feat: Add ecr login (#36)

Co-authored-by: Gu <[email protected]>
Co-authored-by: Victor Gu <[email protected]>

README.md

@@ -63,6 +63,7 @@ Examples codified under the [`examples`](https://github.com/aws-ia/terraform-aws
 | [aws_iam_policy.emrcontainers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [time_sleep.dataplane](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_ecrpublic_authorization_token.token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecrpublic_authorization_token) | data source |
 | [aws_eks_cluster.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
 | [aws_iam_policy.amp](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
 | [aws_iam_policy.api_gatewayv2_admin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |

examples/complete/main.tf

@@ -20,8 +20,6 @@ data "aws_eks_cluster_auth" "this" {
   name = module.eks_blueprints.eks_cluster_id
 }
 
-data "aws_ecr_authorization_token" "token" {}
-
 data "aws_availability_zones" "available" {}
 data "aws_caller_identity" "current" {}
 data "aws_partition" "current" {}
@@ -104,7 +102,7 @@ module "eks_ack_addons" {
   enable_rds           = true
   enable_amp           = true
   enable_emrcontainers = true
-  
+
   tags = local.tags
 }
 

main.tf

@@ -6,6 +6,9 @@ data "aws_eks_cluster" "this" {
   name = local.cluster_id
 }
 
+# Equivalent of aws ecr get-login
+data "aws_ecrpublic_authorization_token" "token" {}
+
 locals {
   # this makes downstream resources wait for data plane to be ready
   cluster_id = time_sleep.dataplane.triggers["cluster_id"]
@@ -52,12 +55,14 @@ module "api_gatewayv2" {
 
   helm_config = merge(
     {
-      name        = local.api_gatewayv2_name
-      chart       = "apigatewayv2-chart"
-      repository  = "oci://public.ecr.aws/aws-controllers-k8s"
-      version     = "v0.1.4"
-      namespace   = local.api_gatewayv2_name
-      description = "ACK API Gateway Controller v2 Helm chart deployment configuration"
+      name                = local.api_gatewayv2_name
+      chart               = "apigatewayv2-chart"
+      repository          = "oci://public.ecr.aws/aws-controllers-k8s"
+      version             = "v0.1.4"
+      namespace           = local.api_gatewayv2_name
+      repository_username = data.aws_ecrpublic_authorization_token.token.user_name
+      repository_password = data.aws_ecrpublic_authorization_token.token.password
+      description         = "ACK API Gateway Controller v2 Helm chart deployment configuration"
       values = [
         # shortens pod name from `ack-api-gatewayv2-apigatewayv2-chart-xxxxxxxxxxxxx` to `ack-api-gatewayv2-xxxxxxxxxxxxx`
         <<-EOT
@@ -126,12 +131,14 @@ module "dynamodb" {
 
   helm_config = merge(
     {
-      name        = local.dynamodb_name
-      chart       = "dynamodb-chart"
-      repository  = "oci://public.ecr.aws/aws-controllers-k8s"
-      version     = "v0-stable"
-      namespace   = local.dynamodb_name
-      description = "ACK DynamoDB Controller v2 Helm chart deployment configuration"
+      name                = local.dynamodb_name
+      chart               = "dynamodb-chart"
+      repository          = "oci://public.ecr.aws/aws-controllers-k8s"
+      version             = "v0-stable"
+      namespace           = local.dynamodb_name
+      repository_username = data.aws_ecrpublic_authorization_token.token.user_name
+      repository_password = data.aws_ecrpublic_authorization_token.token.password
+      description         = "ACK DynamoDB Controller v2 Helm chart deployment configuration"
       values = [
         # shortens pod name from `ack-dynamodb-dynamodb-chart-xxxxxxxxxxxxx` to `ack-dynamodb-xxxxxxxxxxxxx`
         <<-EOT
@@ -191,12 +198,14 @@ module "s3" {
 
   helm_config = merge(
     {
-      name        = local.s3_name
-      chart       = "s3-chart"
-      repository  = "oci://public.ecr.aws/aws-controllers-k8s"
-      version     = "v0.1.5"
-      namespace   = local.s3_name
-      description = "ACK S3 Controller v2 Helm chart deployment configuration"
+      name                = local.s3_name
+      chart               = "s3-chart"
+      repository          = "oci://public.ecr.aws/aws-controllers-k8s"
+      version             = "v0.1.5"
+      namespace           = local.s3_name
+      repository_username = data.aws_ecrpublic_authorization_token.token.user_name
+      repository_password = data.aws_ecrpublic_authorization_token.token.password
+      description         = "ACK S3 Controller v2 Helm chart deployment configuration"
       values = [
         # shortens pod name from `ack-s3-s3-chart-xxxxxxxxxxxxx` to `ack-s3-xxxxxxxxxxxxx`
         <<-EOT
@@ -256,13 +265,15 @@ module "rds" {
 
   helm_config = merge(
     {
-      name             = local.rds_name
-      chart            = "rds-chart"
-      repository       = "oci://public.ecr.aws/aws-controllers-k8s"
-      version          = "v0.1.1"
-      namespace        = local.rds_name
-      create_namespace = true
-      description      = "ACK RDS Controller v2 Helm chart deployment configuration"
+      name                = local.rds_name
+      chart               = "rds-chart"
+      repository          = "oci://public.ecr.aws/aws-controllers-k8s"
+      version             = "v0.1.1"
+      namespace           = local.rds_name
+      repository_username = data.aws_ecrpublic_authorization_token.token.user_name
+      repository_password = data.aws_ecrpublic_authorization_token.token.password
+      create_namespace    = true
+      description         = "ACK RDS Controller v2 Helm chart deployment configuration"
       values = [
         # shortens pod name from `ack-rds-rds-chart-xxxxxxxxxxxxx` to `ack-rds-xxxxxxxxxxxxx`
         <<-EOT
@@ -322,13 +333,15 @@ module "amp" {
 
   helm_config = merge(
     {
-      name             = local.amp_name
-      chart            = "prometheusservice-chart"
-      repository       = "oci://public.ecr.aws/aws-controllers-k8s"
-      version          = "v0.1.1"
-      namespace        = local.amp_name
-      create_namespace = true
-      description      = "ACK amp Controller v2 Helm chart deployment configuration"
+      name                = local.amp_name
+      chart               = "prometheusservice-chart"
+      repository          = "oci://public.ecr.aws/aws-controllers-k8s"
+      version             = "v0.1.1"
+      namespace           = local.amp_name
+      repository_username = data.aws_ecrpublic_authorization_token.token.user_name
+      repository_password = data.aws_ecrpublic_authorization_token.token.password
+      create_namespace    = true
+      description         = "ACK amp Controller v2 Helm chart deployment configuration"
       values = [
         # shortens pod name from `ack-amp-amp-chart-xxxxxxxxxxxxx` to `ack-amp-xxxxxxxxxxxxx`
         <<-EOT
@@ -388,12 +401,14 @@ module "emrcontainers" {
 
   helm_config = merge(
     {
-      name        = local.emr_name
-      chart       = "emrcontainers-chart"
-      repository  = "oci://public.ecr.aws/aws-controllers-k8s"
-      version     = "v0-stable"
-      namespace   = local.emr_name
-      description = "Helm Charts for the emrcontainers controller for AWS Controllers for Kubernetes (ACK)"
+      name                = local.emr_name
+      chart               = "emrcontainers-chart"
+      repository          = "oci://public.ecr.aws/aws-controllers-k8s"
+      version             = "v0-stable"
+      namespace           = local.emr_name
+      repository_username = data.aws_ecrpublic_authorization_token.token.user_name
+      repository_password = data.aws_ecrpublic_authorization_token.token.password
+      description         = "Helm Charts for the emrcontainers controller for AWS Controllers for Kubernetes (ACK)"
       values = [
         # shortens pod name from `ack-emrcontainers-emrcontainers-chart-xxxxxxxxxxxxx` to `ack-emrcontainers-xxxxxxxxxxxxx`
         <<-EOT
@@ -441,7 +456,7 @@ resource "aws_iam_policy" "emrcontainers" {
   policy      = data.aws_iam_policy_document.emrcontainers.json
 }
 
-// inline policy providered by ack https://raw.githubusercontent.com/aws-controllers-k8s/emrcontainers-controller/main/config/iam/recommended-inline-policy
+# inline policy providered by ack https://raw.githubusercontent.com/aws-controllers-k8s/emrcontainers-controller/main/config/iam/recommended-inline-policy
 data "aws_iam_policy_document" "emrcontainers" {
   statement {
     effect = "Allow"