From e1e37edba6671eea14de4f2fa10b57e7886d6271 Mon Sep 17 00:00:00 2001
From: Chelo Montilla <chelo.montilla@lansweeper.com>
Date: Mon, 30 Aug 2021 14:54:15 +0200
Subject: [PATCH 1/4] use default aws credentials

Signed-off-by: Chelo Montilla <chelo.montilla@lansweeper.com>
---
 cmd/app/options.go      | 29 -----------------------------
 cmd/app/options_test.go | 17 -----------------
 pkg/client/client.go    |  3 +--
 pkg/client/ecr/ecr.go   | 15 ++-------------
 4 files changed, 3 insertions(+), 61 deletions(-)

diff --git a/cmd/app/options.go b/cmd/app/options.go
index 0a96caee..17898e19 100644
--- a/cmd/app/options.go
+++ b/cmd/app/options.go
@@ -27,10 +27,6 @@ const (
 	envDockerPassword = "DOCKER_PASSWORD"
 	envDockerToken    = "DOCKER_TOKEN"
 
-	envECRAccessKeyID     = "ECR_ACCESS_KEY_ID"
-	envECRSecretAccessKey = "ECR_SECRET_ACCESS_KEY"
-	envECRSessionToken    = "ECR_SESSION_TOKEN"
-
 	envGCRAccessToken = "GCR_TOKEN"
 
 	envQuayToken = "QUAY_TOKEN"
@@ -153,27 +149,6 @@ func (o *Options) addAuthFlags(fs *pflag.FlagSet) {
 		))
 	///
 
-	/// ECR
-	fs.StringVar(&o.Client.ECR.AccessKeyID,
-		"ecr-access-key-id", "",
-		fmt.Sprintf(
-			"ECR access key ID for read access to private registries (%s_%s).",
-			envPrefix, envECRAccessKeyID,
-		))
-	fs.StringVar(&o.Client.ECR.SecretAccessKey,
-		"ecr-secret-access-key", "",
-		fmt.Sprintf(
-			"ECR secret access key for read access to private registries (%s_%s).",
-			envPrefix, envECRSecretAccessKey,
-		))
-	fs.StringVar(&o.Client.ECR.SessionToken,
-		"ecr-session-token", "",
-		fmt.Sprintf(
-			"ECR session token for read access to private registries (%s_%s).",
-			envPrefix, envECRSessionToken,
-		))
-	///
-
 	/// GCR
 	fs.StringVar(&o.Client.GCR.Token,
 		"gcr-token", "",
@@ -237,10 +212,6 @@ func (o *Options) complete() {
 		{envDockerPassword, &o.Client.Docker.Password},
 		{envDockerToken, &o.Client.Docker.Token},
 
-		{envECRAccessKeyID, &o.Client.ECR.AccessKeyID},
-		{envECRSessionToken, &o.Client.ECR.SessionToken},
-		{envECRSecretAccessKey, &o.Client.ECR.SecretAccessKey},
-
 		{envGCRAccessToken, &o.Client.GCR.Token},
 
 		{envQuayToken, &o.Client.Quay.Token},
diff --git a/cmd/app/options_test.go b/cmd/app/options_test.go
index e8dfff43..c00ebe03 100644
--- a/cmd/app/options_test.go
+++ b/cmd/app/options_test.go
@@ -8,7 +8,6 @@ import (
 	"github.com/jetstack/version-checker/pkg/client"
 	"github.com/jetstack/version-checker/pkg/client/acr"
 	"github.com/jetstack/version-checker/pkg/client/docker"
-	"github.com/jetstack/version-checker/pkg/client/ecr"
 	"github.com/jetstack/version-checker/pkg/client/gcr"
 	"github.com/jetstack/version-checker/pkg/client/quay"
 	"github.com/jetstack/version-checker/pkg/client/selfhosted"
@@ -33,9 +32,6 @@ func TestComplete(t *testing.T) {
 				{"VERSION_CHECKER_DOCKER_USERNAME", "docker-username"},
 				{"VERSION_CHECKER_DOCKER_PASSWORD", "docker-password"},
 				{"VERSION_CHECKER_DOCKER_TOKEN", "docker-token"},
-				{"VERSION_CHECKER_ECR_ACCESS_KEY_ID", "ecr-access-token"},
-				{"VERSION_CHECKER_ECR_SECRET_ACCESS_KEY", "ecr-secret-access-token"},
-				{"VERSION_CHECKER_ECR_SESSION_TOKEN", "ecr-session-token"},
 				{"VERSION_CHECKER_GCR_TOKEN", "gcr-token"},
 				{"VERSION_CHECKER_QUAY_TOKEN", "quay-token"},
 				{"VERSION_CHECKER_SELFHOSTED_HOST_FOO", "docker.joshvanl.com"},
@@ -54,11 +50,6 @@ func TestComplete(t *testing.T) {
 					Password: "docker-password",
 					Token:    "docker-token",
 				},
-				ECR: ecr.Options{
-					AccessKeyID:     "ecr-access-token",
-					SecretAccessKey: "ecr-secret-access-token",
-					SessionToken:    "ecr-session-token",
-				},
 				GCR: gcr.Options{
 					Token: "gcr-token",
 				},
@@ -87,9 +78,6 @@ func TestComplete(t *testing.T) {
 				{"VERSION_CHECKER_DOCKER_USERNAME", "docker-username"},
 				{"VERSION_CHECKER_DOCKER_PASSWORD", "docker-password"},
 				{"VERSION_CHECKER_DOCKER_TOKEN", "docker-token"},
-				{"VERSION_CHECKER_ECR_ACCESS_KEY_ID", "ecr-access-token"},
-				{"VERSION_CHECKER_ECR_SECRET_ACCESS_KEY", "ecr-secret-access-token"},
-				{"VERSION_CHECKER_ECR_SESSION_TOKEN", "ecr-session-token"},
 				{"VERSION_CHECKER_GCR_TOKEN", "gcr-token"},
 				{"VERSION_CHECKER_QUAY_TOKEN", "quay-token"},
 				{"VERSION_CHECKER_SELFHOSTED_HOST_FOO", "docker.joshvanl.com"},
@@ -108,11 +96,6 @@ func TestComplete(t *testing.T) {
 					Password: "docker-password",
 					Token:    "docker-token",
 				},
-				ECR: ecr.Options{
-					AccessKeyID:     "ecr-access-token",
-					SecretAccessKey: "ecr-secret-access-token",
-					SessionToken:    "ecr-session-token",
-				},
 				GCR: gcr.Options{
 					Token: "gcr-token",
 				},
diff --git a/pkg/client/client.go b/pkg/client/client.go
index c982902d..97548044 100644
--- a/pkg/client/client.go
+++ b/pkg/client/client.go
@@ -45,7 +45,6 @@ type Client struct {
 // Options used to configure client authentication.
 type Options struct {
 	ACR        acr.Options
-	ECR        ecr.Options
 	GCR        gcr.Options
 	Docker     docker.Options
 	Quay       quay.Options
@@ -82,7 +81,7 @@ func New(ctx context.Context, log *logrus.Entry, opts Options) (*Client, error)
 		clients: append(
 			selfhostedClients,
 			acrClient,
-			ecr.New(opts.ECR),
+			ecr.New(),
 			dockerClient,
 			gcr.New(opts.GCR),
 			quay.New(opts.Quay),
diff --git a/pkg/client/ecr/ecr.go b/pkg/client/ecr/ecr.go
index a1b6e376..1f43c80c 100644
--- a/pkg/client/ecr/ecr.go
+++ b/pkg/client/ecr/ecr.go
@@ -6,7 +6,6 @@ import (
 	"sync"
 
 	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/ecr"
 
@@ -17,19 +16,10 @@ import (
 type Client struct {
 	cacheMu             sync.Mutex
 	cachedRegionClients map[string]*ecr.ECR
-
-	Options
-}
-
-type Options struct {
-	AccessKeyID     string
-	SecretAccessKey string
-	SessionToken    string
 }
 
-func New(opts Options) *Client {
+func New() *Client {
 	return &Client{
-		Options:             opts,
 		cachedRegionClients: make(map[string]*ecr.ECR),
 	}
 }
@@ -108,8 +98,7 @@ func (c *Client) getClient(region string) (*ecr.ECR, error) {
 
 func (c *Client) createRegionClient(region string) (*ecr.ECR, error) {
 	sess, err := session.NewSession(&aws.Config{
-		Credentials: credentials.NewStaticCredentials(c.AccessKeyID, c.SecretAccessKey, c.SessionToken),
-		Region:      &region,
+		Region: &region,
 	})
 	if err != nil {
 		return nil, fmt.Errorf("failed to construct aws credentials: %s", err)

From 3c9c84a1fdef1eb0508d3c16478f72f414b256f5 Mon Sep 17 00:00:00 2001
From: Chelo Montilla <chelo.montilla@lansweeper.com>
Date: Mon, 30 Aug 2021 14:55:11 +0200
Subject: [PATCH 2/4] remove aws ecr config from chart and add configurable
 annotations to service account

Signed-off-by: Chelo Montilla <chelo.montilla@lansweeper.com>
---
 deploy/charts/version-checker/Chart.yaml      |  4 +--
 .../version-checker/templates/deployment.yaml | 25 +------------------
 .../version-checker/templates/secret.yaml     | 13 +---------
 .../templates/serviceaccount.yaml             |  3 +++
 deploy/charts/version-checker/values.yaml     | 14 +++++------
 5 files changed, 14 insertions(+), 45 deletions(-)

diff --git a/deploy/charts/version-checker/Chart.yaml b/deploy/charts/version-checker/Chart.yaml
index 387e6fea..3f46610a 100644
--- a/deploy/charts/version-checker/Chart.yaml
+++ b/deploy/charts/version-checker/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
-appVersion: "v0.2.1"
-version: 0.2.2
+appVersion: "v0.3.0"
+version: 0.3.0
 description: A Helm chart for version-checker
 home: https://github.com/joshvanl/verison-checker
 name: version-checker
diff --git a/deploy/charts/version-checker/templates/deployment.yaml b/deploy/charts/version-checker/templates/deployment.yaml
index b494add4..893c5d80 100644
--- a/deploy/charts/version-checker/templates/deployment.yaml
+++ b/deploy/charts/version-checker/templates/deployment.yaml
@@ -1,5 +1,5 @@
 {{- $secretEnabled := false }}
-{{- if or .Values.acr.refreshToken .Values.acr.username .Values.acr.password .Values.docker.token .Values.docker.username .Values.docker.password .Values.ecr.accessKeyID .Values.ecr.secretAccessKey .Values.ecr.sessionToken .Values.gcr.token .Values.quay.token (not (eq (len .Values.selfhosted) 0)) }}
+{{- if or .Values.acr.refreshToken .Values.acr.username .Values.acr.password .Values.docker.token .Values.docker.username .Values.docker.password .Values.gcr.token .Values.quay.token (not (eq (len .Values.selfhosted) 0)) }}
 {{- $secretEnabled = true }}
 {{- end }}
 {{ $chartname := include "version-checker.name" . }}
@@ -64,29 +64,6 @@ spec:
               key: acr.password
         {{- end }}
 
-        # ECR
-        {{- if .Values.ecr.accessKeyID }}
-        - name: VERSION_CHECKER_ECR_ACCESS_KEY_ID
-          valueFrom:
-            secretKeyRef:
-              name: {{ $chartname }}
-              key: ecr.accessKeyID
-        {{- end }}
-        {{- if .Values.ecr.secretAccessKey }}
-        - name: VERSION_CHECKER_ECR_SECRET_ACCESS_KEY
-          valueFrom:
-            secretKeyRef:
-              name: {{ $chartname }}
-              key: ecr.secretAccessKey
-        {{- end }}
-        {{- if .Values.ecr.sessionToken }}
-        - name: VERSION_CHECKER_ECR_SESSION_TOKEN
-          valueFrom:
-            secretKeyRef:
-              name: {{ $chartname }}
-              key: ecr.sessionToken
-        {{- end }}
-
         # Docker
         {{- if .Values.docker.token }}
         - name: VERSION_CHECKER_DOCKER_TOKEN
diff --git a/deploy/charts/version-checker/templates/secret.yaml b/deploy/charts/version-checker/templates/secret.yaml
index ada712e6..0bc3c45b 100644
--- a/deploy/charts/version-checker/templates/secret.yaml
+++ b/deploy/charts/version-checker/templates/secret.yaml
@@ -1,4 +1,4 @@
-{{- if or .Values.acr.refreshToken .Values.acr.username .Values.acr.password .Values.docker.token .Values.ecr.accessKeyID .Values.ecr.secretAccessKey .Values.ecr.sessionToken .Values.docker.username .Values.docker.password .Values.gcr.token .Values.quay.token (not (eq (len .Values.selfhosted) 0)) }}
+{{- if or .Values.acr.refreshToken .Values.acr.username .Values.acr.password .Values.docker.token .Values.docker.username .Values.docker.password .Values.gcr.token .Values.quay.token (not (eq (len .Values.selfhosted) 0)) }}
 apiVersion: v1
 data:
   # ACR
@@ -23,17 +23,6 @@ data:
   docker.password: {{.Values.docker.password | b64enc }}
   {{- end}}
 
-  # ECR
-  {{- if .Values.ecr.accessKeyID }}
-  ecr.accessKeyID: {{ .Values.ecr.accessKeyID | b64enc }}
-  {{- end}}
-  {{- if .Values.ecr.secretAccessKey }}
-  ecr.secretAccessKey: {{ .Values.ecr.secretAccessKey | b64enc }}
-  {{- end}}
-  {{- if .Values.ecr.sessionToken }}
-  ecr.sessionToken: {{ .Values.ecr.sessionToken | b64enc }}
-  {{- end}}
-
   # GCR
   {{- if .Values.gcr.token }}
   gcr.token: {{ .Values.gcr.token | b64enc }}
diff --git a/deploy/charts/version-checker/templates/serviceaccount.yaml b/deploy/charts/version-checker/templates/serviceaccount.yaml
index 3bf56d09..2bee01b8 100644
--- a/deploy/charts/version-checker/templates/serviceaccount.yaml
+++ b/deploy/charts/version-checker/templates/serviceaccount.yaml
@@ -3,4 +3,7 @@ kind: ServiceAccount
 metadata:
   labels:
 {{ include "version-checker.labels" . | indent 4 }}
+{{- with .Values.serviceAccount.annotations }}
+{{ toYaml . | indent 8 }}
+{{- end }}
   name: {{ include "version-checker.name" . }}
diff --git a/deploy/charts/version-checker/values.yaml b/deploy/charts/version-checker/values.yaml
index 03077e8c..ac8f228d 100644
--- a/deploy/charts/version-checker/values.yaml
+++ b/deploy/charts/version-checker/values.yaml
@@ -12,6 +12,9 @@ image:
 service:
   port: 8080
 
+serviceAccount:
+  annotations: {}
+
 versionChecker:
   imageCacheTimeout: 30m
   logLevel: info # debug, info, warn, error, fatal, panic
@@ -28,11 +31,6 @@ docker:
   password:
   token:
 
-ecr:
-  accessKeyID:
-  secretAccessKey:
-  sessionToken:
-
 gcr:
   token:
 
@@ -42,7 +40,8 @@ quay:
 # Can be used to provide custom environment variables e.g. proxy settings
 env: {}
 
-selfhosted: {}
+selfhosted:
+  {}
   #- name: REGISTRY
   #  host: http://registry:5000
   #  username:
@@ -54,7 +53,8 @@ selfhosted: {}
   #  password: bar
   #  token:
 
-resources: {}
+resources:
+  {}
   # limits:
   #   cpu: 100m
   #   memory: 128Mi

From cb449562f7ce3e72b815cb609de8da68a16fd2f4 Mon Sep 17 00:00:00 2001
From: David Collom <david@collom.co.uk>
Date: Wed, 21 Feb 2024 22:51:42 +0000
Subject: [PATCH 3/4] Update
 deploy/charts/version-checker/templates/serviceaccount.yaml

---
 deploy/charts/version-checker/templates/serviceaccount.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/deploy/charts/version-checker/templates/serviceaccount.yaml b/deploy/charts/version-checker/templates/serviceaccount.yaml
index 2bee01b8..75703c9c 100644
--- a/deploy/charts/version-checker/templates/serviceaccount.yaml
+++ b/deploy/charts/version-checker/templates/serviceaccount.yaml
@@ -4,6 +4,7 @@ metadata:
   labels:
 {{ include "version-checker.labels" . | indent 4 }}
 {{- with .Values.serviceAccount.annotations }}
-{{ toYaml . | indent 8 }}
+  annotations:
+{{ toYaml . | indent 4 }}
 {{- end }}
   name: {{ include "version-checker.name" . }}

From 32cfdfc697395d93fc68bec032d7e3de984d560c Mon Sep 17 00:00:00 2001
From: David Collom <david.collom@jetstack.io>
Date: Wed, 21 Feb 2024 23:01:26 +0000
Subject: [PATCH 4/4] Fix up helm breaking changes

---
 .../version-checker/templates/secret.yaml     |  2 +-
 .../templates/serviceaccount.yaml             |  6 +--
 .../tests/deployment_test.yaml                | 42 -------------------
 .../tests/serviceaccount_test.yaml            |  8 ++--
 4 files changed, 6 insertions(+), 52 deletions(-)

diff --git a/deploy/charts/version-checker/templates/secret.yaml b/deploy/charts/version-checker/templates/secret.yaml
index 0e2c04a5..3e4372bf 100644
--- a/deploy/charts/version-checker/templates/secret.yaml
+++ b/deploy/charts/version-checker/templates/secret.yaml
@@ -1,4 +1,4 @@
-{{- if or .Values.acr.refreshToken .Values.acr.username .Values.acr.password .Values.docker.token .Values.docker.username .Values.docker.password .Values.gcr.token .Values.quay.token (not (eq (len .Values.selfhosted) 0)) }}
+{{- if or .Values.acr.refreshToken .Values.acr.username .Values.acr.password .Values.docker.token .Values.docker.username .Values.docker.password .Values.gcr.token .Values.ghcr.token .Values.quay.token (not (eq (len .Values.selfhosted) 0)) }}
 apiVersion: v1
 data:
   # ACR
diff --git a/deploy/charts/version-checker/templates/serviceaccount.yaml b/deploy/charts/version-checker/templates/serviceaccount.yaml
index d9e7cef3..3838370d 100644
--- a/deploy/charts/version-checker/templates/serviceaccount.yaml
+++ b/deploy/charts/version-checker/templates/serviceaccount.yaml
@@ -1,14 +1,10 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  {{- if .Values.ecr.iamRoleArn }}
-  annotations:
-    eks.amazonaws.com/role-arn: {{ .Values.ecr.iamRoleArn }}
-  {{- end }}
+  name: {{ include "version-checker.name" . }}
   labels:
 {{ include "version-checker.labels" . | indent 4 }}
 {{- with .Values.serviceAccount.annotations }}
   annotations:
 {{ toYaml . | indent 4 }}
 {{- end }}
-  name: {{ include "version-checker.name" . }}
diff --git a/deploy/charts/version-checker/tests/deployment_test.yaml b/deploy/charts/version-checker/tests/deployment_test.yaml
index 418bbd01..2e142b47 100644
--- a/deploy/charts/version-checker/tests/deployment_test.yaml
+++ b/deploy/charts/version-checker/tests/deployment_test.yaml
@@ -131,48 +131,6 @@ tests:
                 key: acr.password
                 name: version-checker
 
-  # ECR
-  - it: ECR should work
-    set:
-      ecr.iamRoleArn: ajbhvdsbjvh
-      ecr.accessKeyID: jsgbjkas
-      ecr.secretAccessKey: sgkjnabskjga
-      ecr.sessionToken: asgjasg
-    asserts:
-      - contains:
-          path: spec.template.spec.containers[0].env
-          count: 1
-          content:
-            name: VERSION_CHECKER_ECR_IAM_ROLE_ARN
-            value: ajbhvdsbjvh
-      - contains:
-          path: spec.template.spec.containers[0].env
-          count: 1
-          content:
-            name: VERSION_CHECKER_ECR_ACCESS_KEY_ID
-            valueFrom:
-              secretKeyRef:
-                key: ecr.accessKeyID
-                name: version-checker
-      - contains:
-          path: spec.template.spec.containers[0].env
-          count: 1
-          content:
-            name: VERSION_CHECKER_ECR_SECRET_ACCESS_KEY
-            valueFrom:
-              secretKeyRef:
-                key: ecr.secretAccessKey
-                name: version-checker
-      - contains:
-          path: spec.template.spec.containers[0].env
-          count: 1
-          content:
-            name: VERSION_CHECKER_ECR_SESSION_TOKEN
-            valueFrom:
-              secretKeyRef:
-                key: ecr.sessionToken
-                name: version-checker
-
   # Docker
   - it: Docker should work
     set:
diff --git a/deploy/charts/version-checker/tests/serviceaccount_test.yaml b/deploy/charts/version-checker/tests/serviceaccount_test.yaml
index 9ee79fe1..239d9856 100644
--- a/deploy/charts/version-checker/tests/serviceaccount_test.yaml
+++ b/deploy/charts/version-checker/tests/serviceaccount_test.yaml
@@ -13,10 +13,10 @@ tests:
           apiVersion: v1
           name: version-checker
 
-  - it: with ecr ARN Set
+  - it: with annotations set
     set:
-      ecr.iamRoleArn: dsjgabjgsg
+      serviceAccount.annotations: { "abc": "123" }
     asserts:
       - equal:
-          path: metadata.annotations["eks.amazonaws.com/role-arn"]
-          value: dsjgabjgsg
+          path: metadata.annotations["abc"]
+          value: "123"