From dd1585ecd198c983818a6850e812e5656dfed2c1 Mon Sep 17 00:00:00 2001 From: Raid Sulaiman Date: Fri, 12 Nov 2021 11:54:44 +0000 Subject: [PATCH] enable logging in to ecr repos in multiple accounts --- action.yml | 4 ++-- build/index.js | 17 ++++++++++------- build/index.js.map | 2 +- src/index.ts | 28 +++++++++++++++++----------- 4 files changed, 30 insertions(+), 21 deletions(-) diff --git a/action.yml b/action.yml index aec50b2..eafbbdc 100644 --- a/action.yml +++ b/action.yml @@ -15,8 +15,8 @@ inputs: required: true aws_iam_role_name: description: "Used to set up another local AWS profile for assuming another IAM role; required for cross-account k8s auth." - ecr_aws_account_id: - description: "If logging in to ECR, which AWS account ID the ECR repo is in." + ecr_aws_account_ids: + description: "A list of comma-separated AWS account IDs with which to perform docker login commands for ECR." runs: using: "node12" main: "build/index.js" diff --git a/build/index.js b/build/index.js index 5c339b1..26c857d 100644 --- a/build/index.js +++ b/build/index.js @@ -47,11 +47,13 @@ const setAWSAssumeRoleProfile = (awsIamRoleName, awsAccountId) => { fs.appendFileSync(confPath, profile); console.log("AWS assume role profile added to ~/.aws/config"); }; -const dockerECRLogin = (ecrAwsAccountId, awsIamRoleName) => { +const dockerECRLogin = (ecrAwsAccountIdsArray, awsIamRoleName) => { const awsProfile = awsIamRoleName || "default"; - const loginPassword = shell(`aws ecr get-login-password --profile ${awsProfile}`).trim(); - const loginResult = shell(`docker login -u AWS -p ${loginPassword} https://${ecrAwsAccountId}.dkr.ecr.eu-west-1.amazonaws.com`); - console.log(loginResult); + ecrAwsAccountIdsArray.forEach((ecrAwsAccountId) => { + const loginPassword = shell(`aws ecr get-login-password --profile ${awsProfile}`).trim(); + const loginResult = shell(`docker login -u AWS -p ${loginPassword} https://${ecrAwsAccountId}.dkr.ecr.eu-west-1.amazonaws.com`); + console.log(loginResult); + }); }; const setKubernetesConfig = (awsAccountId, encodedKubeConfig, cluster) => { const kubeConfig = Buffer.from(encodedKubeConfig, "base64").toString(); @@ -64,7 +66,7 @@ const setKubernetesConfig = (awsAccountId, encodedKubeConfig, cluster) => { console.log("Kubernetes config written to ~/.kube/config"); }; const main = () => { - const { INPUT_AWS_ACCOUNT_ID: awsAccountId, INPUT_ECR_AWS_ACCOUNT_ID: ecrAwsAccountId, INPUT_AWS_ACCESS_KEY_ID: awsAccessKeyId, INPUT_AWS_SECRET_ACCESS_KEY: awsSecretAccessKey, INPUT_CLUSTER: cluster, INPUT_KUBE_CONFIG: encodedKubeConfig, INPUT_AWS_IAM_ROLE_NAME: awsIamRoleName, } = process.env; + const { INPUT_AWS_ACCOUNT_ID: awsAccountId, INPUT_ECR_AWS_ACCOUNT_IDS: ecrAwsAccountIds, INPUT_AWS_ACCESS_KEY_ID: awsAccessKeyId, INPUT_AWS_SECRET_ACCESS_KEY: awsSecretAccessKey, INPUT_CLUSTER: cluster, INPUT_KUBE_CONFIG: encodedKubeConfig, INPUT_AWS_IAM_ROLE_NAME: awsIamRoleName, } = process.env; if (!awsAccountId) { throw "aws-account-id must be set."; } @@ -84,8 +86,9 @@ const main = () => { if (awsIamRoleName) { setAWSAssumeRoleProfile(awsIamRoleName, awsAccountId); } - if (ecrAwsAccountId) { - dockerECRLogin(ecrAwsAccountId, awsIamRoleName); + if (ecrAwsAccountIds) { + const ecrAwsAccountIdsArray = ecrAwsAccountIds.split(","); + dockerECRLogin(ecrAwsAccountIdsArray, awsIamRoleName); } setKubernetesConfig(awsAccountId, encodedKubeConfig, cluster); }; diff --git a/build/index.js.map b/build/index.js.map index caf1779..d58f055 100644 --- a/build/index.js.map +++ b/build/index.js.map @@ -1 +1 @@ -{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;AAAA,iDAAwC;AACxC,yBAAwB;AACxB,yBAAwB;AACxB,6BAA4B;AAE5B,MAAM,KAAK,GAAG,CAAC,GAAW,EAAU,EAAE;IACpC,IAAI;QACF,MAAM,MAAM,GAAG,wBAAQ,CAAC,GAAG,CAAC,CAAA;QAC5B,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAA;KACzB;IAAC,OAAO,IAAI,EAAE;QACb,gDAAgD;QAChD,MAAM,kCAAkC,CAAA;KACzC;AACH,CAAC,CAAA;AAED,MAAM,iBAAiB,GAAG,CACxB,cAAsB,EACtB,kBAA0B,EAC1B,EAAE;IACF,MAAM,KAAK,GAAG;;sBAEM,cAAc;0BACV,kBAAkB;GACzC,CAAA;IACD,MAAM,IAAI,GAAG;;;GAGZ,CAAA;IAED,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,EAAE,CAAA;IAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAA;IAClD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAA;IAE7C,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;IACrB,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAA;IACjC,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;IAChC,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAA;AAC9D,CAAC,CAAA;AAED,MAAM,uBAAuB,GAAG,CAC9B,cAAsB,EACtB,YAAoB,EACpB,EAAE;IACF,MAAM,OAAO,GAAG;;aAEL,cAAc;;;0BAGD,YAAY,SAAS,cAAc;GAC1D,CAAA;IAED,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,EAAE,CAAA;IAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAA;IAE7C,EAAE,CAAC,cAAc,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;IACpC,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAA;AAC/D,CAAC,CAAA;AAED,MAAM,cAAc,GAAG,CAAC,eAAuB,EAAE,cAAuB,EAAE,EAAE;IAC1E,MAAM,UAAU,GAAG,cAAc,IAAI,SAAS,CAAA;IAC9C,MAAM,aAAa,GAAG,KAAK,CACzB,wCAAwC,UAAU,EAAE,CACrD,CAAC,IAAI,EAAE,CAAA;IACR,MAAM,WAAW,GAAG,KAAK,CACvB,0BAA0B,aAAa,YAAY,eAAe,kCAAkC,CACrG,CAAA;IACD,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;AAC1B,CAAC,CAAA;AAED,MAAM,mBAAmB,GAAG,CAC1B,YAAoB,EACpB,iBAAyB,EACzB,OAAe,EACf,EAAE;IACF,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAA;IACtE,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,EAAE,CAAA;IAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;IAC5C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;IAEhD,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAA;IACtB,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,UAAU,CAAC,CAAA;IACxC,KAAK,CACH,oDAAoD,YAAY,YAAY,OAAO,EAAE,CACtF,CAAA;IACD,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAA;AAC5D,CAAC,CAAA;AAED,MAAM,IAAI,GAAG,GAAG,EAAE;IAChB,MAAM,EACJ,oBAAoB,EAAE,YAAY,EAClC,wBAAwB,EAAE,eAAe,EACzC,uBAAuB,EAAE,cAAc,EACvC,2BAA2B,EAAE,kBAAkB,EAC/C,aAAa,EAAE,OAAO,EACtB,iBAAiB,EAAE,iBAAiB,EACpC,uBAAuB,EAAE,cAAc,GACxC,GAAG,OAAO,CAAC,GAAG,CAAA;IAEf,IAAI,CAAC,YAAY,EAAE;QACjB,MAAM,6BAA6B,CAAA;KACpC;IACD,IAAI,CAAC,cAAc,EAAE;QACnB,MAAM,gCAAgC,CAAA;KACvC;IACD,IAAI,CAAC,kBAAkB,EAAE;QACvB,MAAM,oCAAoC,CAAA;KAC3C;IACD,IAAI,CAAC,iBAAiB,EAAE;QACtB,MAAM,0BAA0B,CAAA;KACjC;IACD,IAAI,CAAC,OAAO,EAAE;QACZ,MAAM,sBAAsB,CAAA;KAC7B;IAED,iBAAiB,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAA;IACrD,IAAI,cAAc,EAAE;QAClB,uBAAuB,CAAC,cAAc,EAAE,YAAY,CAAC,CAAA;KACtD;IACD,IAAI,eAAe,EAAE;QACnB,cAAc,CAAC,eAAe,EAAE,cAAc,CAAC,CAAA;KAChD;IACD,mBAAmB,CAAC,YAAY,EAAE,iBAAiB,EAAE,OAAO,CAAC,CAAA;AAC/D,CAAC,CAAA;AAED,IAAI,EAAE,CAAA"} \ No newline at end of file +{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;AAAA,iDAAwC;AACxC,yBAAwB;AACxB,yBAAwB;AACxB,6BAA4B;AAE5B,MAAM,KAAK,GAAG,CAAC,GAAW,EAAU,EAAE;IACpC,IAAI;QACF,MAAM,MAAM,GAAG,wBAAQ,CAAC,GAAG,CAAC,CAAA;QAC5B,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAA;KACzB;IAAC,OAAO,IAAI,EAAE;QACb,gDAAgD;QAChD,MAAM,kCAAkC,CAAA;KACzC;AACH,CAAC,CAAA;AAED,MAAM,iBAAiB,GAAG,CACxB,cAAsB,EACtB,kBAA0B,EAC1B,EAAE;IACF,MAAM,KAAK,GAAG;;sBAEM,cAAc;0BACV,kBAAkB;GACzC,CAAA;IACD,MAAM,IAAI,GAAG;;;GAGZ,CAAA;IAED,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,EAAE,CAAA;IAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAA;IAClD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAA;IAE7C,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;IACrB,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAA;IACjC,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;IAChC,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAA;AAC9D,CAAC,CAAA;AAED,MAAM,uBAAuB,GAAG,CAC9B,cAAsB,EACtB,YAAoB,EACpB,EAAE;IACF,MAAM,OAAO,GAAG;;aAEL,cAAc;;;0BAGD,YAAY,SAAS,cAAc;GAC1D,CAAA;IAED,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,EAAE,CAAA;IAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAA;IAE7C,EAAE,CAAC,cAAc,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;IACpC,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAA;AAC/D,CAAC,CAAA;AAED,MAAM,cAAc,GAAG,CACrB,qBAA+B,EAC/B,cAAuB,EACvB,EAAE;IACF,MAAM,UAAU,GAAG,cAAc,IAAI,SAAS,CAAA;IAC9C,qBAAqB,CAAC,OAAO,CAAC,CAAC,eAAe,EAAE,EAAE;QAChD,MAAM,aAAa,GAAG,KAAK,CACzB,wCAAwC,UAAU,EAAE,CACrD,CAAC,IAAI,EAAE,CAAA;QACR,MAAM,WAAW,GAAG,KAAK,CACvB,0BAA0B,aAAa,YAAY,eAAe,kCAAkC,CACrG,CAAA;QACD,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;IAC1B,CAAC,CAAC,CAAA;AACJ,CAAC,CAAA;AAED,MAAM,mBAAmB,GAAG,CAC1B,YAAoB,EACpB,iBAAyB,EACzB,OAAe,EACf,EAAE;IACF,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAA;IACtE,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,EAAE,CAAA;IAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;IAC5C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;IAEhD,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAA;IACtB,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,UAAU,CAAC,CAAA;IACxC,KAAK,CACH,oDAAoD,YAAY,YAAY,OAAO,EAAE,CACtF,CAAA;IACD,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAA;AAC5D,CAAC,CAAA;AAED,MAAM,IAAI,GAAG,GAAG,EAAE;IAChB,MAAM,EACJ,oBAAoB,EAAE,YAAY,EAClC,yBAAyB,EAAE,gBAAgB,EAC3C,uBAAuB,EAAE,cAAc,EACvC,2BAA2B,EAAE,kBAAkB,EAC/C,aAAa,EAAE,OAAO,EACtB,iBAAiB,EAAE,iBAAiB,EACpC,uBAAuB,EAAE,cAAc,GACxC,GAAG,OAAO,CAAC,GAAG,CAAA;IAEf,IAAI,CAAC,YAAY,EAAE;QACjB,MAAM,6BAA6B,CAAA;KACpC;IACD,IAAI,CAAC,cAAc,EAAE;QACnB,MAAM,gCAAgC,CAAA;KACvC;IACD,IAAI,CAAC,kBAAkB,EAAE;QACvB,MAAM,oCAAoC,CAAA;KAC3C;IACD,IAAI,CAAC,iBAAiB,EAAE;QACtB,MAAM,0BAA0B,CAAA;KACjC;IACD,IAAI,CAAC,OAAO,EAAE;QACZ,MAAM,sBAAsB,CAAA;KAC7B;IAED,iBAAiB,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAA;IACrD,IAAI,cAAc,EAAE;QAClB,uBAAuB,CAAC,cAAc,EAAE,YAAY,CAAC,CAAA;KACtD;IACD,IAAI,gBAAgB,EAAE;QACpB,MAAM,qBAAqB,GAAG,gBAAgB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACzD,cAAc,CAAC,qBAAqB,EAAE,cAAc,CAAC,CAAA;KACtD;IACD,mBAAmB,CAAC,YAAY,EAAE,iBAAiB,EAAE,OAAO,CAAC,CAAA;AAC/D,CAAC,CAAA;AAED,IAAI,EAAE,CAAA"} \ No newline at end of file diff --git a/src/index.ts b/src/index.ts index 66afd1d..5094e5b 100644 --- a/src/index.ts +++ b/src/index.ts @@ -58,15 +58,20 @@ const setAWSAssumeRoleProfile = ( console.log("AWS assume role profile added to ~/.aws/config") } -const dockerECRLogin = (ecrAwsAccountId: string, awsIamRoleName?: string) => { +const dockerECRLogin = ( + ecrAwsAccountIdsArray: string[], + awsIamRoleName?: string +) => { const awsProfile = awsIamRoleName || "default" - const loginPassword = shell( - `aws ecr get-login-password --profile ${awsProfile}` - ).trim() - const loginResult = shell( - `docker login -u AWS -p ${loginPassword} https://${ecrAwsAccountId}.dkr.ecr.eu-west-1.amazonaws.com` - ) - console.log(loginResult) + ecrAwsAccountIdsArray.forEach((ecrAwsAccountId) => { + const loginPassword = shell( + `aws ecr get-login-password --profile ${awsProfile}` + ).trim() + const loginResult = shell( + `docker login -u AWS -p ${loginPassword} https://${ecrAwsAccountId}.dkr.ecr.eu-west-1.amazonaws.com` + ) + console.log(loginResult) + }) } const setKubernetesConfig = ( @@ -90,7 +95,7 @@ const setKubernetesConfig = ( const main = () => { const { INPUT_AWS_ACCOUNT_ID: awsAccountId, - INPUT_ECR_AWS_ACCOUNT_ID: ecrAwsAccountId, + INPUT_ECR_AWS_ACCOUNT_IDS: ecrAwsAccountIds, INPUT_AWS_ACCESS_KEY_ID: awsAccessKeyId, INPUT_AWS_SECRET_ACCESS_KEY: awsSecretAccessKey, INPUT_CLUSTER: cluster, @@ -118,8 +123,9 @@ const main = () => { if (awsIamRoleName) { setAWSAssumeRoleProfile(awsIamRoleName, awsAccountId) } - if (ecrAwsAccountId) { - dockerECRLogin(ecrAwsAccountId, awsIamRoleName) + if (ecrAwsAccountIds) { + const ecrAwsAccountIdsArray = ecrAwsAccountIds.split(",") + dockerECRLogin(ecrAwsAccountIdsArray, awsIamRoleName) } setKubernetesConfig(awsAccountId, encodedKubeConfig, cluster) }