Release (#1)

* Add create registory func.

* * Add policy file
* change filename from aws.go to repository.go

* Create puller params.

* Add main command.

* Fixed command.

* Update readme.

Author: ushios

.editorconfig

@@ -0,0 +1,19 @@
+root = true
+charset = utf-8
+
+[*]
+indent_style = tab
+indent_size = 4
+end_of_line = lf
+insert_final_newline = true
+
+[*.go]
+indent_style = tab
+indent_size = 4
+
+[*.yml]
+indent_style = space
+indent_size = 2
+
+[Dockerfile*]
+indent_size = 4

README.md

@@ -1,2 +1,15 @@
 # ecr-factory
 AWS ECR factory
+
+# Installation
+
+```console
+$ go get github.com/ushios/ecr-factory
+```
+
+# Usage
+
+Create repository and policy that are pull and push.
+```console
+$ ecrf -id xxxxx -secret xxxx -name your_docker_repository_name
+```

cmd/ecrf/main.go

@@ -0,0 +1,57 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/ecr"
+	"github.com/aws/aws-sdk-go/service/iam"
+	ecrf "github.com/ushios/ecr-factory"
+)
+
+var (
+	id     = flag.String("id", "", "aws access key id")
+	secret = flag.String("secret", "", "aws secret key")
+	name   = flag.String("name", "", "repository name")
+)
+
+func main() {
+
+	flag.Parse()
+	fmt.Printf("id: %s, secret: %s, name: %s\n", *id, *secret, *name)
+
+	cre := credentials.NewStaticCredentials(*id, *secret, "")
+	sess, err := session.NewSession(&aws.Config{
+		Region:      aws.String("ap-northeast-1"),
+		Credentials: cre,
+	})
+	if err != nil {
+		panic(err)
+	}
+
+	e := ecr.New(sess)
+	repo, err := ecrf.CreateRepository(e, *name)
+	if err != nil {
+		panic(err)
+	}
+
+	fmt.Printf("Created repository(name: %s)\n", *repo.RepositoryName)
+
+	i := iam.New(sess)
+	pull, err := ecrf.CreatePullerPolicy(i, repo)
+	if err != nil {
+		panic(err)
+	}
+
+	fmt.Printf("Created policy(id:%s, name: %s)\n", *pull.PolicyId, *pull.PolicyName)
+
+	push, err := ecrf.CreatePusherPolicy(i, repo)
+	if err != nil {
+		panic(err)
+	}
+
+	fmt.Printf("Created policy(id:%s, name: %s)\n", *push.PolicyId, *push.PolicyName)
+}

policy.go

@@ -0,0 +1,143 @@
+package ecrf
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/ecr"
+	"github.com/aws/aws-sdk-go/service/iam"
+	"github.com/ushios/iamgo"
+)
+
+const (
+	PullerPolicyName  = "ecr-pull-%s"
+	PullerDescription = "Pull %s. Generated by ecr-factory"
+	PusherPolicyName  = "ecr-push-%s"
+	PusherDescription = "Push to %s. Generated by ecr-factory"
+)
+
+// CreatePullerPolicy create policy
+func CreatePullerPolicy(i *iam.IAM, repo *ecr.Repository) (*iam.Policy, error) {
+	param, err := pulleerParam(repo)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := i.CreatePolicy(param)
+	if err != nil {
+		return nil, err
+	}
+
+	return resp.Policy, nil
+}
+
+// CreatePusherPolicy create policy
+func CreatePusherPolicy(i *iam.IAM, repo *ecr.Repository) (*iam.Policy, error) {
+	param, err := pusherParam(repo)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := i.CreatePolicy(param)
+	if err != nil {
+		return nil, err
+	}
+
+	return resp.Policy, nil
+}
+
+func pulleerParam(repo *ecr.Repository) (*iam.CreatePolicyInput, error) {
+	p := pullerPolicy(repo)
+	b, err := p.PolicyScheme()
+	if err != nil {
+		return nil, err
+	}
+
+	param := &iam.CreatePolicyInput{
+		PolicyName:     aws.String(fmt.Sprintf(PullerPolicyName, *(repo.RepositoryName))),
+		Description:    aws.String(fmt.Sprintf(PullerDescription, *(repo.RepositoryName))),
+		PolicyDocument: aws.String(string(b)),
+	}
+
+	return param, nil
+}
+
+func pullerPolicy(repo *ecr.Repository) iamgo.Policy {
+	p := iamgo.NewLatestPolicy(
+		[]iamgo.StatementEntry{
+			iamgo.StatementEntry{
+				Effect: iamgo.Allow,
+				Action: []string{
+					"ecr:GetAuthorizationToken",
+				},
+				Resource: "*",
+			},
+			iamgo.StatementEntry{
+				Effect: iamgo.Allow,
+				Action: []string{
+					"ecr:GetAuthorizationToken",
+					"ecr:BatchCheckLayerAvailability",
+					"ecr:GetDownloadUrlForLayer",
+					"ecr:GetRepositoryPolicy",
+					"ecr:DescribeRepositories",
+					"ecr:ListImages",
+					"ecr:DescribeImages",
+					"ecr:BatchGetImage",
+				},
+				Resource: *(repo.RepositoryArn),
+			},
+		},
+	)
+
+	return p
+}
+
+func pusherParam(repo *ecr.Repository) (*iam.CreatePolicyInput, error) {
+	p := pusherPolicy(repo)
+	b, err := p.PolicyScheme()
+	if err != nil {
+		return nil, err
+	}
+
+	param := &iam.CreatePolicyInput{
+		PolicyName:     aws.String(fmt.Sprintf(PusherPolicyName, *(repo.RepositoryName))),
+		Description:    aws.String(fmt.Sprintf(PusherDescription, *(repo.RepositoryName))),
+		PolicyDocument: aws.String(string(b)),
+	}
+
+	return param, nil
+}
+
+func pusherPolicy(repo *ecr.Repository) iamgo.Policy {
+	p := iamgo.NewLatestPolicy(
+		[]iamgo.StatementEntry{
+			iamgo.StatementEntry{
+				Effect: iamgo.Allow,
+				Action: []string{
+					"ecr:GetAuthorizationToken",
+				},
+				Resource: "*",
+			},
+			iamgo.StatementEntry{
+				Effect: iamgo.Allow,
+				Action: []string{
+					"ecr:GetAuthorizationToken",
+					"ecr:BatchCheckLayerAvailability",
+					"ecr:GetDownloadUrlForLayer",
+					"ecr:GetRepositoryPolicy",
+					"ecr:DescribeRepositories",
+					"ecr:ListImages",
+					"ecr:DescribeImages",
+					"ecr:BatchGetImage",
+					"ecr:InitiateLayerUpload",
+					"ecr:UploadLayerPart",
+					"ecr:CompleteLayerUpload",
+					"ecr:PutImage",
+				},
+				Resource: *(repo.RepositoryArn),
+			},
+		},
+	)
+
+	return p
+}

repository.go

@@ -0,0 +1,20 @@
+package ecrf
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/ecr"
+)
+
+// CreateRepository create name repository
+func CreateRepository(c *ecr.ECR, name string) (*ecr.Repository, error) {
+	param := &ecr.CreateRepositoryInput{
+		RepositoryName: aws.String(name),
+	}
+
+	resp, err := c.CreateRepository(param)
+	if err != nil {
+		return nil, err
+	}
+
+	return resp.Repository, nil
+}