ecs_ecr: Fix AWS ECR repository creation (#34798)

* ecs_ecr: Remove registry ID from create repository call

[Boto3 documentation][1] specifies 'repositoryName' as the only expected
argument. The `**build_kwargs(registry_id)` part also adds 'registryId' which,
when executed, fails with: 'Unknown parameter in input: “registryId”, must be
one of: repositoryName'.

[AWS API documentation][2] also lists only the 'repositoryName' parameter. I.e.
this is not a problem with the boto3 library.

The default registry ID for the account that's making the request will be used
when creating the rpository. This means that if the `registry_id` specified by
the user is different from the default registry ID, then the policy changes
following the repository creation would fail, because the repository will have
been created in one repository but subsequent calls try to modify it in
another. Added a safeguard against this scenario.

[1]: https://boto3.readthedocs.io/en/latest/reference/services/ecr.html#ECR.Client.create_repository
[2]: https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_CreateRepository.html

* Fix concurrent ECR integration tests

If the `ecr_name` is the same in multiple concurrent test runs, then they can
interfere with one another causing both to fail. The `resource_prefix` is
guaranteed to be unique for different jobs running in CI an so avoids this
issue while also making it easier to identify the test which created the
resource.
This commit is contained in:
Deiwin Sarjas 2018-01-24 02:42:41 +02:00 committed by Will Thames
parent ff2ad89081
commit e970ae102c
2 changed files with 11 additions and 4 deletions

View file

@ -154,6 +154,9 @@ class EcsEcr:
self.ecr = boto3_conn(module, conn_type='client',
resource='ecr', region=region,
endpoint=ec2_url, **aws_connect_kwargs)
self.sts = boto3_conn(module, conn_type='client',
resource='sts', region=region,
endpoint=ec2_url, **aws_connect_kwargs)
self.check_mode = module.check_mode
self.changed = False
self.skipped = False
@ -183,10 +186,14 @@ class EcsEcr:
raise
def create_repository(self, registry_id, name):
if registry_id:
default_registry_id = self.sts.get_caller_identity().get('Account')
if registry_id != default_registry_id:
raise Exception('Cannot create repository in registry {}.'
'Would be created in {} instead.'.format(
registry_id, default_registry_id))
if not self.check_mode:
repo = self.ecr.create_repository(
repositoryName=name, **build_kwargs(registry_id)).get(
'repository')
repo = self.ecr.create_repository(repositoryName=name).get('repository')
self.changed = True
return repo
else:

View file

@ -1,6 +1,6 @@
---
- set_fact:
ecr_name: 'ecr-test-{{ ansible_date_time.epoch }}'
ecr_name: '{{ resource_prefix }}-ecr'
- block: