get ecr token using cli

2024-06-23 01:23:56 -07:00
parent 580dab4acd
commit 4524db94db
4 changed files with 32 additions and 31 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -525,6 +525,7 @@ dependencies = [
 "anyhow",
 "aws-config",
 "aws-sdk-ecr",
+ "run_command",
 "tracing",
 ]

--- a/bin/periphery/src/docker/mod.rs
+++ b/bin/periphery/src/docker/mod.rs
@@ -86,17 +86,15 @@ pub async fn docker_login(
      })?;
      let registry_token = match registry_token {
        Some(token) => token.to_string(),
-        None => {
-          let client = aws_ecr::make_ecr_client(
-            region.clone(),
-            access_key_id,
-            secret_access_key,
-          )
-          .await;
-          aws_ecr::get_ecr_token(&client).await.with_context(
-            || format!("failed to get aws ecr token for {label}"),
-          )?
-        }
+        None => aws_ecr::get_ecr_token(
+          region,
+          access_key_id,
+          secret_access_key,
+        )
+        .await
+        .with_context(|| {
+          format!("failed to get aws ecr token for {label}")
+        })?,
      };
      let log = async_run_command(&format!("docker login {account_id}.dkr.ecr.{region}.amazonaws.com -u AWS -p {registry_token}")).await;
      if log.success() {
--- a/lib/aws_ecr/Cargo.toml
+++ b/lib/aws_ecr/Cargo.toml
@@ -8,6 +8,8 @@ repository.workspace = true
 homepage.workspace = true

 [dependencies]
+run_command.workspace = true
+#
 aws-sdk-ecr.workspace = true
 aws-config.workspace = true
 tracing.workspace = true
--- a/lib/aws_ecr/src/lib.rs
+++ b/lib/aws_ecr/src/lib.rs
@@ -1,6 +1,7 @@
 use anyhow::{anyhow, Context};
 use aws_config::{BehaviorVersion, Region};
 use aws_sdk_ecr::Client as EcrClient;
+use run_command::async_run_command;

 #[tracing::instrument(skip(access_key_id, secret_access_key))]
 pub async fn make_ecr_client(
@@ -18,29 +19,28 @@ pub async fn make_ecr_client(
  EcrClient::new(&config)
 }

-/// Gets a token for the default registry only
-#[tracing::instrument(skip_all)]
+/// Gets a token docker login.
+///
+/// Requires the aws cli be installed on the host
+#[tracing::instrument(skip(access_key_id, secret_access_key))]
 pub async fn get_ecr_token(
-  client: &EcrClient,
+  region: &str,
+  access_key_id: &str,
+  secret_access_key: &str,
 ) -> anyhow::Result<String> {
-  let Some(tokens) = client
-    .get_authorization_token()
-    .send()
-    .await
-    .context("failed to get authorization token")?
-    .authorization_data
-  else {
-    return Err(anyhow!("No authorization data"));
-  };
+  let log = async_run_command(&format!(
+    "AWS_ACCESS_KEY_ID={access_key_id} AWS_SECRET_ACCESS_KEY={secret_access_key} aws ecr get-login-password --region {region}"
+  ))
+  .await;

-  let token = tokens
-    .into_iter()
-    .next()
-    .context("No tokens in response")?
-    .authorization_token
-    .context("no token on authorization token repsonse")?;
-
-  Ok(token)
+  if log.success() {
+    Ok(log.stdout)
+  } else {
+    Err(
+      anyhow!("stdout: {} | stderr: {}", log.stdout, log.stderr)
+        .context("failed to get aws ecr login token"),
+    )
+  }
 }

 #[tracing::instrument(skip(client))]