feat(ENV): allow the default registry when no match

While not "officially" supported, it is possible to alias an ECR registry with DNS (eg ecr.example.io). This change adds support for the AWS_ECR_USE_DEFAULT_REGISTRY environment variable which, when set to a non-empty value, will force this tool to use the default registry when authenticating.
awslabs · Mar 25, 2024 · 7fabfc3 · 7fabfc3
1 parent 1fd604a
commit 7fabfc3
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -137,7 +137,7 @@ Docker to work with the helper.
 To build and install the Amazon ECR Docker Credential Helper, we suggest Go
 1.19 or later, `git` and `make` installed on your system.
 
-If you just installed Go, make sure you also have added it to your PATH or 
+If you just installed Go, make sure you also have added it to your PATH or
 Environment Vars (Windows). For example:
 
 ```
@@ -190,7 +190,7 @@ contents of your `~/.docker/config.json` file to be:
 This configures the Docker daemon to use the credential helper for all Amazon
 ECR registries.
 
-The Amazon ECR Docker Credential Helper can be used alongside your existing docker login authentication tokens: 
+The Amazon ECR Docker Credential Helper can be used alongside your existing docker login authentication tokens:
 
 ```json
 {
@@ -234,7 +234,7 @@ include:
 * An [IAM role for Amazon EC2](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html)
 
 To use credentials associated with a different named profile in the shared credentials file (`~/.aws/credentials`), you
-may set the `AWS_PROFILE` environment variable. 
+may set the `AWS_PROFILE` environment variable.
 
 The Amazon ECR Docker Credential Helper reads and supports some configuration options specified in the AWS
 shared configuration file (`~/.aws/config`).  To disable these options, you must set the `AWS_SDK_LOAD_CONFIG` environment
@@ -257,12 +257,13 @@ in the *AWS Command Line Interface User Guide*.
 The credentials must have a policy applied that
 [allows access to Amazon ECR](http://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr_managed_policies.html).
 
-### Amazon ECR Docker Credential Helper 
+### Amazon ECR Docker Credential Helper
 
-| Environment Variable  | Sample Value  | Description                                                        |
-| --------------------- | ------------- | ------------------------------------------------------------------ |
-| AWS_ECR_DISABLE_CACHE | true          | Disables the local file auth cache if set to a non-empty value     |
-| AWS_ECR_CACHE_DIR     | ~/.ecr        | Specifies the local file auth cache directory location             |
+| Environment Variable         | Sample Value  | Description                                                        |
+| ---------------------------- | ------------- | ------------------------------------------------------------------ |
+| AWS_ECR_DISABLE_CACHE        | true          | Disables the local file auth cache if set to a non-empty value     |
+| AWS_ECR_CACHE_DIR            | ~/.ecr        | Specifies the local file auth cache directory location             |
+| AWS_ECR_USE_DEFAULT_REGISTRY | true          | Uses the default registry when the provided one cannot be parsed   |
 
 ## Usage
 

diff --git a/ecr-login/api/client.go b/ecr-login/api/client.go
@@ -18,6 +18,7 @@ import (
 	"encoding/base64"
 	"fmt"
 	"net/url"
+	"os"
 	"regexp"
 	"strings"
 	"time"
@@ -37,7 +38,10 @@ const (
 	ecrPublicEndpoint   = proxyEndpointScheme + ecrPublicName
 )
 
-var ecrPattern = regexp.MustCompile(`^(\d{12})\.dkr\.ecr(\-fips)?\.([a-zA-Z0-9][a-zA-Z0-9-_]*)\.(amazonaws\.com(\.cn)?|sc2s\.sgov\.gov|c2s\.ic\.gov)$`)
+var (
+	ecrPattern            = regexp.MustCompile(`^(\d{12})\.dkr\.ecr(\-fips)?\.([a-zA-Z0-9][a-zA-Z0-9-_]*)\.(amazonaws\.com(\.cn)?|sc2s\.sgov\.gov|c2s\.ic\.gov)$`)
+	ecrUseDefaultRegistry = os.Getenv("AWS_ECR_USE_DEFAULT_REGISTRY")
+)
 
 type Service string
 
@@ -69,7 +73,14 @@ func ExtractRegistry(input string) (*Registry, error) {
 		}, nil
 	}
 	matches := ecrPattern.FindStringSubmatch(serverURL.Hostname())
-	if len(matches) == 0 {
+	if len(matches) == 0 && ecrUseDefaultRegistry != "" {
+		return &Registry{
+			Service: ServiceECR,
+			ID:      "",
+			FIPS:    false,
+			Region:  "",
+		}, nil
+	} else if len(matches) == 0 {
 		return nil, fmt.Errorf(programName + " can only be used with Amazon Elastic Container Registry.")
 	} else if len(matches) < 3 {
 		return nil, fmt.Errorf("%q is not a valid repository URI for Amazon Elastic Container Registry.", input)