Merge pull request #114 from Flydiverny/fix-ec2-instance-credentials
fix(ecr): use ec2 instance credentials when no credentials are provided
This commit is contained in:
commit
b776a64ec0
|
@ -1,4 +1,5 @@
|
||||||
import {loginStandard, logout} from '../src/docker';
|
import {loginECR, loginStandard, logout} from '../src/docker';
|
||||||
|
import * as aws from '../src/aws';
|
||||||
|
|
||||||
import * as path from 'path';
|
import * as path from 'path';
|
||||||
|
|
||||||
|
@ -47,3 +48,78 @@ test('logout calls exec', async () => {
|
||||||
ignoreReturnCode: true
|
ignoreReturnCode: true
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
test('loginECR sets AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY if username and password is set', async () => {
|
||||||
|
const execSpy: jest.SpyInstance = jest.spyOn(aws, 'getDockerLoginCmds');
|
||||||
|
execSpy.mockImplementation(() => Promise.resolve([]));
|
||||||
|
jest.spyOn(aws, 'getCLI').mockImplementation(() => Promise.resolve(''));
|
||||||
|
jest.spyOn(aws, 'getCLIVersion').mockImplementation(() => Promise.resolve(''));
|
||||||
|
jest.spyOn(aws, 'getRegion').mockImplementation(() => '');
|
||||||
|
jest.spyOn(aws, 'getAccountIDs').mockImplementation(() => []);
|
||||||
|
jest.spyOn(aws, 'isPubECR').mockImplementation(() => false);
|
||||||
|
|
||||||
|
const username: string = 'dbowie';
|
||||||
|
const password: string = 'groundcontrol';
|
||||||
|
const registry: string = 'https://ghcr.io';
|
||||||
|
|
||||||
|
await loginECR(registry, username, password);
|
||||||
|
|
||||||
|
expect(process.env.AWS_ACCESS_KEY_ID).toEqual(username);
|
||||||
|
expect(process.env.AWS_SECRET_ACCESS_KEY).toEqual(password);
|
||||||
|
});
|
||||||
|
|
||||||
|
test('loginECR keeps AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY if set', async () => {
|
||||||
|
const execSpy: jest.SpyInstance = jest.spyOn(aws, 'getDockerLoginCmds');
|
||||||
|
execSpy.mockImplementation(() => Promise.resolve([]));
|
||||||
|
jest.spyOn(aws, 'getCLI').mockImplementation(() => Promise.resolve(''));
|
||||||
|
jest.spyOn(aws, 'getCLIVersion').mockImplementation(() => Promise.resolve(''));
|
||||||
|
jest.spyOn(aws, 'getRegion').mockImplementation(() => '');
|
||||||
|
jest.spyOn(aws, 'getAccountIDs').mockImplementation(() => []);
|
||||||
|
jest.spyOn(aws, 'isPubECR').mockImplementation(() => false);
|
||||||
|
|
||||||
|
process.env.AWS_ACCESS_KEY_ID = 'banana';
|
||||||
|
process.env.AWS_SECRET_ACCESS_KEY = 'supersecret';
|
||||||
|
|
||||||
|
await loginECR('ecr.aws', '', '');
|
||||||
|
|
||||||
|
expect(process.env.AWS_ACCESS_KEY_ID).toEqual('banana');
|
||||||
|
expect(process.env.AWS_SECRET_ACCESS_KEY).toEqual('supersecret');
|
||||||
|
});
|
||||||
|
|
||||||
|
test('loginECR overrides AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY if username and password set', async () => {
|
||||||
|
const execSpy: jest.SpyInstance = jest.spyOn(aws, 'getDockerLoginCmds');
|
||||||
|
execSpy.mockImplementation(() => Promise.resolve([]));
|
||||||
|
jest.spyOn(aws, 'getCLI').mockImplementation(() => Promise.resolve(''));
|
||||||
|
jest.spyOn(aws, 'getCLIVersion').mockImplementation(() => Promise.resolve(''));
|
||||||
|
jest.spyOn(aws, 'getRegion').mockImplementation(() => '');
|
||||||
|
jest.spyOn(aws, 'getAccountIDs').mockImplementation(() => []);
|
||||||
|
jest.spyOn(aws, 'isPubECR').mockImplementation(() => false);
|
||||||
|
|
||||||
|
process.env.AWS_ACCESS_KEY_ID = 'banana';
|
||||||
|
process.env.AWS_SECRET_ACCESS_KEY = 'supersecret';
|
||||||
|
const username = 'myotheruser';
|
||||||
|
const password = 'providedpassword';
|
||||||
|
|
||||||
|
await loginECR('ecr.aws', username, password);
|
||||||
|
|
||||||
|
expect(process.env.AWS_ACCESS_KEY_ID).toEqual(username);
|
||||||
|
expect(process.env.AWS_SECRET_ACCESS_KEY).toEqual(password);
|
||||||
|
});
|
||||||
|
|
||||||
|
test('loginECR does not set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY if not set', async () => {
|
||||||
|
const execSpy: jest.SpyInstance = jest.spyOn(aws, 'getDockerLoginCmds');
|
||||||
|
execSpy.mockImplementation(() => Promise.resolve([]));
|
||||||
|
jest.spyOn(aws, 'getCLI').mockImplementation(() => Promise.resolve(''));
|
||||||
|
jest.spyOn(aws, 'getCLIVersion').mockImplementation(() => Promise.resolve(''));
|
||||||
|
jest.spyOn(aws, 'getRegion').mockImplementation(() => '');
|
||||||
|
jest.spyOn(aws, 'getAccountIDs').mockImplementation(() => []);
|
||||||
|
jest.spyOn(aws, 'isPubECR').mockImplementation(() => false);
|
||||||
|
|
||||||
|
delete process.env.AWS_ACCESS_KEY_ID;
|
||||||
|
delete process.env.AWS_SECRET_ACCESS_KEY;
|
||||||
|
|
||||||
|
await loginECR('ecr.aws', '', '');
|
||||||
|
|
||||||
|
expect('AWS_ACCESS_KEY_ID' in process.env).toEqual(false);
|
||||||
|
expect('AWS_SECRET_ACCESS_KEY' in process.env).toEqual(false);
|
||||||
|
});
|
||||||
|
|
8
dist/index.js
generated
vendored
8
dist/index.js
generated
vendored
|
@ -262,8 +262,12 @@ function loginECR(registry, username, password) {
|
||||||
else {
|
else {
|
||||||
core.info(`AWS ECR detected with ${region} region`);
|
core.info(`AWS ECR detected with ${region} region`);
|
||||||
}
|
}
|
||||||
process.env.AWS_ACCESS_KEY_ID = username || process.env.AWS_ACCESS_KEY_ID;
|
if (username) {
|
||||||
process.env.AWS_SECRET_ACCESS_KEY = password || process.env.AWS_SECRET_ACCESS_KEY;
|
process.env.AWS_ACCESS_KEY_ID = username;
|
||||||
|
}
|
||||||
|
if (password) {
|
||||||
|
process.env.AWS_SECRET_ACCESS_KEY = password;
|
||||||
|
}
|
||||||
core.info(`Retrieving docker login command through AWS CLI ${cliVersion} (${cliPath})...`);
|
core.info(`Retrieving docker login command through AWS CLI ${cliVersion} (${cliPath})...`);
|
||||||
const loginCmds = yield aws.getDockerLoginCmds(cliVersion, registry, region, accountIDs);
|
const loginCmds = yield aws.getDockerLoginCmds(cliVersion, registry, region, accountIDs);
|
||||||
core.info(`Logging into ${registry}...`);
|
core.info(`Logging into ${registry}...`);
|
||||||
|
|
|
@ -62,8 +62,12 @@ export async function loginECR(registry: string, username: string, password: str
|
||||||
core.info(`AWS ECR detected with ${region} region`);
|
core.info(`AWS ECR detected with ${region} region`);
|
||||||
}
|
}
|
||||||
|
|
||||||
process.env.AWS_ACCESS_KEY_ID = username || process.env.AWS_ACCESS_KEY_ID;
|
if (username) {
|
||||||
process.env.AWS_SECRET_ACCESS_KEY = password || process.env.AWS_SECRET_ACCESS_KEY;
|
process.env.AWS_ACCESS_KEY_ID = username;
|
||||||
|
}
|
||||||
|
if (password) {
|
||||||
|
process.env.AWS_SECRET_ACCESS_KEY = password;
|
||||||
|
}
|
||||||
|
|
||||||
core.info(`Retrieving docker login command through AWS CLI ${cliVersion} (${cliPath})...`);
|
core.info(`Retrieving docker login command through AWS CLI ${cliVersion} (${cliPath})...`);
|
||||||
const loginCmds = await aws.getDockerLoginCmds(cliVersion, registry, region, accountIDs);
|
const loginCmds = await aws.getDockerLoginCmds(cliVersion, registry, region, accountIDs);
|
||||||
|
|
Loading…
Reference in New Issue
Block a user