From 272266e757562763136911f5a185deb5a62335e0 Mon Sep 17 00:00:00 2001
From: Srini Nangunuri <srinivasa.nangunuri@census.gov>
Date: Mon, 14 Apr 2025 17:45:30 -0400
Subject: [PATCH] fixed ecr images issues

---
 copy_images.tf | 33 +++++++++++++++++++++------------
 variables.tf   | 20 ++++++--------------
 2 files changed, 27 insertions(+), 26 deletions(-)

diff --git a/copy_images.tf b/copy_images.tf
index 5277c55..2003852 100644
--- a/copy_images.tf
+++ b/copy_images.tf
@@ -1,14 +1,15 @@
 locals {
-  pilot_key = format("%v#%v", "istio/pilot", var.istio_version)
-  proxy_key = format("%v#%v", "istio/proxyv2", var.istio_version)
+  pilot_key      = format("%v#%v", "istio/pilot", var.istio_version)
+  proxy_key      = format("%v#%v", "istio/proxyv2", var.istio_version)
+  ent_ecr_source = format("%v.%v.%v.%v", var.account_id, "dkr.ecr", var.region, "amazonaws.com/ent-images")
 
   image_config = [
     {
       enabled         = true
       dest_path       = null
       name            = "istio/pilot"
-      source_image    = "ironbank/opensource/istio/pilot"
-      source_registry = var.source_registry
+      source_image    = "opensource/istio/pilot"
+      source_registry = format("%v/%v", local.ent_ecr_source, "ironbank")
       source_tag      = var.istio_version
       tag             = var.istio_version
     },
@@ -16,8 +17,8 @@ locals {
       enabled         = true
       dest_path       = null
       name            = "istio/proxyv2"
-      source_image    = "ironbank/opensource/istio/proxyv2"
-      source_registry = var.source_registry
+      source_image    = "opensource/istio/proxyv2"
+      source_registry = format("%v/%v", local.ent_ecr_source, "ironbank")
       source_tag      = var.istio_version
       tag             = var.istio_version
     },
@@ -32,14 +33,22 @@ module "images" {
   image_config     = local.image_config
   tags             = {}
 
-  source_username  = data.aws_ecr_authorization_token.token.user_name
-  source_password  = data.aws_ecr_authorization_token.token.password
+  enable_lifecycle_policy     = true
+  lifecycle_policy_all        = true
+  force_delete                = true
+  lifecycle_policy_keep_count = 5
 
-  enable_lifecycle_policy = true
-  lifecycle_policy_all    = true
-  force_delete            = true
+  source_username = data.aws_ecr_authorization_token.ecr_token.user_name
+  source_password = data.aws_ecr_authorization_token.ecr_token.password
+
+  destination_username = data.aws_ecr_authorization_token.token.user_name
+  destination_password = data.aws_ecr_authorization_token.token.password
+}
+
+data "aws_ecr_authorization_token" "ecr_token" {
+  registry_id = var.account_id
 }
 
 data "aws_ecr_authorization_token" "token" {
-  registry_id = var.registry_id
+  registry_id = var.account_id
 }
diff --git a/variables.tf b/variables.tf
index 6375d25..d174d3d 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,3 +1,9 @@
+variable "account_id" {
+  description = "aws account number"
+  type        = string
+  default     = ""
+}
+
 variable "profile" {
   description = "AWS_PROFILE to use to apply the terraform script."
   type        = string
@@ -36,20 +42,6 @@ variable "tags" {
   default     = {}
 }
 
-#source registry (enterpriser ecr account) where source image is being copied into target account
-variable "source_registry" {
-  description = "source of the image or enterprise ECR account"
-  type = string
-  default = "269222635945.dkr.ecr.us-gov-east-1.amazonaws.com/ent-images"
-}
-
-#source registry (enterpriser ecr account)
-variable "registry_id" {
-  description = "source of the image or enterprise ECR account"
-  type = string
-  default = "269222635945"
-}
-
 # helm repo add istio https://istio-release.storage.googleapis.com/charts
 # helm search repo istio/istiod
 variable "istio_chart_version" {