public static async Task PushDockerImageToEcr(string accountID, string registryAddress, AWSCredentials credentials, string repositoryName, string tag)
{
var amazonECRClient = new AmazonECRClient(credentials);
var response = await amazonECRClient.GetAuthorizationTokenAsync(new GetAuthorizationTokenRequest
{
RegistryIds = new List <string> {
accountID
}
});
string[] tokens = Encoding.UTF8.GetString(Convert.FromBase64String(response.AuthorizationData.First().AuthorizationToken)).Split(":");
var authconfig = new AuthConfig
{
Username = tokens[0],
Password = tokens[1],
};
using (DockerClient dockerClientNew = GetDockerClient())
{
await dockerClientNew.Images.TagImageAsync($"{repositoryName}:{tag}",
new ImageTagParameters { RepositoryName = $"{registryAddress}/{repositoryName}", Tag = tag });
await dockerClientNew.Images.PushImageAsync($"{registryAddress}/{repositoryName}:{tag}",
new ImagePushParameters(),
authconfig,
new Progress <JSONMessage>(LogJsonMessage));
}
}
public override void Invoke(AWSCredentials creds, RegionEndpoint region, int maxItems)
{
AmazonECRConfig config = new AmazonECRConfig();
config.RegionEndpoint = region;
ConfigureClient(config);
AmazonECRClient client = new AmazonECRClient(creds, config);
DescribeRepositoriesResponse resp = new DescribeRepositoriesResponse();
do
{
DescribeRepositoriesRequest req = new DescribeRepositoriesRequest
{
NextToken = resp.NextToken
,
MaxResults = maxItems
};
resp = client.DescribeRepositories(req);
CheckError(resp.HttpStatusCode, "200");
foreach (var obj in resp.Repositories)
{
AddObject(obj);
}
}while (!string.IsNullOrEmpty(resp.NextToken));
}
public EcrRegistryClient(
ILogger <EcrRegistryClient> log,
AmazonECRClient client
)
{
_log = log;
_client = client;
}
public void ECRGetAuthorizationToken()
{
#region getauthorizationtoken-example-1470867047084
var client = new AmazonECRClient();
var response = client.GetAuthorizationToken(new GetAuthorizationTokenRequest
{
});
List <AuthorizationData> authorizationData = response.AuthorizationData;
#endregion
}
public void ECRDescribeRepositories()
{
#region describe-repositories-1470856017467
var client = new AmazonECRClient();
var response = client.DescribeRepositories(new DescribeRepositoriesRequest
{
});
List <Repository> repositories = response.Repositories;
#endregion
}
public EcrRegistryClient BuildClient(ContainerRegistrySettings registrySettings)
{
var awsCredentials = new BasicAWSCredentials(
registrySettings.Ecr.AccessKey,
registrySettings.Ecr.SecretKey
);
var regionEndpoint = RegionEndpoint.GetBySystemName(registrySettings.Ecr.Region);
var client = new AmazonECRClient(awsCredentials, regionEndpoint);
var repositories = client.DescribeRepositoriesAsync(new DescribeRepositoriesRequest()).Result;
return(new EcrRegistryClient(_serviceProvider.GetService <ILogger <EcrRegistryClient> >(), client));
}
protected IAmazonECR CreateClient(AWSCredentials credentials, RegionEndpoint region)
{
var config = new AmazonECRConfig {
RegionEndpoint = region
};
Amazon.PowerShell.Utils.Common.PopulateConfig(this, config);
this.CustomizeClientConfig(config);
var client = new AmazonECRClient(credentials, config);
client.BeforeRequestEvent += RequestEventHandler;
client.AfterResponseEvent += ResponseEventHandler;
return(client);
}
public void ECRCreateRepository()
{
#region createrepository-example-1470863688724
var client = new AmazonECRClient();
var response = client.CreateRepository(new CreateRepositoryRequest
{
RepositoryName = "project-a/nginx-web-app"
});
Repository repository = response.Repository;
#endregion
}
public void ECRListImages()
{
#region listimages-example-1470868161594
var client = new AmazonECRClient();
var response = client.ListImages(new ListImagesRequest
{
RepositoryName = "ubuntu"
});
List <ImageIdentifier> imageIds = response.ImageIds;
#endregion
}
public void ECRDeleteRepository()
{
#region deleterepository-example-1470863805703
var client = new AmazonECRClient();
var response = client.DeleteRepository(new DeleteRepositoryRequest
{
Force = true,
RepositoryName = "ubuntu"
});
Repository repository = response.Repository;
#endregion
}
public void ECRDeleteRepositoryPolicy()
{
#region deleterepositorypolicy-example-1470866943748
var client = new AmazonECRClient();
var response = client.DeleteRepositoryPolicy(new DeleteRepositoryPolicyRequest
{
RepositoryName = "ubuntu"
});
string policyText = response.PolicyText;
string registryId = response.RegistryId;
string repositoryName = response.RepositoryName;
#endregion
}
public void ECRGetRepositoryPolicy()
{
#region getrepositorypolicy-example-1470867669211
var client = new AmazonECRClient();
var response = client.GetRepositoryPolicy(new GetRepositoryPolicyRequest
{
RepositoryName = "ubuntu"
});
string policyText = response.PolicyText;
string registryId = response.RegistryId;
string repositoryName = response.RepositoryName;
#endregion
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
// appsettings.json
var awsAccessKeyId = Configuration.GetSection("AwsAccessKeyId").Value;
var awsSecretAccessKey = Configuration.GetSection("AwsSecretAccessKey").Value;
var keyService = new KeyService(awsAccessKeyId, awsSecretAccessKey);
// Amazon clients
// `keyService` can be used to pass `AwsAccessKeyId` and `AwsSecretAccessKey`
var cloudComputeClient = new AmazonEC2Client();
var containerServiceClient = new AmazonECSClient();
var containerRegistryClient = new AmazonECRClient();
services.AddSingleton <IKeyService>(keyService);
services.AddSingleton <IAmazonEC2>(cloudComputeClient);
services.AddSingleton <IAmazonECS>(containerServiceClient);
services.AddSingleton <IAmazonECR>(containerRegistryClient);
// AwsAdmin.Application Services
var vpcService = new VpcService(cloudComputeClient);
var subnetService = new SubnetService(cloudComputeClient);
var routeTableService = new RouteTableService(cloudComputeClient);
var internetGatewayService = new InternetGatewayService(cloudComputeClient);
var dhcpOptionsSetService = new DhcpOptionsSetService(cloudComputeClient);
var networkAclsService = new NetworkAclsService(cloudComputeClient);
var securityGroupService = new SecurityGroupService(cloudComputeClient);
services.AddSingleton <IVpcService>(vpcService);
services.AddSingleton <ISubnetService>(subnetService);
services.AddSingleton <IRouteTableService>(routeTableService);
services.AddSingleton <IInternetGatewayService>(internetGatewayService);
services.AddSingleton <IDhcpOptionsSetService>(dhcpOptionsSetService);
services.AddSingleton <INetworkAclsService>(networkAclsService);
services.AddSingleton <ISecurityGroupService>(securityGroupService);
// Mappers
services.AddSingleton <IDescribeVpcMapper, DescribeVpcMapper>();
services.AddSingleton <IDescribeSubnetMapper, DescribeSubnetMapper>();
services.AddSingleton <IDescribeRouteTableMapper, DescribeRouteTableMapper>();
services.AddSingleton <IDhcpOptionsSetsMapper, DhcpOptionsSetsMapper>();
services.AddSingleton <IInternetGatewayMapper, InternetGatewayMapper>();
services.AddSingleton <INetworkAclsMapper, NetworkAclsMapper>();
services.AddSingleton <ISecurityGroupMapper, SecurityGroupMapper>();
}
public void ECRBatchGetImage()
{
#region batchgetimage-example-1470862771437
var client = new AmazonECRClient();
var response = client.BatchGetImage(new BatchGetImageRequest
{
ImageIds = new List <ImageIdentifier> {
new ImageIdentifier {
ImageTag = "precise"
}
},
RepositoryName = "ubuntu"
});
List <ImageFailure> failures = response.Failures;
List <Image> images = response.Images;
#endregion
}
private static async Task <GetAuthorizationTokenResponse> GetAuthorizationToken(string accessKeyId, string secretKey)
{
Output.Verbose($"Retrieving authorization token {nameof(accessKeyId)}={accessKeyId}, {nameof(secretKey)}={secretKey}.");
GetAuthorizationTokenResponse authorizationToken;
// We only want to get & save secrets from/to local configuration when we have not provided them
var needToStoreSecrets = false;
if (accessKeyId == null || secretKey == null)
{
Output.Verbose("Attempting to load AWS credentials from secrets store.");
var securityConfig = GetConfiguration();
if (accessKeyId == null)
{
accessKeyId = securityConfig[SecretStoreKeys.AccessKeyId];
}
if (secretKey == null)
{
secretKey = securityConfig[SecretStoreKeys.SecretKey];
}
}
var firstPrompt = true;
do
{
if (accessKeyId == null || secretKey == null)
{
Output.Verbose("Attempting to prompt for AWS credentials.");
needToStoreSecrets = true;
if (!ConsoleHelper.IsInteractive)
{
// CLI is running from within a script in a non-interactive terminal, e.g., from pressing F5 in VS Code. The
// auth command will get users to this same code path, but in an interactive terminal.
var cliCommand = Program.CliCommandName;
var authCommand = new AuthorizeCommand().CommandName;
Output.Error(Output.HorizontalLine());
Output.Error("Your machine is missing necessary AWS credentials. Authorize your machine by opening a terminal and " +
"running the following commands, then try your actions again. This authorization only needs to be performed once per user/machine:");
Output.Error($"> cd {Directory.GetCurrentDirectory()}");
Output.Error($"> dotnet {cliCommand} {authCommand}");
Output.Error($"If you have further issues, please contact #watch-ops.");
Output.Error(Output.HorizontalLine());
return(null);
}
// TODO add link to docs page for finding/creating AWS access keys and getting help from watch-ops to set up account
// or add permissions.
if (firstPrompt)
{
Output.Error("Your machine is missing necessary AWS credentials. The following authorization only needs to be performed " +
"once per user/machine. For assistance, please contact #watch-ops.");
firstPrompt = false;
}
Output.Error("Paste in your AWS ACCESS KEY ID:");
accessKeyId = ConsoleHelper.ReadPassword();
Output.Error("Now paste in your AWS SECRET ACCESS KEY:");
secretKey = ConsoleHelper.ReadPassword();
}
try
{
var ecrClient = new AmazonECRClient(accessKeyId, secretKey, _regionEndpoint);
// TODO Potentially slow. We might need to create a cached toked since it'll be valid for 12 hours
// Another thing is that there is a throttling for GetAuthorizationTokenAsync (1 call / second)
// There's not a good way to check the stored credentials without making
// an actual call to ECR (e.g. a docker pull). Doing that on every operation
// would be relatively slow. Could we write a hidden file on successful auth
// check and expire it after 8 hours?
Output.Verbose($"Retrieving ECR authentication token");
authorizationToken = await ecrClient.GetAuthorizationTokenAsync(new GetAuthorizationTokenRequest(),
new CancellationTokenSource(_awsTimeout).Token);
// We have successfully got authorization token let's save our access key and secret in user-secrets.
// We only save them when we've not provided access and secret via parameters.
if (needToStoreSecrets)
{
Output.Verbose($"Storing secret {SecretStoreKeys.AccessKeyId}");
await SaveSecret(SecretStoreKeys.AccessKeyId, accessKeyId);
Output.Verbose($"Storing secret {SecretStoreKeys.SecretKey}");
await SaveSecret(SecretStoreKeys.SecretKey, secretKey);
}
break;
}
catch (Exception e)
{
var amazonEcrException = e.InnerException as AmazonECRException;
if (amazonEcrException != null && amazonEcrException.ErrorCode.Equals("UnrecognizedClientException"))
{
Output.VerboseException(e);
Output.Error("Bad credentials. Please try again.");
accessKeyId = null;
secretKey = null;
continue;
}
// TODO handle case where permissions are inadequate (?)
Output.Error("Something went wrong while connecting to AWS. Please try again later.");
Output.Exception(e);
throw;
}
} while (true);
return(authorizationToken);
}
public ECRHelper(int maxDegreeOfParalelism = 2)
{
_maxDegreeOfParalelism = maxDegreeOfParalelism;
_ECRClient = new AmazonECRClient();
}
