installer: we don't need to check the in-cluster config

Signed-off-by: JenTing Hsiao <[email protected]>
gitpod-io · Dec 12, 2022 · fd1920e · fd1920e
1 parent 4f610a4
commit fd1920e
Show file tree

Hide file tree

Showing 9 changed files with 62 additions and 20 deletions.
diff --git a/install/installer/cmd/testdata/render/aws-setup/config.yaml b/install/installer/cmd/testdata/render/aws-setup/config.yaml
@@ -7,7 +7,7 @@ domain: gitpod.example.com
 containerRegistry:
   inCluster: false
   external:
-    url: 691173103445.dkr.ecr.us-west-1.amazonaws.com
+    url: 012345678969.dkr.ecr.us-west-1.amazonaws.com
     certificate:
       kind: secret
       name: aws-ecr-credential

diff --git a/install/installer/cmd/testdata/render/aws-setup/output.golden b/install/installer/cmd/testdata/render/aws-setup/output.golden
diff --git a/install/installer/pkg/components/registry-credential/common.go b/install/installer/pkg/components/registry-credential/common.go
@@ -8,31 +8,37 @@ import (
 	"regexp"
 	"strings"
 
-	"k8s.io/utils/pointer"
-
 	"github.com/gitpod-io/gitpod/common-go/log"
 	"github.com/gitpod-io/gitpod/installer/pkg/common"
 )
 
-// isAWSRegistry checks the external container registry URL is a private AWS ECR container registry.
-func isAWSRegistry(ctx *common.RenderContext) bool {
-	if pointer.BoolDeref(ctx.Config.ContainerRegistry.InCluster, true) {
-		return false
-	}
+// isAWSURL parses the external container registry URL exists and then
+// checks whether the external container registry URL is a private AWS ECR container registry.
+// Note that, we check if it's a private AWS ECR container registry only.
+// The URL for your default private registry is https://aws_account_id.dkr.ecr.region.amazonaws.com.
+func isAWSURL(ctx *common.RenderContext) bool {
 	if ctx.Config.ContainerRegistry.External == nil {
 		return false
 	}
-	// We support private AWS ECR container registry now.
-	// The URL for your default private registry is https://aws_account_id.dkr.ecr.region.amazonaws.com.
+	return isAWSECRPrivateRegistry(ctx.Config.ContainerRegistry.External.URL)
+}
+
+// isAWSECRPrivateRegistry checks URL is a private AWS ECR container registry.
+// Note that, we check if it's a private AWS ECR container registry only.
+// The URL for your default private registry is https://aws_account_id.dkr.ecr.region.amazonaws.com.
+func isAWSECRPrivateRegistry(url string) bool {
 	re, err := regexp.Compile(`^[0-9]+\.dkr\.ecr\.[a-z]+-[a-z]+-[0-9]+\.amazonaws\.com$`)
 	if err != nil {
 		log.WithError(err).Fatal("invalid regexp pattern")
 		return false
 	}
-	return re.MatchString(ctx.Config.ContainerRegistry.External.URL)
+	return re.MatchString(url)
 }
 
 // getAWSRegion parses the AWS region from the container registry URL
 func getAWSRegion(url string) string {
+	if !isAWSECRPrivateRegistry(url) {
+		return ""
+	}
 	return strings.Split(url, ".")[3]
 }
diff --git a/install/installer/pkg/components/registry-credential/common_test.go b/install/installer/pkg/components/registry-credential/common_test.go
@@ -0,0 +1,36 @@
+// Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+// Licensed under the GNU Affero General Public License (AGPL).
+// See License-AGPL.txt in the project root for license information.
+
+package registry_credential
+
+import "testing"
+
+func TestGetAWSRegion(t *testing.T) {
+	tests := []struct {
+		URL    string
+		Expect string
+	}{
+		{
+			URL:    "012345678969.dkr.ecr.us-west-1.amazonaws.com",
+			Expect: "us-west-1",
+		},
+		{
+			URL:    "https://012345678969.dkr.ecr.us-west-1.amazonaws.com",
+			Expect: "us-west-1",
+		},
+		{
+			URL:    "https://012345678969.dkr.ecr.us-west-100.amazonaws.com",
+			Expect: "us-west-100",
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.URL, func(t *testing.T) {
+			got := getAWSRegion(test.URL)
+			if got != test.Expect {
+				t.Errorf("expect url %s, got %s", test.Expect, got)
+			}
+		})
+	}
+}
diff --git a/install/installer/pkg/components/registry-credential/configmap.go b/install/installer/pkg/components/registry-credential/configmap.go
@@ -15,7 +15,7 @@ import (
 )
 
 func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
-	if !isAWSRegistry(ctx) {
+	if !isAWSURL(ctx) {
 		return nil, nil
 	}
 

diff --git a/install/installer/pkg/components/registry-credential/cronjob.go b/install/installer/pkg/components/registry-credential/cronjob.go
@@ -15,7 +15,7 @@ import (
 )
 
 func cronjob(ctx *common.RenderContext) ([]runtime.Object, error) {
-	if !isAWSRegistry(ctx) {
+	if !isAWSURL(ctx) {
 		return nil, nil
 	}
 

diff --git a/install/installer/pkg/components/registry-credential/objects.go b/install/installer/pkg/components/registry-credential/objects.go
@@ -16,7 +16,7 @@ var Objects = common.CompositeRenderFunc(
 	rolebinding,
 	cronjob,
 	func(ctx *common.RenderContext) ([]runtime.Object, error) {
-		if !isAWSRegistry(ctx) {
+		if !isAWSURL(ctx) {
 			return nil, nil
 		}
 		return common.DefaultServiceAccount(Component)(ctx)

diff --git a/install/installer/pkg/components/registry-credential/role.go b/install/installer/pkg/components/registry-credential/role.go
@@ -13,7 +13,7 @@ import (
 )
 
 func role(ctx *common.RenderContext) ([]runtime.Object, error) {
-	if !isAWSRegistry(ctx) {
+	if !isAWSURL(ctx) {
 		return nil, nil
 	}
 

diff --git a/install/installer/pkg/components/registry-credential/rolebinding.go b/install/installer/pkg/components/registry-credential/rolebinding.go
@@ -13,7 +13,7 @@ import (
 )
 
 func rolebinding(ctx *common.RenderContext) ([]runtime.Object, error) {
-	if !isAWSRegistry(ctx) {
+	if !isAWSURL(ctx) {
 		return nil, nil
 	}