Source code for airflow.providers.amazon.aws.hooks.ecr
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
from __future__ import annotations
import base64
import logging
from dataclasses import dataclass
from typing import TYPE_CHECKING
from airflow.providers.amazon.aws.hooks.base_aws import AwsBaseHook
from airflow.utils.log.secrets_masker import mask_secret
if TYPE_CHECKING:
from datetime import datetime
[docs]logger = logging.getLogger(__name__)
@dataclass(frozen=True)
[docs]class EcrCredentials:
"""Helper (frozen dataclass) for storing temporary ECR credentials."""
[docs] def __post_init__(self):
"""Initialize the `Ecr` credentials object."""
mask_secret(self.password)
logger.debug("Credentials to Amazon ECR %r expires at %s.", self.proxy_endpoint, self.expires_at)
@property
[docs] def registry(self) -> str:
"""Return registry in appropriate `docker login` format."""
# https://github.com/docker/docker-py/issues/2256#issuecomment-824940506
return self.proxy_endpoint.replace("https://", "")
[docs]class EcrHook(AwsBaseHook):
"""
Interact with Amazon Elastic Container Registry (ECR).
Provide thin wrapper around :external+boto3:py:class:`boto3.client("ecr") <ECR.Client>`.
Additional arguments (such as ``aws_conn_id``) may be specified and
are passed down to the underlying AwsBaseHook.
.. seealso::
- :class:`airflow.providers.amazon.aws.hooks.base_aws.AwsBaseHook`
"""
def __init__(self, **kwargs):
kwargs["client_type"] = "ecr"
super().__init__(**kwargs)
[docs] def get_temporary_credentials(self, registry_ids: list[str] | str | None = None) -> list[EcrCredentials]:
"""Get temporary credentials for Amazon ECR.
.. seealso::
- :external+boto3:py:meth:`ECR.Client.get_authorization_token`
:param registry_ids: Either AWS Account ID or list of AWS Account IDs that are associated
with the registries from which credentials are obtained. If you do not specify a registry,
the default registry is assumed.
:return: list of :class:`airflow.providers.amazon.aws.hooks.ecr.EcrCredentials`,
obtained credentials valid for 12 hours.
"""
registry_ids = registry_ids or None
if isinstance(registry_ids, str):
registry_ids = [registry_ids]
if registry_ids:
response = self.conn.get_authorization_token(registryIds=registry_ids)
else:
response = self.conn.get_authorization_token()
creds = []
for auth_data in response["authorizationData"]:
username, password = base64.b64decode(auth_data["authorizationToken"]).decode("utf-8").split(":")
creds.append(
EcrCredentials(
username=username,
password=password,
proxy_endpoint=auth_data["proxyEndpoint"],
expires_at=auth_data["expiresAt"],
)
)
return creds