Skip to content

(aws-ecr): Expose repository domain or hostname #31631

New issue
New issue
Closed
#32176
Closed
(aws-ecr): Expose repository domain or hostname#31631
#32176
Labels
@aws-cdk/aws-ecrRelated to Amazon Elastic Container Registryeffort/smallSmall work item – less than a day of effortfeature-requestA feature should be added or improved.p2
@moltar

Description

@moltar
moltar
opened on Oct 3, 2024

Describe the feature

Expose the repository domain/hostname as a prop.

Use Case

The Docker credentials helper (e.g. docker-credential-ecr-login) expects a hostname in the configuration.

{
	"credHelpers": {
		"public.ecr.aws": "ecr-login",
		"<aws_account_id>.dkr.ecr.<region>.amazonaws.com": "ecr-login"
	}
}

Docs: https://github.com/awslabs/amazon-ecr-credential-helper?tab=readme-ov-file#docker

Proposed Solution

Extract the hostname part from this method:

aws-cdk/packages/aws-cdk-lib/aws-ecr/lib/repository.ts

Lines 234 to 242 in 0c753c3

/**
* Returns the repository URI, with an appended suffix, if provided.
* @param suffix An image tag or an image digest.
* @private
*/
private repositoryUriWithSuffix(suffix?: string): string {
const parts = this.stack.splitArn(this.repositoryArn, ArnFormat.SLASH_RESOURCE_NAME);
return `${parts.account}.dkr.ecr.${parts.region}.${this.stack.urlSuffix}/${this.repositoryName}${suffix}`;
}

And make it public:

  /**
   * Returns the domain of the repository. Can be used in Docker credentials helper.
   *
   *    ACCOUNT.dkr.ecr.REGION.amazonaws.com
   *
   * @param tagOrDigest Optional image tag or digest (digests must start with `sha256:`)
   */
  public get repositoryDomain(): string {
    return "";
  }

Other Information

This helper already ships with some CodeBuild images:

aws/aws-codebuild-docker-images#743

Acknowledgements

  • I may be able to implement this feature request
    This feature might incur a breaking change

CDK version used

2.x

Environment details (OS name and version, etc.)

N/A

Activity

moltar
added
feature-requestA feature should be added or improved.
needs-triageThis issue or PR still needs to be triaged.
on Oct 3, 2024
github-actions
added
@aws-cdk/aws-ecrRelated to Amazon Elastic Container Registry
on Oct 3, 2024
ashishdhingra
self-assigned this
on Oct 3, 2024
ashishdhingra
added
p2
investigatingThis issue is being investigated and/or work is in progress to resolve the issue.
effort/smallSmall work item – less than a day of effort
and removed
needs-triageThis issue or PR still needs to be triaged.
on Oct 3, 2024
ashishdhingra

ashishdhingra commented on Oct 3, 2024

@ashishdhingra
ashishdhingra
on Oct 3, 2024 · edited by ashishdhingra
Contributor

If we examine Push commands for an ECR repository, the 1st step is to Retrieve an authentication token and authenticate your Docker client to your registry. Use the AWS CLI:

aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin <<ACCOUNT>>.dkr.ecr.<<REGION>>.amazonaws.com`

So it is useful to expose a property, let's say registryUri, in IRepository interface (similar to repositoryUri):

  /**
   * The URI of this repository's registry:
   *
   *    ACCOUNT.dkr.ecr.REGION.amazonaws.com
   *
   * @attribute
   */
  readonly registryUri: string;

Then introduce property below in RepositoryBase class:

  /**
   * The URI of this repository's registry:
   *
   *    ACCOUNT.dkr.ecr.REGION.amazonaws.com
   *
   */
  public get registryUri() {
    const parts = this.stack.splitArn(this.repositoryArn, ArnFormat.SLASH_RESOURCE_NAME);
    return `${parts.account}.dkr.ecr.${parts.region}.${this.stack.urlSuffix}`;
  }
ashishdhingra
removed
investigatingThis issue is being investigated and/or work is in progress to resolve the issue.
on Oct 3, 2024
ashishdhingra
removed their assignment
on Oct 3, 2024
moltar

moltar commented on Oct 3, 2024

@moltar
moltar
on Oct 3, 2024
ContributorAuthor

@ashishdhingra Good point. Luckily, that command seems to work with the full repositoryUri value, too!

moltar

moltar commented on Oct 3, 2024

@moltar
moltar
on Oct 3, 2024
ContributorAuthor

Altho I'd be careful with the registryUri nomenclature, as URI implies that there must be a scheme. What we have is truly just a domain or a hostname. But if we forget the implementation detail, it might just be a name. 🤷🏼

https://en.wikipedia.org/wiki/Uniform_Resource_Identifier

github-actions
mentioned this on Nov 1, 2024
phuhung273
mentioned this on Nov 18, 2024

6 remaining items

Loading
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    @aws-cdk/aws-ecrRelated to Amazon Elastic Container Registryeffort/smallSmall work item – less than a day of effortfeature-requestA feature should be added or improved.p2

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      (aws-ecr): Expose repository domain or hostname · Issue #31631 · aws/aws-cdk