Updates the regex for ECR URL validation to support isolated regions
and includes additional testcases for these.
Signed-off-by: Jyoti Mahapatra <jyotima@amazon.com>
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
* Before this change, even on non-AWS platforms, the Enabled() check attempts
to make calls to the metadata endpoint when the session and credentials
are initialized (in order to determine if the provider should be
initialized at all).
* This can cause latency because the SDK times out and retries -- up to
20 seconds of latency has been observed on non-AWS platforms when the
metadata IP was blocked with an iptables rule.
* Instead, check once if we are running on an EC2 platform, first trying
to find the EC2 UUID in system files, and second attempting to get
credentials.
* Add a benchmark test that includes intialization and the credential
check.
Use constructor for ecrProvider
Rename package to "credentials" like golint requests
Don't wrap the lazy provider with a caching provider
Add immedita compile-time interface conformance checks for the interfaces
Added comments
This is step two. We now create long-lived, lazy ECR providers in all regions.
When first used, they will create the actual ECR providers doing the work
behind the scenes, namely talking to ECR in the region where the image lives,
rather than the one our instance is running in.
Also:
- moved the list of AWS regions out of the AWS cloudprovider and into the
credentialprovider, then exported it from there.
- improved logging
Behold, running in us-east-1:
```
aws_credentials.go:127] Creating ecrProvider for us-west-2
aws_credentials.go:63] AWS request: ecr:GetAuthorizationToken in us-west-2
aws_credentials.go:217] Adding credentials for user AWS in us-west-2
Successfully pulled image 123456789012.dkr.ecr.us-west-2.amazonaws.com/test:latest"
```
*"One small step for a pod, one giant leap for Kube-kind."*
