-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
support private Aws Ecr helm repositories for chart dependencies #200
base: main
Are you sure you want to change the base?
Changes from all commits
bc005b6
7c58b5f
19a4a26
0be306c
c9f77bf
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
@@ -1,24 +1,84 @@ | ||||||||||||||||||
package argo_client | ||||||||||||||||||
|
||||||||||||||||||
import ( | ||||||||||||||||||
"bytes" | ||||||||||||||||||
"context" | ||||||||||||||||||
"encoding/base64" | ||||||||||||||||||
"fmt" | ||||||||||||||||||
"os" | ||||||||||||||||||
"os/exec" | ||||||||||||||||||
"strconv" | ||||||||||||||||||
"strings" | ||||||||||||||||||
"time" | ||||||||||||||||||
|
||||||||||||||||||
"github.com/argoproj/argo-cd/v2/pkg/apiclient/cluster" | ||||||||||||||||||
"github.com/argoproj/argo-cd/v2/pkg/apiclient/settings" | ||||||||||||||||||
argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" | ||||||||||||||||||
repoapiclient "github.com/argoproj/argo-cd/v2/reposerver/apiclient" | ||||||||||||||||||
"github.com/argoproj/argo-cd/v2/reposerver/repository" | ||||||||||||||||||
|
||||||||||||||||||
"github.com/argoproj/argo-cd/v2/util/git" | ||||||||||||||||||
"github.com/ghodss/yaml" | ||||||||||||||||||
"github.com/pkg/errors" | ||||||||||||||||||
"github.com/rs/zerolog/log" | ||||||||||||||||||
"k8s.io/apimachinery/pkg/api/resource" | ||||||||||||||||||
|
||||||||||||||||||
"github.com/zapier/kubechecks/telemetry" | ||||||||||||||||||
|
||||||||||||||||||
"github.com/aws/aws-sdk-go-v2/config" | ||||||||||||||||||
"github.com/aws/aws-sdk-go-v2/service/ecr" | ||||||||||||||||||
) | ||||||||||||||||||
|
||||||||||||||||||
// Retrieve token for authentication against ECR registries. | ||||||||||||||||||
func getToken(aws_ecr_host string) (string, error) { | ||||||||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. more nitpicking:
Suggested change
|
||||||||||||||||||
os.Setenv("AWS_SDK_LOAD_CONFIG", "1") | ||||||||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't think we want to set this here, we'd rather allow the user to set this when running the application |
||||||||||||||||||
var region = strings.SplitN(string(aws_ecr_host), ".", 6) | ||||||||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||||||||||||||
cfg, err := config.LoadDefaultConfig(context.TODO(), config.WithRegion(region[3])) | ||||||||||||||||||
if err != nil { | ||||||||||||||||||
return "", err | ||||||||||||||||||
} | ||||||||||||||||||
|
||||||||||||||||||
svc := ecr.NewFromConfig(cfg) | ||||||||||||||||||
token, err := svc.GetAuthorizationToken(context.TODO(), &ecr.GetAuthorizationTokenInput{}) | ||||||||||||||||||
if err != nil { | ||||||||||||||||||
return "", err | ||||||||||||||||||
} | ||||||||||||||||||
|
||||||||||||||||||
authData := token.AuthorizationData[0].AuthorizationToken | ||||||||||||||||||
data, err := base64.StdEncoding.DecodeString(*authData) | ||||||||||||||||||
if err != nil { | ||||||||||||||||||
return "", err | ||||||||||||||||||
} | ||||||||||||||||||
|
||||||||||||||||||
parts := strings.SplitN(string(data), ":", 2) | ||||||||||||||||||
|
||||||||||||||||||
return parts[1], nil | ||||||||||||||||||
} | ||||||||||||||||||
|
||||||||||||||||||
func helmLogin(tempRepoDir string, changedAppFilePath string) error { | ||||||||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. super nitpicky:
Suggested change
|
||||||||||||||||||
|
||||||||||||||||||
var aws_ecr_host = os.Getenv("AWS_ECR_HOST") | ||||||||||||||||||
var currToken = "" | ||||||||||||||||||
if token, err := getToken(aws_ecr_host); err != nil { | ||||||||||||||||||
fmt.Println(err) | ||||||||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. we'll want to return this error, as we won't want to login to the registry if we can't get a token |
||||||||||||||||||
} else { | ||||||||||||||||||
currToken = token | ||||||||||||||||||
} | ||||||||||||||||||
|
||||||||||||||||||
cmd := exec.Command("bash", "-c", "echo "+currToken+" | helm registry login --username AWS --password-stdin "+aws_ecr_host+"; helm dependency build") | ||||||||||||||||||
cmd.Dir = tempRepoDir + "/" + changedAppFilePath | ||||||||||||||||||
var outb, errb bytes.Buffer | ||||||||||||||||||
cmd.Stdout = &outb | ||||||||||||||||||
cmd.Stderr = &errb | ||||||||||||||||||
err := cmd.Run() | ||||||||||||||||||
if err != nil { | ||||||||||||||||||
log.Fatal() | ||||||||||||||||||
} | ||||||||||||||||||
|
||||||||||||||||||
fmt.Println("out:", outb.String(), "err:", errb.String()) | ||||||||||||||||||
return nil | ||||||||||||||||||
} | ||||||||||||||||||
|
||||||||||||||||||
func GetManifestsLocal(ctx context.Context, argoClient *ArgoClient, name, tempRepoDir, changedAppFilePath string, app argoappv1.Application) ([]string, error) { | ||||||||||||||||||
var err error | ||||||||||||||||||
|
||||||||||||||||||
|
@@ -59,6 +119,16 @@ func GetManifestsLocal(ctx context.Context, argoClient *ArgoClient, name, tempRe | |||||||||||||||||
|
||||||||||||||||||
source := app.Spec.GetSource() | ||||||||||||||||||
|
||||||||||||||||||
s := os.Getenv("ECR_LOGIN_ENABLED") | ||||||||||||||||||
ecr_login_enabled, err := strconv.ParseBool(s) | ||||||||||||||||||
if err != nil { | ||||||||||||||||||
log.Fatal() | ||||||||||||||||||
} | ||||||||||||||||||
|
||||||||||||||||||
if ecr_login_enabled { | ||||||||||||||||||
Comment on lines
+122
to
+128
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If you modify the args to include something like
Suggested change
You can pass it into the call to |
||||||||||||||||||
helmLogin(tempRepoDir, changedAppFilePath) | ||||||||||||||||||
} | ||||||||||||||||||
|
||||||||||||||||||
log.Debug().Str("name", name).Msg("generating diff for application...") | ||||||||||||||||||
res, err := repository.GenerateManifests(ctx, fmt.Sprintf("%s/%s", tempRepoDir, changedAppFilePath), tempRepoDir, source.TargetRevision, &repoapiclient.ManifestRequest{ | ||||||||||||||||||
Repo: &argoappv1.Repository{Repo: source.RepoURL}, | ||||||||||||||||||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need this, or is it enough to have
KUBECHECKS_AWS_ECR_HOST
be set to a non-empty string?