Source file src/github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cache/build.go

Documentation: github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cache

     1  // Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License"). You may
     4  // not use this file except in compliance with the License. A copy of the
     5  // License is located at
     6  //
     7  //	http://aws.amazon.com/apache2.0/
     8  //
     9  // or in the "license" file accompanying this file. This file is distributed
    10  // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
    11  // express or implied. See the License for the specific language governing
    12  // permissions and limitations under the License.
    13  
    14  package cache
    15  
    16  import (
    17  	"context"
    18  	"crypto/md5"
    19  	"encoding/base64"
    20  	"fmt"
    21  	"os"
    22  
    23  	"github.com/aws/aws-sdk-go-v2/aws"
    24  	"github.com/mitchellh/go-homedir"
    25  	"github.com/sirupsen/logrus"
    26  
    27  	ecrconfig "github.com/awslabs/amazon-ecr-credential-helper/ecr-login/config"
    28  )
    29  
    30  func BuildCredentialsCache(config aws.Config, cacheDir string) CredentialsCache {
    31  	if os.Getenv("AWS_ECR_DISABLE_CACHE") != "" {
    32  		logrus.Debug("Cache disabled due to AWS_ECR_DISABLE_CACHE")
    33  		return NewNullCredentialsCache()
    34  	}
    35  
    36  	if cacheDir == "" {
    37  		//Get cacheDir from env var "AWS_ECR_CACHE_DIR" or set to default
    38  		cacheDir = ecrconfig.GetCacheDir()
    39  	}
    40  
    41  	cacheDir, err := homedir.Expand(cacheDir)
    42  	if err != nil {
    43  		logrus.WithError(err).Debug("Could not expand cache path, disabling cache")
    44  		return NewNullCredentialsCache()
    45  	}
    46  
    47  	cacheFilename := "cache.json"
    48  
    49  	credentials, err := config.Credentials.Retrieve(context.TODO())
    50  	if err != nil {
    51  		logrus.WithError(err).Debug("Could not fetch credentials for cache prefix, disabling cache")
    52  		return NewNullCredentialsCache()
    53  	}
    54  
    55  	return NewFileCredentialsCache(cacheDir, cacheFilename, credentialsCachePrefix(config.Region, credentials), credentialsPublicCacheKey(credentials))
    56  }
    57  
    58  // Determine a key prefix for a credentials cache. Because auth tokens are scoped to an account and region, rely on provided
    59  // region, as well as hash of the access key.
    60  func credentialsCachePrefix(region string, credentials aws.Credentials) string {
    61  	return fmt.Sprintf("%s-%s-", region, checksum(credentials.AccessKeyID))
    62  }
    63  
    64  func credentialsPublicCacheKey(credentials aws.Credentials) string {
    65  	return fmt.Sprintf("%s-%s", ServiceECRPublic, checksum(credentials.AccessKeyID))
    66  }
    67  
    68  // Base64 encodes an MD5 checksum. Relied on for uniqueness, and not for cryptographic security.
    69  func checksum(text string) string {
    70  	hasher := md5.New()
    71  	data := hasher.Sum([]byte(text))
    72  	return base64.StdEncoding.EncodeToString(data)
    73  }
    74  

View as plain text