fix: don't show error when pulling an image that doesn't come from ECR

enix · Oct 31, 2024 · 760d098 · 760d098
1 parent 597a99a
commit 760d098
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 19 deletions.
diff --git a/internal/registry/keychain.go b/internal/registry/keychain.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 
 	ecrLogin "github.com/awslabs/amazon-ecr-credential-helper/ecr-login"
+	"github.com/awslabs/amazon-ecr-credential-helper/ecr-login/api"
 	"github.com/distribution/reference"
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/v1/google"
@@ -52,7 +53,9 @@ func GetKeychains(repositoryName string, pullSecrets []corev1.Secret) ([]authn.K
 		})
 	}
 
-	keychains = append(keychains, authn.NewKeychainFromHelper(ecrLogin.NewECRHelper()))
+	if _, err := api.ExtractRegistry(repositoryName); err == nil {
+		keychains = append(keychains, authn.NewKeychainFromHelper(ecrLogin.NewECRHelper()))
+	}
 	keychains = append(keychains, google.Keychain)
 
 	return keychains, nil

diff --git a/internal/registry/keychain_test.go b/internal/registry/keychain_test.go
@@ -8,8 +8,10 @@ import (
 	"testing"
 
 	ecrLogin "github.com/awslabs/amazon-ecr-credential-helper/ecr-login"
+	"github.com/chrismellard/docker-credential-acr-env/pkg/credhelper"
 	"github.com/docker/cli/cli/config"
 	"github.com/google/go-containerregistry/pkg/authn"
+	"github.com/google/go-containerregistry/pkg/v1/google"
 	. "github.com/onsi/gomega"
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -118,28 +120,22 @@ func TestResolve(t *testing.T) {
 }
 
 func TestGetKeychains(t *testing.T) {
-	ecrHelper := authn.NewKeychainFromHelper(ecrLogin.NewECRHelper())
 	defaultKeychains := []authn.Keychain{
-		ecrHelper,
+		google.Keychain,
+		authn.NewKeychainFromHelper(credhelper.NewACRCredentialsHelper()),
 	}
-	dockerHubKeychains := []authn.Keychain{
-		ecrHelper,
-		&authConfigKeychain{
-			AuthConfig: authn.AuthConfig{
-				Username: "login",
-				Password: "password",
-			},
+	dockerHubKeychains := append(defaultKeychains, &authConfigKeychain{
+		AuthConfig: authn.AuthConfig{
+			Username: "login",
+			Password: "password",
 		},
-	}
-	localKeychains := []authn.Keychain{
-		ecrHelper,
-		&authConfigKeychain{
-			AuthConfig: authn.AuthConfig{
-				Username: "locallogin",
-				Password: "localpassword",
-			},
+	})
+	localKeychains := append(defaultKeychains, &authConfigKeychain{
+		AuthConfig: authn.AuthConfig{
+			Username: "locallogin",
+			Password: "localpassword",
 		},
-	}
+	})
 
 	tests := []struct {
 		name              string
@@ -256,6 +252,18 @@ func TestGetKeychains(t *testing.T) {
 			}
 		})
 	}
+
+	t.Run("Not from Amazon ECR", func(t *testing.T) {
+		keychains, err := GetKeychains("alpine", []corev1.Secret{})
+		g.Expect(err).To(BeNil())
+		g.Expect(keychains).ToNot(ContainElement(authn.NewKeychainFromHelper(ecrLogin.NewECRHelper())))
+	})
+
+	t.Run("From Amazon ECR", func(t *testing.T) {
+		keychains, err := GetKeychains("000000000000.dkr.ecr.eu-west-1.amazonaws.com/some-image", []corev1.Secret{})
+		g.Expect(err).To(BeNil())
+		g.Expect(keychains).To(ContainElement(authn.NewKeychainFromHelper(ecrLogin.NewECRHelper())))
+	})
 }
 
 func TestGetPullSecrets(t *testing.T) {