portainer/api/internal/registryutils/ecr_reg_token.go

package registryutils

import (
	"time"

	portainer "github.com/portainer/portainer/api"
	"github.com/portainer/portainer/api/aws/ecr"
	"github.com/portainer/portainer/api/dataservices"

	"github.com/rs/zerolog/log"
)

func isRegTokenValid(registry *portainer.Registry) (valid bool) {
	return registry.AccessToken != "" && registry.AccessTokenExpiry > time.Now().Unix()
}

func doGetRegToken(dataStore dataservices.DataStore, registry *portainer.Registry) (err error) {
	ecrClient := ecr.NewService(registry.Username, registry.Password, registry.Ecr.Region)
	accessToken, expiryAt, err := ecrClient.GetAuthorizationToken()
	if err != nil {
		return
	}

	registry.AccessToken = *accessToken
	registry.AccessTokenExpiry = expiryAt.Unix()

	err = dataStore.Registry().UpdateRegistry(registry.ID, registry)

	return
}

func parseRegToken(registry *portainer.Registry) (username, password string, err error) {
	ecrClient := ecr.NewService(registry.Username, registry.Password, registry.Ecr.Region)
	return ecrClient.ParseAuthorizationToken(registry.AccessToken)
}

func EnsureRegTokenValid(dataStore dataservices.DataStore, registry *portainer.Registry) (err error) {
	if registry.Type == portainer.EcrRegistry {
		if isRegTokenValid(registry) {
			log.Debug().Msg("current ECR token is still valid")
		} else {
			err = doGetRegToken(dataStore, registry)
			if err != nil {
				log.Debug().Msg("refresh ECR token")
			}
		}
	}

	return
}

func GetRegEffectiveCredential(registry *portainer.Registry) (username, password string, err error) {
	if registry.Type == portainer.EcrRegistry {
		username, password, err = parseRegToken(registry)
	} else {
		username = registry.Username
		password = registry.Password
	}
	return
}