feat(registry) EE-806 add support for AWS ECR (#6165)

* feat(ecr) EE-806 add support for aws ecr * feat(ecr) EE-806 fix wrong doc for Ecr Region Co-authored-by: Simon Meng <simon.meng@portainer.io>
2025-07-24 15:59:41 +02:00 · 2021-12-01 13:18:57 +13:00 · 2021-12-01 13:18:57 +13:00 · a86c7046df
commit a86c7046df
parent ff6185cc81
29 changed files with 694 additions and 51 deletions
--- a/api/http/proxy/factory/docker/registry.go
+++ b/api/http/proxy/factory/docker/registry.go
@ -3,6 +3,7 @@ package docker
 import (
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/internal/registryutils"
 )

 type (
@ -25,13 +26,13 @@ type (
 	}
 )

-func createRegistryAuthenticationHeader(registryId portainer.RegistryID, accessContext *registryAccessContext) *registryAuthenticationHeader {
-	var authenticationHeader *registryAuthenticationHeader
-
+func createRegistryAuthenticationHeader(
+	dataStore portainer.DataStore,
+	registryId portainer.RegistryID,
+	accessContext *registryAccessContext,
+) (authenticationHeader registryAuthenticationHeader, err error) {
 	if registryId == 0 { // dockerhub (anonymous)
-		authenticationHeader = &registryAuthenticationHeader{
-			Serveraddress: "docker.io",
-		}
+		authenticationHeader.Serveraddress = "docker.io"
 	} else { // any "custom" registry
 		var matchingRegistry *portainer.Registry
 		for _, registry := range accessContext.registries {
@ -44,13 +45,14 @@ func createRegistryAuthenticationHeader(registryId portainer.RegistryID, accessC
 		}

 		if matchingRegistry != nil {
-			authenticationHeader = &registryAuthenticationHeader{
-				Username:      matchingRegistry.Username,
-				Password:      matchingRegistry.Password,
-				Serveraddress: matchingRegistry.URL,
+			err = registryutils.EnsureRegTokenValid(dataStore, matchingRegistry)
+			if (err != nil) {
+				return
 			}
+			authenticationHeader.Serveraddress = matchingRegistry.URL
+			authenticationHeader.Username, authenticationHeader.Password, err = registryutils.GetRegEffectiveCredential(matchingRegistry)
 		}
 	}

-	return authenticationHeader
+	return
 }
--- a/api/http/proxy/factory/docker/transport.go
+++ b/api/http/proxy/factory/docker/transport.go
@ -414,7 +414,10 @@ func (transport *Transport) replaceRegistryAuthenticationHeader(request *http.Re
 			return nil, err
 		}

-		authenticationHeader := createRegistryAuthenticationHeader(originalHeaderData.RegistryId, accessContext)
+		authenticationHeader, err := createRegistryAuthenticationHeader(transport.dataStore, originalHeaderData.RegistryId, accessContext)
+		if err != nil {
+			return nil, err
+		}

 		headerData, err := json.Marshal(authenticationHeader)
 		if err != nil {