Add support for V2 of AWS cli authentication of ECR repos. (#143)

* Add support for V2 of AWS cli authentication of ECR repos. * Update comment.
carsdotcom · Feb 27, 2020 · 2d6556f · 2d6556f
1 parent eb1ad49
commit 2d6556f
Show file tree

Hide file tree

Showing 6 changed files with 40 additions and 12 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,7 +3,14 @@ Documenting All Changes to the Skelebot Project
 
 ---
 
+## v1.16.1
+#### Changed
+- **Docker** | Add support for V2 of AWS cli authentication of ECR repos.
+
+---
+
 ## v1.16.0
+#### Merged: 2020-02-10
 #### Changed
 - **Dockerfile Generator** | Swap order of copy and global commands in dockerfile generation.
 

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.16.0
+1.16.1
diff --git a/skelebot/components/registry.py b/skelebot/components/registry.py
@@ -89,7 +89,7 @@ def execute(self, config, args):
 
         # Login to the registry
         if self.aws is not None:
-            docker.loginAWS(self.aws.region, self.aws.profile)
+            docker.loginAWS(self.host, self.aws.region, self.aws.profile)
         else:
             docker.login(self.host)
 

diff --git a/skelebot/systems/execution/docker.py b/skelebot/systems/execution/docker.py
@@ -6,6 +6,7 @@
 from ...systems.generators import dockerignore
 
 AWS_LOGIN_CMD = "$(aws ecr get-login --no-include-email --region {region} --profile {profile})"
+AWS_LOGIN_CMD_V2 = "aws ecr get-login-password | docker login --username AWS --password-stdin {}"
 LOGIN_CMD = "docker login {}"
 BUILD_CMD = "docker build -t {image} ."
 RUN_CMD = "docker run --name {image}-{jobName} --rm {params} {image} /bin/bash -c \"{command}\""
@@ -32,16 +33,24 @@ def login(host=None):
 
     return status
 
-def loginAWS(region=None, profile=None):
+def loginAWS(host=None, region=None, profile=None):
     """Login to AWS with ~/.aws credentials to access an ECR host"""
 
+    host = host if host is not None else ""
     region = region if region is not None else "us-east-1"
     profile = profile if profile is not None else "default"
 
-    loginCMD = AWS_LOGIN_CMD.format(region=region, profile=profile)
+    try:
+        loginCMD = AWS_LOGIN_CMD_V2.format(host)
 
-    print(loginCMD)
-    status = execute(loginCMD, err_msg="Docker Login Failed")
+        print(loginCMD)
+        status = execute(loginCMD, err_msg="Docker Login V2 Failed")
+    # If AWS CLI V2 authentication failed try V1 command...
+    except Exception:
+        loginCMD = AWS_LOGIN_CMD.format(region=region, profile=profile)
+
+        print(loginCMD)
+        status = execute(loginCMD, err_msg="Docker Login V1 Failed")
 
     return status
 

diff --git a/test/test_components_registry.py b/test/test_components_registry.py
@@ -53,7 +53,7 @@ def test_execute_aws(self, mock_docker):
         registry = sb.components.registry.Registry(host="docker.io", port=88, user="skelebot", aws=aws)
         registry.execute(config, args)
 
-        mock_docker.loginAWS.assert_called_with("us-east-1", "dev")
+        mock_docker.loginAWS.assert_called_with("docker.io", "us-east-1", "dev")
         mock_docker.build.assert_called_with(config)
         mock_docker.push.assert_called_with(config, "docker.io", 88, "skelebot", tags=None)
 

diff --git a/test/test_systems_execution_docker.py b/test/test_systems_execution_docker.py
@@ -44,18 +44,30 @@ def test_login_error(self, mock_call):
             sb.systems.execution.docker.login()
 
     @mock.patch('skelebot.systems.execution.docker.call')
-    def test_login_aws(self, mock_call):
+    def test_login_aws_v2(self, mock_call):
         mock_call.return_value = 0
 
-        sb.systems.execution.docker.loginAWS("us-east-1", "dev")
-        mock_call.assert_called_once_with("$(aws ecr get-login --no-include-email --region us-east-1 --profile dev)", shell=True)
+        sb.systems.execution.docker.loginAWS("123.dkr.ecr.us-east-1.amazonaws.com", "us-east-1", "dev")
+        mock_call.assert_called_once_with("aws ecr get-login-password | docker login --username AWS --password-stdin 123.dkr.ecr.us-east-1.amazonaws.com", shell=True)
+
+    @mock.patch('skelebot.systems.execution.docker.call')
+    def test_login_aws_v1(self, mock_call):
+        mock_call.return_value = 1
+
+        with self.assertRaisesRegex(Exception, "Docker Login V1 Failed"):
+            sb.systems.execution.docker.loginAWS(None, "us-east-1", "dev")
+
+        mock_call.return_value = 0
+
+        sb.systems.execution.docker.loginAWS("123.dkr.ecr.us-east-1.amazonaws.com", "us-east-1", "dev")
+        mock_call.assert_any_call("$(aws ecr get-login --no-include-email --region us-east-1 --profile dev)", shell=True)
 
     @mock.patch('skelebot.systems.execution.docker.call')
     def test_login_aws_error(self, mock_call):
         mock_call.return_value = 1
 
-        with self.assertRaisesRegex(Exception, "Docker Login Failed"):
-            sb.systems.execution.docker.loginAWS("us-east-1", "dev")
+        with self.assertRaisesRegex(Exception, r"Docker Login .* Failed"):
+            sb.systems.execution.docker.loginAWS(None, "us-east-1", "dev")
 
     @mock.patch('os.path.expanduser')
     @mock.patch('skelebot.systems.execution.docker.call')