in pkg/registry/ecr_cred_injector.go [189:230]
func getECRClientFromVariables(ctx context.Context, log logr.Logger) (*ecr.Client, error) {
// similar to https://github.com/aws/eks-anywhere-packages/blob/eca65837c277f7769f721f2251b3e92f0d8edb68/credentialproviderpackage/pkg/awscred/awscred.go#L11
accessKeyPath := awsSecretPath + "/AWS_ACCESS_KEY_ID"
secretAccessKeyPath := awsSecretPath + "/AWS_SECRET_ACCESS_KEY"
regionPath := awsSecretPath + "/REGION"
sessionTokenPath := awsSecretPath + "/AWS_SESSION_TOKEN"
accessKeyByte, err := os.ReadFile(accessKeyPath)
if err != nil {
log.Error(err, "Cannot get access key from file")
}
accessKey := strings.Trim(string(accessKeyByte), "'")
secretAccessKeyByte, err := os.ReadFile(secretAccessKeyPath)
if err != nil {
log.Error(err, "Cannot get secret access key from file")
}
secretAccessKey := strings.Trim(string(secretAccessKeyByte), "'")
regionByte, err := os.ReadFile(regionPath)
if err != nil {
log.Error(err, "Cannot get region from file, %v")
}
region := strings.Trim(string(regionByte), "'")
var sessionToken string
// check if sessionToken exists and read it
if _, err := os.Stat(sessionTokenPath); !os.IsNotExist(err) {
sessionTokenByte, err := os.ReadFile(sessionTokenPath)
if err != nil {
log.Error(err, "Cannot get sessionToken from file, %v")
}
sessionToken = strings.Trim(string(sessionTokenByte), "'")
}
cfg, err := awsConfig.LoadDefaultConfig(ctx,
awsConfig.WithCredentialsProvider(awsCredentials.NewStaticCredentialsProvider(accessKey, secretAccessKey, sessionToken)),
awsConfig.WithRegion(region),
)
if err != nil {
return nil, err
}
return ecr.NewFromConfig(cfg), nil
}