diff --git a/README.md b/README.md index f9ffba59d..49fc2dbdd 100644 --- a/README.md +++ b/README.md @@ -137,7 +137,7 @@ Docker to work with the helper. To build and install the Amazon ECR Docker Credential Helper, we suggest Go 1.19 or later, `git` and `make` installed on your system. -If you just installed Go, make sure you also have added it to your PATH or +If you just installed Go, make sure you also have added it to your PATH or Environment Vars (Windows). For example: ``` @@ -190,7 +190,7 @@ contents of your `~/.docker/config.json` file to be: This configures the Docker daemon to use the credential helper for all Amazon ECR registries. -The Amazon ECR Docker Credential Helper can be used alongside your existing docker login authentication tokens: +The Amazon ECR Docker Credential Helper can be used alongside your existing docker login authentication tokens: ```json { @@ -234,7 +234,7 @@ include: * An [IAM role for Amazon EC2](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html) To use credentials associated with a different named profile in the shared credentials file (`~/.aws/credentials`), you -may set the `AWS_PROFILE` environment variable. +may set the `AWS_PROFILE` environment variable. The Amazon ECR Docker Credential Helper reads and supports some configuration options specified in the AWS shared configuration file (`~/.aws/config`). To disable these options, you must set the `AWS_SDK_LOAD_CONFIG` environment @@ -257,12 +257,13 @@ in the *AWS Command Line Interface User Guide*. The credentials must have a policy applied that [allows access to Amazon ECR](http://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr_managed_policies.html). -### Amazon ECR Docker Credential Helper +### Amazon ECR Docker Credential Helper -| Environment Variable | Sample Value | Description | -| --------------------- | ------------- | ------------------------------------------------------------------ | -| AWS_ECR_DISABLE_CACHE | true | Disables the local file auth cache if set to a non-empty value | -| AWS_ECR_CACHE_DIR | ~/.ecr | Specifies the local file auth cache directory location | +| Environment Variable | Sample Value | Description | +| ---------------------------- | ------------- | ------------------------------------------------------------------ | +| AWS_ECR_DISABLE_CACHE | true | Disables the local file auth cache if set to a non-empty value | +| AWS_ECR_CACHE_DIR | ~/.ecr | Specifies the local file auth cache directory location | +| AWS_ECR_USE_DEFAULT_REGISTRY | true | Uses the default registry when the provided one cannot be parsed | ## Usage diff --git a/ecr-login/api/client.go b/ecr-login/api/client.go index eb49fc87b..4b6b5044e 100644 --- a/ecr-login/api/client.go +++ b/ecr-login/api/client.go @@ -18,6 +18,7 @@ import ( "encoding/base64" "fmt" "net/url" + "os" "regexp" "strings" "time" @@ -37,7 +38,10 @@ const ( ecrPublicEndpoint = proxyEndpointScheme + ecrPublicName ) -var ecrPattern = regexp.MustCompile(`^(\d{12})\.dkr\.ecr(\-fips)?\.([a-zA-Z0-9][a-zA-Z0-9-_]*)\.(amazonaws\.com(\.cn)?|sc2s\.sgov\.gov|c2s\.ic\.gov)$`) +var ( + ecrPattern = regexp.MustCompile(`^(\d{12})\.dkr\.ecr(\-fips)?\.([a-zA-Z0-9][a-zA-Z0-9-_]*)\.(amazonaws\.com(\.cn)?|sc2s\.sgov\.gov|c2s\.ic\.gov)$`) + ecrUseDefaultRegistry = os.Getenv("AWS_ECR_USE_DEFAULT_REGISTRY") +) type Service string @@ -69,7 +73,14 @@ func ExtractRegistry(input string) (*Registry, error) { }, nil } matches := ecrPattern.FindStringSubmatch(serverURL.Hostname()) - if len(matches) == 0 { + if len(matches) == 0 && ecrUseDefaultRegistry != "" { + return &Registry{ + Service: ServiceECR, + ID: "", + FIPS: false, + Region: "", + }, nil + } else if len(matches) == 0 { return nil, fmt.Errorf(programName + " can only be used with Amazon Elastic Container Registry.") } else if len(matches) < 3 { return nil, fmt.Errorf("%q is not a valid repository URI for Amazon Elastic Container Registry.", input)