Fetch all credentials from AWS, not just the first result.

nabsul · Apr 17, 2021 · 75268a4 · 75268a4
1 parent e2489f7
commit 75268a4
Show file tree

Hide file tree

Showing 5 changed files with 43 additions and 32 deletions.
diff --git a/changelog.md b/changelog.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## v1.5 (2021-04-03)
+
+- Handle the case of multiple registries in AWS (contributed by [Veraticus](https://github.com/Veraticus) in [pull request 18](https://github.com/nabsul/k8s-ecr-login-renew/pull/18))
+
 ## v1.4 (2021-02-13)
 
 - Update Docker secrets instead of delete+create (suggested by [xavidop](https://github.com/xavidop) in [issue 15](https://github.com/nabsul/k8s-ecr-login-renew/issues/15))

diff --git a/contributors.md b/contributors.md
@@ -1,6 +1,8 @@
 # Contributors
 
-- [nabsul](https://github.com/nabsul): v1.0 - v1.3
+- [nabsul](https://github.com/nabsul): v1.0 - v1.5
 - [kuskoman](https://github.com/kuskoman): v1.3
 - [Q-Nimbus](https://github.com/Q-Nimbus): v1.2
 - [YoSmudge](https://github.com/YoSmudge): v1.1
+- [xavidop](https://github.com/xavidop): v1.4
+- [Veraticus](https://github.com/Veraticus): v1.5
diff --git a/main.go b/main.go
@@ -6,14 +6,12 @@ import (
 	"github.com/nabsul/k8s-ecr-login-renew/src/aws"
 	"github.com/nabsul/k8s-ecr-login-renew/src/k8s"
 	"os"
-	"strings"
 	"time"
 )
 
 const (
 	envVarAwsSecret       = "DOCKER_SECRET_NAME"
 	envVarTargetNamespace = "TARGET_NAMESPACE"
-	envVarRegistries      = "DOCKER_REGISTRIES"
 )
 
 func checkErr(err error) {
@@ -36,15 +34,9 @@ func main() {
 	}
 
 	fmt.Print("Fetching auth data from AWS... ")
-	username, password, server, err := aws.GetUserAndPass()
+	credentials, err := aws.GetUserAndPass()
 	checkErr(err)
-	fmt.Println("Success.")
-
-	servers := []string{server}
-	registries := strings.Split(os.Getenv(envVarRegistries), ",")
-	for _, registry := range registries {
-		servers = append(servers, registry)
-	}
+	fmt.Printf("Successfully fetched %d docker credentials\n", len(credentials))
 
 	namespaces, err := k8s.GetNamespaces(namespaceList)
 	checkErr(err)
@@ -53,7 +45,7 @@ func main() {
 	failed := false
 	for _, ns := range namespaces {
 		fmt.Printf("Updating secret in namespace [%s]... ", ns)
-		err = k8s.UpdatePassword(ns, name, username, password, servers)
+		err = k8s.UpdatePassword(ns, name, credentials)
 		if nil != err {
 			fmt.Printf("failed: %s\n", err)
 			failed = true

diff --git a/src/aws/aws.go b/src/aws/aws.go
@@ -7,20 +7,33 @@ import (
 	"strings"
 )
 
-func GetUserAndPass() (username, password, server string, err error) {
+type EcrCredentials struct {
+	Username, Password, Server string
+}
+
+func GetUserAndPass() ([]EcrCredentials, error) {
 	svc := ecr.New(session.Must(session.NewSession()))
 	token, err := svc.GetAuthorizationToken(&ecr.GetAuthorizationTokenInput{})
 	if nil != err {
-		return "", "", "", err
+		return nil, err
 	}
 
-	auth := token.AuthorizationData[0]
+	result := make([]EcrCredentials, len(token.AuthorizationData))
+	for _, auth := range token.AuthorizationData {
+		decode, err := base64.StdEncoding.DecodeString(*auth.AuthorizationToken)
+		if nil != err {
+			return nil, err
+		}
 
-	decode, err := base64.StdEncoding.DecodeString(*auth.AuthorizationToken)
-	if nil != err {
-		return "", "", "", err
+		parts := strings.Split(string(decode), ":")
+		cred := EcrCredentials{
+			Username: parts[0],
+			Password: parts[1],
+			Server: *auth.ProxyEndpoint,
+		}
+
+		result = append(result, cred)
 	}
 
-	parts := strings.Split(string(decode), ":")
-	return parts[0], parts[1], *auth.ProxyEndpoint, nil
+	return result, nil
 }
diff --git a/src/k8s/kubernetes.go b/src/k8s/kubernetes.go
@@ -3,6 +3,7 @@ package k8s
 import (
 	"encoding/base64"
 	"encoding/json"
+	"github.com/nabsul/k8s-ecr-login-renew/src/aws"
 	"k8s.io/api/core/v1"
 	. "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
@@ -61,17 +62,16 @@ func getSecret(client *kubernetes.Clientset, name, namespace string) (*v1.Secret
 	return secret, nil
 }
 
-func getConfig(username, password string, servers []string) ([]byte, error) {
-	auth := &Auth{
-		Username: username,
-		Password: password,
-		Email:    defaultEmail,
-		Auth:     base64.StdEncoding.EncodeToString([]byte(username + ":" + password)),
-	}
+func getConfig(credentials []aws.EcrCredentials) ([]byte, error) {
+	config := Config{Auths: make(map[string]*Auth, len(credentials))}
 
-	config := Config{Auths: make(map[string]*Auth, len(servers))}
-	for _, server := range servers {
-		config.Auths[server] = auth
+	for _, cred := range credentials {
+		config.Auths[cred.Server] = &Auth{
+			Username: cred.Username,
+			Password: cred.Password,
+			Email:    defaultEmail,
+			Auth:     base64.StdEncoding.EncodeToString([]byte(cred.Username + ":" + cred.Password)),
+		}
 	}
 
 	configJson, err := json.Marshal(config)
@@ -89,7 +89,7 @@ func createSecret(name string) *v1.Secret {
 	return &secret
 }
 
-func UpdatePassword(namespace, name, username, password string, servers []string) error {
+func UpdatePassword(namespace, name string, credentials []aws.EcrCredentials) error {
 	client, err := GetClient()
 	if nil != err {
 		return err
@@ -100,7 +100,7 @@ func UpdatePassword(namespace, name, username, password string, servers []string
 		return err
 	}
 
-	configJson, err := getConfig(username, password, servers)
+	configJson, err := getConfig(credentials)
 	if nil != err {
 		return err
 	}