From 17b408657d3470b89a490501a35e79dc6d20cc38 Mon Sep 17 00:00:00 2001
From: Sunil Kumar Mohanty <sunil.mohanty@futurice.com>
Date: Tue, 30 Jul 2019 23:25:58 +0300
Subject: [PATCH 1/3] add support for ecr immutable tags

---
 aws/resource_aws_ecr_repository.go      | 36 +++++++++++++++++++++++--
 aws/resource_aws_ecr_repository_test.go | 30 +++++++++++++++++++++
 2 files changed, 64 insertions(+), 2 deletions(-)

diff --git a/aws/resource_aws_ecr_repository.go b/aws/resource_aws_ecr_repository.go
index 2b22b1a37ad..dff1748326c 100644
--- a/aws/resource_aws_ecr_repository.go
+++ b/aws/resource_aws_ecr_repository.go
@@ -10,6 +10,7 @@ import (
 	"github.com/aws/aws-sdk-go/service/ecr"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/helper/validation"
 )
 
 func resourceAwsEcrRepository() *schema.Resource {
@@ -32,6 +33,15 @@ func resourceAwsEcrRepository() *schema.Resource {
 				Required: true,
 				ForceNew: true,
 			},
+			"image_tag_mutability": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  ecr.ImageTagMutabilityMutable,
+				ValidateFunc: validation.StringInSlice([]string{
+					ecr.ImageTagMutabilityMutable,
+					ecr.ImageTagMutabilityImmutable,
+				}, false),
+			},
 			"tags": tagsSchema(),
 			"arn": {
 				Type:     schema.TypeString,
@@ -53,8 +63,9 @@ func resourceAwsEcrRepositoryCreate(d *schema.ResourceData, meta interface{}) er
 	conn := meta.(*AWSClient).ecrconn
 
 	input := ecr.CreateRepositoryInput{
-		RepositoryName: aws.String(d.Get("name").(string)),
-		Tags:           tagsFromMapECR(d.Get("tags").(map[string]interface{})),
+		ImageTagMutability: aws.String(d.Get("image_tag_mutability").(string)),
+		RepositoryName:     aws.String(d.Get("name").(string)),
+		Tags:               tagsFromMapECR(d.Get("tags").(map[string]interface{})),
 	}
 
 	log.Printf("[DEBUG] Creating ECR repository: %#v", input)
@@ -124,6 +135,12 @@ func resourceAwsEcrRepositoryRead(d *schema.ResourceData, meta interface{}) erro
 func resourceAwsEcrRepositoryUpdate(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*AWSClient).ecrconn
 
+	if d.HasChange("image_tag_mutability") {
+		if err := resourceAwsEcrRepositoryUpdateImageTagMutability(conn, d); err != nil {
+			return err
+		}
+	}
+
 	if err := setTagsECR(conn, d); err != nil {
 		return fmt.Errorf("error setting ECR repository tags: %s", err)
 	}
@@ -177,3 +194,18 @@ func resourceAwsEcrRepositoryDelete(d *schema.ResourceData, meta interface{}) er
 
 	return nil
 }
+
+func resourceAwsEcrRepositoryUpdateImageTagMutability(conn *ecr.ECR, d *schema.ResourceData) error {
+	input := &ecr.PutImageTagMutabilityInput{
+		ImageTagMutability: aws.String(d.Get("image_tag_mutability").(string)),
+		RepositoryName:     aws.String(d.Id()),
+		RegistryId:         aws.String(d.Get("registry_id").(string)),
+	}
+
+	_, err := conn.PutImageTagMutability(input)
+	if err != nil {
+		return fmt.Errorf("Error setting image tag mutability: %s", err.Error())
+	}
+
+	return nil
+}
diff --git a/aws/resource_aws_ecr_repository_test.go b/aws/resource_aws_ecr_repository_test.go
index 37091acabe8..0268a4ab5ba 100644
--- a/aws/resource_aws_ecr_repository_test.go
+++ b/aws/resource_aws_ecr_repository_test.go
@@ -70,6 +70,27 @@ func TestAccAWSEcrRepository_tags(t *testing.T) {
 	})
 }
 
+func TestAccAWSEcrRepository_immutability(t *testing.T) {
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+	resourceName := "aws_ecr_repository.default"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSEcrRepositoryDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSEcrRepositoryConfig_immutability(rName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSEcrRepositoryExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "name", rName),
+					resource.TestCheckResourceAttr(resourceName, "image_tag_mutability", "IMMUTABLE"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckAWSEcrRepositoryDestroy(s *terraform.State) error {
 	conn := testAccProvider.Meta().(*AWSClient).ecrconn
 
@@ -159,3 +180,12 @@ resource "aws_ecr_repository" "default" {
 }
 `, rName)
 }
+
+func testAccAWSEcrRepositoryConfig_immutability(rName string) string {
+	return fmt.Sprintf(`
+resource "aws_ecr_repository" "default" {
+  name = %q
+  image_tag_mutability = "IMMUTABLE"
+}
+`, rName)
+}

From 5b26cabf032de11705cc7359a53f2163cc703dab Mon Sep 17 00:00:00 2001
From: Sunil Kumar Mohanty <sunil.mohanty@futurice.com>
Date: Tue, 30 Jul 2019 23:31:05 +0300
Subject: [PATCH 2/3] update documentation

---
 website/docs/r/ecr_repository.html.markdown | 1 +
 1 file changed, 1 insertion(+)

diff --git a/website/docs/r/ecr_repository.html.markdown b/website/docs/r/ecr_repository.html.markdown
index b62d983518c..fb80bca2947 100644
--- a/website/docs/r/ecr_repository.html.markdown
+++ b/website/docs/r/ecr_repository.html.markdown
@@ -23,6 +23,7 @@ resource "aws_ecr_repository" "foo" {
 The following arguments are supported:
 
 * `name` - (Required) Name of the repository.
+* `image_tag_mutability` - (Optional) The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE`
 * `tags` - (Optional) A mapping of tags to assign to the resource.
 
 ## Attributes Reference

From aeb4a9899a79d618dd5576f76d40b25d72cdff16 Mon Sep 17 00:00:00 2001
From: Sunil Kumar Mohanty <sunil.mohanty@futurice.com>
Date: Fri, 2 Aug 2019 23:48:10 +0300
Subject: [PATCH 3/3] add import testing, update documentation and fix read
 function

---
 aws/resource_aws_ecr_repository.go          | 1 +
 aws/resource_aws_ecr_repository_test.go     | 5 +++++
 website/docs/r/ecr_repository.html.markdown | 2 +-
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/aws/resource_aws_ecr_repository.go b/aws/resource_aws_ecr_repository.go
index dff1748326c..571b7d627d8 100644
--- a/aws/resource_aws_ecr_repository.go
+++ b/aws/resource_aws_ecr_repository.go
@@ -124,6 +124,7 @@ func resourceAwsEcrRepositoryRead(d *schema.ResourceData, meta interface{}) erro
 	d.Set("name", repository.RepositoryName)
 	d.Set("registry_id", repository.RegistryId)
 	d.Set("repository_url", repository.RepositoryUri)
+	d.Set("image_tag_mutability", repository.ImageTagMutability)
 
 	if err := getTagsECR(conn, d); err != nil {
 		return fmt.Errorf("error getting ECR repository tags: %s", err)
diff --git a/aws/resource_aws_ecr_repository_test.go b/aws/resource_aws_ecr_repository_test.go
index 0268a4ab5ba..e53951b39cf 100644
--- a/aws/resource_aws_ecr_repository_test.go
+++ b/aws/resource_aws_ecr_repository_test.go
@@ -87,6 +87,11 @@ func TestAccAWSEcrRepository_immutability(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "image_tag_mutability", "IMMUTABLE"),
 				),
 			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
diff --git a/website/docs/r/ecr_repository.html.markdown b/website/docs/r/ecr_repository.html.markdown
index fb80bca2947..874a6f957e7 100644
--- a/website/docs/r/ecr_repository.html.markdown
+++ b/website/docs/r/ecr_repository.html.markdown
@@ -23,7 +23,7 @@ resource "aws_ecr_repository" "foo" {
 The following arguments are supported:
 
 * `name` - (Required) Name of the repository.
-* `image_tag_mutability` - (Optional) The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE`
+* `image_tag_mutability` - (Optional) The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE`. Defaults to `MUTABLE`.
 * `tags` - (Optional) A mapping of tags to assign to the resource.
 
 ## Attributes Reference