Merge pull request #632 from tatlat/pr-3-complete-interface-update

tatlat · web-flow · commit d182d6a1b7a6 · 2025-07-10T16:42:49.000-07:00
Use manifest to determine ECR
diff --git a/internal/aws/ecr/ecr.go b/internal/aws/ecr/ecr.go
@@ -8,7 +8,9 @@ import (
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/ecr"
+	"go.uber.org/zap"
 
+	awsinternal "github.com/aws/eks-hybrid/internal/aws"
 	"github.com/aws/eks-hybrid/internal/aws/imds"
 	"github.com/aws/eks-hybrid/internal/system"
 )
@@ -30,21 +32,21 @@ func (r *ECRRegistry) GetSandboxImage() string {
 	return r.GetImageReference("eks/pause", "3.5")
 }
 
-func GetEKSRegistry(region string) (ECRRegistry, error) {
+func GetEKSRegistry(region string, regionConfig *awsinternal.RegionData) (ECRRegistry, error) {
 	servicesDomain, err := imds.GetProperty(imds.ServicesDomain)
 	if err != nil {
 		return "", err
 	}
 
-	return getEksRegistryWithServiceDomain(region, servicesDomain)
+	return getEksRegistryWithServiceDomainAndRegionConfig(region, servicesDomain, regionConfig)
 }
 
-func GetEKSHybridRegistry(region string) (ECRRegistry, error) {
-	return getEksRegistryWithServiceDomain(region, hybridServicesDomain)
+func GetEKSHybridRegistry(region string, regionConfig *awsinternal.RegionData) (ECRRegistry, error) {
+	return getEksRegistryWithServiceDomainAndRegionConfig(region, hybridServicesDomain, regionConfig)
 }
 
-func getEksRegistryWithServiceDomain(region, servicesDomain string) (ECRRegistry, error) {
-	account, region := getEKSRegistryCoordinates(region)
+func getEksRegistryWithServiceDomainAndRegionConfig(region, servicesDomain string, regionConfig *awsinternal.RegionData) (ECRRegistry, error) {
+	account, region := getEKSRegistryCoordinatesWithRegionConfig(region, regionConfig)
 	fipsInstalled, fipsEnabled, err := system.GetFipsInfo()
 	if err != nil {
 		return "", err
@@ -77,43 +79,9 @@ func getRegistry(accountID, ecrSubdomain, region, servicesDomain string) string
 const nonOptInRegionAccount = "602401143452"
 
 var accountsByRegion = map[string]string{
-	"ap-northeast-1": nonOptInRegionAccount,
-	"ap-northeast-2": nonOptInRegionAccount,
-	"ap-northeast-3": nonOptInRegionAccount,
-	"ap-south-1":     nonOptInRegionAccount,
-	"ap-southeast-1": nonOptInRegionAccount,
-	"ap-southeast-2": nonOptInRegionAccount,
-	"ca-central-1":   nonOptInRegionAccount,
-	"eu-central-1":   nonOptInRegionAccount,
-	"eu-north-1":     nonOptInRegionAccount,
-	"eu-west-1":      nonOptInRegionAccount,
-	"eu-west-2":      nonOptInRegionAccount,
-	"eu-west-3":      nonOptInRegionAccount,
-	"sa-east-1":      nonOptInRegionAccount,
-	"us-east-1":      nonOptInRegionAccount,
-	"us-east-2":      nonOptInRegionAccount,
-	"us-west-1":      nonOptInRegionAccount,
-	"us-west-2":      nonOptInRegionAccount,
-
-	"af-south-1":      "877085696533",
-	"ap-east-1":       "800184023465",
-	"ap-east-2":       "533267051163",
-	"ap-south-2":      "900889452093",
-	"ap-southeast-3":  "296578399912",
-	"ap-southeast-4":  "491585149902",
-	"ap-southeast-5":  "151610086707",
-	"ap-southeast-7":  "121268973566",
-	"ca-west-1":       "761377655185",
 	"cn-north-1":      "918309763551",
 	"cn-northwest-1":  "961992271922",
-	"eu-central-2":    "900612956339",
 	"eu-isoe-west-1":  "249663109785",
-	"eu-south-1":      "590381155156",
-	"eu-south-2":      "455263428931",
-	"il-central-1":    "066635153087",
-	"me-central-1":    "759879836304",
-	"me-south-1":      "558608220178",
-	"mx-central-1":    "730335286997",
 	"us-gov-east-1":   "151742754352",
 	"us-gov-west-1":   "013241004608",
 	"us-iso-east-1":   "725322719131",
@@ -128,6 +96,8 @@ func getEKSRegistryCoordinates(region string) (string, string) {
 	if ok {
 		return inRegionRegistry, region
 	}
+
+	// Fallback to existing region prefix-based logic
 	if strings.HasPrefix(region, "us-gov-") {
 		return "013241004608", "us-gov-west-1"
 	} else if strings.HasPrefix(region, "cn-") {
@@ -139,5 +109,31 @@ func getEKSRegistryCoordinates(region string) (string, string) {
 	} else if strings.HasPrefix(region, "us-isof-") {
 		return "676585237158", "us-isof-south-1"
 	}
-	return "602401143452", "us-west-2"
+	return nonOptInRegionAccount, "us-west-2"
+}
+
+// getEKSRegistryCoordinatesWithRegionConfig returns an AWS region and account ID for the default EKS ECR container image registry
+// using region configuration from manifest when available
+func getEKSRegistryCoordinatesWithRegionConfig(region string, regionConfig *awsinternal.RegionData) (string, string) {
+	if regionConfig != nil && regionConfig.EcrAccountID != "" {
+		zap.L().Info("Using ECR account from manifest",
+			zap.String("region", region),
+			zap.String("ecrAccount", regionConfig.EcrAccountID))
+		return regionConfig.EcrAccountID, region
+	}
+
+	// Fall back to existing logic
+	account, fallbackRegion := getEKSRegistryCoordinates(region)
+	if account == nonOptInRegionAccount {
+		zap.L().Warn("Region not found in manifest. Attempting to use default ECR account...")
+		zap.L().Info("Using default non-opt-in region ECR account",
+			zap.String("requestedRegion", region),
+			zap.String("fallbackRegion", fallbackRegion),
+			zap.String("ecrAccount", account))
+	} else {
+		zap.L().Info("Using region-specific ECR account",
+			zap.String("region", region),
+			zap.String("ecrAccount", account))
+	}
+	return account, fallbackRegion
 }
diff --git a/internal/aws/ecr/ecr_test.go b/internal/aws/ecr/ecr_test.go
@@ -0,0 +1,178 @@
+package ecr
+
+import (
+	"testing"
+
+	awsinternal "github.com/aws/eks-hybrid/internal/aws"
+)
+
+func TestGetEKSRegistryCoordinates(t *testing.T) {
+	tests := []struct {
+		name         string
+		region       string
+		regionConfig *awsinternal.RegionData
+		expectAcct   string
+		expectRegion string
+	}{
+		{
+			name:   "manifest data available - takes precedence",
+			region: "us-east-1",
+			regionConfig: &awsinternal.RegionData{
+				EcrAccountID: "123456789012",
+			},
+			expectAcct:   "123456789012",
+			expectRegion: "us-east-1",
+		},
+		{
+			name:   "manifest data available for non-commercial region - takes precedence over hardcoded",
+			region: "cn-north-1",
+			regionConfig: &awsinternal.RegionData{
+				EcrAccountID: "123456789012",
+			},
+			expectAcct:   "123456789012",
+			expectRegion: "cn-north-1",
+		},
+		{
+			name:         "non-commercial region - cn-north-1 from hardcoded map",
+			region:       "cn-north-1",
+			regionConfig: nil,
+			expectAcct:   "918309763551",
+			expectRegion: "cn-north-1",
+		},
+		{
+			name:         "non-commercial region - cn-northwest-1 from hardcoded map",
+			region:       "cn-northwest-1",
+			regionConfig: nil,
+			expectAcct:   "961992271922",
+			expectRegion: "cn-northwest-1",
+		},
+		{
+			name:         "non-commercial region - us-gov-east-1 from hardcoded map",
+			region:       "us-gov-east-1",
+			regionConfig: nil,
+			expectAcct:   "151742754352",
+			expectRegion: "us-gov-east-1",
+		},
+		{
+			name:         "non-commercial region - us-gov-west-1 from hardcoded map",
+			region:       "us-gov-west-1",
+			regionConfig: nil,
+			expectAcct:   "013241004608",
+			expectRegion: "us-gov-west-1",
+		},
+		{
+			name:         "non-commercial region - us-iso-east-1 from hardcoded map",
+			region:       "us-iso-east-1",
+			regionConfig: nil,
+			expectAcct:   "725322719131",
+			expectRegion: "us-iso-east-1",
+		},
+		{
+			name:         "non-commercial region - us-iso-west-1 from hardcoded map",
+			region:       "us-iso-west-1",
+			regionConfig: nil,
+			expectAcct:   "608367168043",
+			expectRegion: "us-iso-west-1",
+		},
+		{
+			name:         "non-commercial region - us-isob-east-1 from hardcoded map",
+			region:       "us-isob-east-1",
+			regionConfig: nil,
+			expectAcct:   "187977181151",
+			expectRegion: "us-isob-east-1",
+		},
+		{
+			name:         "non-commercial region - us-isof-south-1 from hardcoded map",
+			region:       "us-isof-south-1",
+			regionConfig: nil,
+			expectAcct:   "676585237158",
+			expectRegion: "us-isof-south-1",
+		},
+		{
+			name:         "non-commercial region - eu-isoe-west-1 from hardcoded map",
+			region:       "eu-isoe-west-1",
+			regionConfig: nil,
+			expectAcct:   "249663109785",
+			expectRegion: "eu-isoe-west-1",
+		},
+		{
+			name:         "prefix fallback - unknown us-gov region",
+			region:       "us-gov-unknown-1",
+			regionConfig: nil,
+			expectAcct:   "013241004608",
+			expectRegion: "us-gov-west-1",
+		},
+		{
+			name:         "prefix fallback - unknown cn region",
+			region:       "cn-unknown-1",
+			regionConfig: nil,
+			expectAcct:   "961992271922",
+			expectRegion: "cn-northwest-1",
+		},
+		{
+			name:         "prefix fallback - unknown us-iso region",
+			region:       "us-iso-unknown-1",
+			regionConfig: nil,
+			expectAcct:   "725322719131",
+			expectRegion: "us-iso-east-1",
+		},
+		{
+			name:         "prefix fallback - unknown us-isob region",
+			region:       "us-isob-unknown-1",
+			regionConfig: nil,
+			expectAcct:   "187977181151",
+			expectRegion: "us-isob-east-1",
+		},
+		{
+			name:         "prefix fallback - unknown us-isof region",
+			region:       "us-isof-unknown-1",
+			regionConfig: nil,
+			expectAcct:   "676585237158",
+			expectRegion: "us-isof-south-1",
+		},
+		{
+			name:         "default fallback - commercial region not in manifest",
+			region:       "us-east-1",
+			regionConfig: nil,
+			expectAcct:   "602401143452",
+			expectRegion: "us-west-2",
+		},
+		{
+			name:         "default fallback - unknown region",
+			region:       "unknown-region",
+			regionConfig: nil,
+			expectAcct:   "602401143452",
+			expectRegion: "us-west-2",
+		},
+		{
+			name:   "empty ECR account ID in manifest - falls back to hardcoded for non-commercial",
+			region: "cn-north-1",
+			regionConfig: &awsinternal.RegionData{
+				EcrAccountID: "",
+			},
+			expectAcct:   "918309763551",
+			expectRegion: "cn-north-1",
+		},
+		{
+			name:   "empty ECR account ID in manifest - falls back to default for commercial",
+			region: "us-east-1",
+			regionConfig: &awsinternal.RegionData{
+				EcrAccountID: "",
+			},
+			expectAcct:   "602401143452",
+			expectRegion: "us-west-2",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			account, region := getEKSRegistryCoordinatesWithRegionConfig(tt.region, tt.regionConfig)
+			if account != tt.expectAcct {
+				t.Errorf("Expected account %s, got %s", tt.expectAcct, account)
+			}
+			if region != tt.expectRegion {
+				t.Errorf("Expected region %s, got %s", tt.expectRegion, region)
+			}
+		})
+	}
+}
diff --git a/internal/aws/source.go b/internal/aws/source.go
@@ -138,6 +138,20 @@ func getLatestDateEksPatchRelease(patchReleases []EksPatchRelease) (EksPatchRele
 	return latestRelease, nil
 }
 
+func GetRegionConfig(ctx context.Context, region string) (*RegionData, error) {
+	manifest, err := getReleaseManifest(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	regionCfg, ok := manifest.RegionConfig[region]
+	if !ok {
+		return nil, fmt.Errorf("region %s not found in manifest", region)
+	}
+
+	return &regionCfg, nil
+}
+
 // GetKubelet satisfies kubelet.Source.
 func (as Source) GetKubelet(ctx context.Context) (artifact.Source, error) {
 	return as.getEksSource(ctx, "kubelet")
diff --git a/internal/configenricher/interface.go b/internal/configenricher/interface.go
@@ -1,7 +1,26 @@
 package configenricher
 
-import "context"
+import (
+	"context"
+
+	"github.com/aws/eks-hybrid/internal/aws"
+)
+
+// ConfigEnricherConfig holds the configuration options
+type ConfigEnricherConfig struct {
+	RegionConfig *aws.RegionData
+}
+
+// ConfigEnricherOption is a function that modifies ConfigEnricherConfig
+type ConfigEnricherOption func(*ConfigEnricherConfig)
+
+// WithRegionConfig creates a ConfigEnricherOption that sets the region config
+func WithRegionConfig(regionConfig *aws.RegionData) ConfigEnricherOption {
+	return func(config *ConfigEnricherConfig) {
+		config.RegionConfig = regionConfig
+	}
+}
 
 type ConfigEnricher interface {
-	Enrich(ctx context.Context) error
+	Enrich(ctx context.Context, opts ...ConfigEnricherOption) error
 }
diff --git a/internal/flows/init.go b/internal/flows/init.go
@@ -6,6 +6,8 @@ import (
 	"go.uber.org/zap"
 	"k8s.io/utils/strings/slices"
 
+	"github.com/aws/eks-hybrid/internal/aws"
+	"github.com/aws/eks-hybrid/internal/configenricher"
 	"github.com/aws/eks-hybrid/internal/nodeprovider"
 )
 
@@ -33,7 +35,14 @@ func (i *Initer) Run(ctx context.Context) error {
 		return err
 	}
 
-	if err := i.NodeProvider.Enrich(ctx); err != nil {
+	// Get region config from manifest for ECR registry lookup
+	region := i.NodeProvider.GetNodeConfig().Spec.Cluster.Region
+	regionConfig, err := aws.GetRegionConfig(ctx, region)
+	if err != nil {
+		i.Logger.Warn("Failed to get region config from manifest", zap.Error(err))
+	}
+
+	if err := i.NodeProvider.Enrich(ctx, configenricher.WithRegionConfig(regionConfig)); err != nil {
 		return err
 	}
 
diff --git a/internal/flows/upgrade.go b/internal/flows/upgrade.go
@@ -9,6 +9,7 @@ import (
 
 	"github.com/aws/eks-hybrid/internal/aws"
 	"github.com/aws/eks-hybrid/internal/cni"
+	"github.com/aws/eks-hybrid/internal/configenricher"
 	"github.com/aws/eks-hybrid/internal/containerd"
 	"github.com/aws/eks-hybrid/internal/creds"
 	"github.com/aws/eks-hybrid/internal/daemon"
@@ -51,7 +52,8 @@ func (u *Upgrader) Run(ctx context.Context) error {
 	if err := u.NodeProvider.ConfigureAws(ctx); err != nil {
 		return err
 	}
-	if err := u.NodeProvider.Enrich(ctx); err != nil {
+
+	if err := u.NodeProvider.Enrich(ctx, configenricher.WithRegionConfig(&u.AwsSource.RegionInfo)); err != nil {
 		return err
 	}
 	if err := initDaemons(ctx, u.NodeProvider, u.SkipPhases, u.Logger); err != nil {
diff --git a/internal/node/ec2/configenricher.go b/internal/node/ec2/configenricher.go
diff --git a/internal/node/hybrid/configenricher.go b/internal/node/hybrid/configenricher.go
diff --git a/internal/node/hybrid/configenricher_test.go b/internal/node/hybrid/configenricher_test.go
