Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(ecr): add imageTagMutability prop #10557

Merged
merged 11 commits into from
Mar 9, 2021
8 changes: 8 additions & 0 deletions packages/@aws-cdk/aws-ecr/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,14 @@ ecr.PublicGalleryAuthorizationToken.grantRead(user);

This user can then proceed to login to the registry using one of the [authentication methods](https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth).

### Image tag immutability

You can set tag immutability on images in our repository using the `imageTagMutability` construct prop.

```ts
new ecr.Repository(stack, 'Repo', { imageTagMutability: ecr.TagMutability.IMMUTABLE });
```

## Automatically clean up repositories

You can set life cycle rules to automatically clean up old images from your
Expand Down
24 changes: 24 additions & 0 deletions packages/@aws-cdk/aws-ecr/lib/repository.ts
Original file line number Diff line number Diff line change
Expand Up @@ -354,6 +354,13 @@ export interface RepositoryProps {
* @default false
*/
readonly imageScanOnPush?: boolean;

/**
* The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten.
*
* @default TagMutability.MUTABLE
*/
readonly imageTagMutability?: TagMutability;
}

export interface RepositoryAttributes {
Expand Down Expand Up @@ -452,6 +459,7 @@ export class Repository extends RepositoryBase {
imageScanningConfiguration: !props.imageScanOnPush ? undefined : {
ScanOnPush: true,
},
imageTagMutability: props.imageTagMutability || undefined,
});

resource.applyRemovalPolicy(props.removalPolicy);
Expand Down Expand Up @@ -610,3 +618,19 @@ const enum CountType {
*/
SINCE_IMAGE_PUSHED = 'sinceImagePushed',
}

/**
* The tag mutability setting for your repository.
*/
export enum TagMutability {
/**
* allow image tags to be overwritten.
*/
MUTABLE = 'MUTABLE',

/**
* all image tags within the repository will be immutable which will prevent them from being overwritten.
*/
IMMUTABLE = 'IMMUTABLE',

}
1 change: 1 addition & 0 deletions packages/@aws-cdk/aws-ecr/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,7 @@
"import:@aws-cdk/aws-ecr.Repository",
"construct-base-is-private:@aws-cdk/aws-ecr.RepositoryBase",
"docs-public-apis:@aws-cdk/aws-ecr.Repository.fromRepositoryArn",
"docs-public-apis:@aws-cdk/aws-ecr.Repository.imageTagMutability",
"docs-public-apis:@aws-cdk/aws-ecr.Repository.fromRepositoryName",
"props-default-doc:@aws-cdk/aws-ecr.LifecycleRule.maxImageAge",
"props-default-doc:@aws-cdk/aws-ecr.LifecycleRule.maxImageCount",
Expand Down
14 changes: 14 additions & 0 deletions packages/@aws-cdk/aws-ecr/test/test.repository.ts
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,20 @@ export = {
test.done();
},


'image tag mutability can be set'(test: Test) {
// GIVEN
const stack = new cdk.Stack();
new ecr.Repository(stack, 'Repo', { imageTagMutability: ecr.TagMutability.IMMUTABLE });

// THEN
expect(stack).to(haveResource('AWS::ECR::Repository', {
ImageTagMutability: 'IMMUTABLE',
}));

test.done();
},

'add day-based lifecycle policy'(test: Test) {
// GIVEN
const stack = new cdk.Stack();
Expand Down