email protected]>
5a82673
to
3647c40
Compare
var registryPartRe = regexp.MustCompile(`([0-9+]*).dkr.ecr(?:-fips)?\.([^/.]*)\.(amazonaws\.com[.cn]*)`) | ||
// This regex is sourced from the AWS ECR Credential Helper (https://github.com/awslabs/amazon-ecr-credential-helper). | ||
// It covers both public AWS partitions like amazonaws.com, China partitions like amazonaws.com.cn, and non-public partitions. | ||
var registryPartRe = regexp.MustCompile(`(\d{12})\.dkr\.ecr(\-fips)?\.([a-zA-Z0-9][a-zA-Z0-9-_]*)\.(amazonaws\.com(\.cn)?|sc2s\.sgov\.gov|c2s\.ic\.gov|cloud\.adc-e\.uk|csp\.hci\.ic\.gov)`) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm afraid of completely replacing the previous expression. It was introduced several years ago in https://github.com/fluxcd/image-reflector-controller/pull/174/files#diff-922fcbfbe2565443329918a2b0d49b2b03588007ec6464a20d3feb824f3f80a2R199 and I see some weirdness with it, compared to the new one. I think it would be safer to only append what's needed here, instead of replacing the whole expression, and also needing to change the registryParts
slice index below.
var registryPartRe = regexp.MustCompile(`(\d{12})\.dkr\.ecr(\-fips)?\.([a-zA-Z0-9][a-zA-Z0-9-_]*)\.(amazonaws\.com(\.cn)?|sc2s\.sgov\.gov|c2s\.ic\.gov|cloud\.adc-e\.uk|csp\.hci\.ic\.gov)`) | |
var registryPartRe = regexp.MustCompile(`([0-9+]*).dkr.ecr(?:-fips)?\.([^/.]*)\.(amazonaws\.com[.cn]*|sc2s\.sgov\.gov|c2s\.ic\.gov|cloud\.adc-e\.uk|csp\.hci\.ic\.gov)`) |
{ | ||
registry: ".dkr.ecr.error.amazonaws.com", | ||
wantOK: false, | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This test case is unrelated. Please revert it with its comment as before.
Resolves #832 and references https://github.com/awslabs/amazon-ecr-credential-helper/blob/69e8c24e6fc115fd00d7c363cde156570ce73144/ecr-login/api/client.go#L40.
Public AWS Documentation about hidden partitions (non-amazonaws.com or .com.cn) is limited. Read more about AWS partitions here.