Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docker image assets should be usable outside of ECS #1219

Closed
eladb opened this issue Nov 20, 2018 · 0 comments · Fixed by #1233
Closed

docker image assets should be usable outside of ECS #1219

eladb opened this issue Nov 20, 2018 · 0 comments · Fixed by #1233
Labels
feature-request A feature should be added or improved.

Comments

@eladb
Copy link
Contributor

eladb commented Nov 20, 2018

At the moment, ImageAsset is part of the ECS library. There are definitely use cases where you'd want to use a docker image asset outside of an ECS context (EKS, CodeBuild, etc).

Extract the code to @aws-cdk/assets-docker

eladb pushed a commit that referenced this issue Nov 22, 2018
This change enables using Docker assets as CodeBuild images.

In order to enable that, a few changes were required in how Docker assets
are modeled:

Extracted a low-level `DockerImageAsset` class into a new module called
@aws-cdk/assets-docker. This module provides the basic interaction with
the toolkit and allows higher level APIs such as ECR or CodeBuild to
manage permissions on the asset repository.

Since CodeBuild needs permissions at the resource policy level (since
images are not pulled via an assumed role), the adopted repository
custom resource was extended to support specifying an arbitrary policy
document for the repository. This is made available via an overload of
`addToResourcePolicy` implemented by `AdoptedRepository`.

In order to fix #1232 and simplify, the protocol between the toolkit and
the asset class have been changed to only pass in the _repository name_
and the _tag_ (together). Previously the ARN of the repository was used,
but it is impossible to parse the repository name from the ARN using
CFN's split/select. It is possible to produce the ARN from a name, and
the repository is ensured to be "local" to the account/region.

Modernized ECR import/export and converted `RepositoryRef` to `IRepository`,
and modified `ImportedRepository` to only parse the repository name from 
ARN in case the ARN is concrete (not a token). Otherwise, the name is
also required.

Renamed `grantUseImage` to `grantPull` and added `grantPullPush`.

Added `repositoryUriForTag(tag)`.

Fixes #1219

BREAKING CHANGE: `ecr.RepositoryRef` has been replaced by `ecr.IRepository`, which
means that `RepositoryRef.import` is now `Repository.import`. Futhermore, the CDK 
Toolkit must also be upgraded since the docker asset protocol was modified. 
`IRepository.grantUseImage` was renamed to `IRepository.grantPull`.
eladb pushed a commit that referenced this issue Nov 30, 2018
…1233)

This change enables using Docker assets as CodeBuild images.

In order to enable that, a few changes were required in how Docker assets
are modeled:

Extracted a low-level `DockerImageAsset` class into a new module called
@aws-cdk/assets-docker. This module provides the basic interaction with
the toolkit and allows higher level APIs such as ECR or CodeBuild to
manage permissions on the asset repository.

Since CodeBuild needs permissions at the resource policy level (since
images are not pulled via an assumed role), the adopted repository
custom resource was extended to support specifying an arbitrary policy
document for the repository. This is made available via an overload of
`addToResourcePolicy` implemented by `AdoptedRepository`.

In order to fix #1232 and simplify, the protocol between the toolkit and
the asset class have been changed to only pass in the _repository name_
and the _tag_ (together). Previously the ARN of the repository was used,
but it is impossible to parse the repository name from the ARN using
CFN's split/select. It is possible to produce the ARN from a name, and
the repository is ensured to be "local" to the account/region.

Modernized ECR import/export and converted `RepositoryRef` to `IRepository`,
and modified `ImportedRepository` to only parse the repository name from 
ARN in case the ARN is concrete (not a token). Otherwise, the name is
also required.

- Bump cxapi version to 0.19.0 (since protocol changed)
- In integration tests, use local modules instead of "npm install"
- Remove init template tests. Since they use "npm install" they can't
  really be validated like this against the local bits. We have integration
  tests for init template in our pipeline that work against the latest build.

Renamed `grantUseImage` to `grantPull` and added `grantPullPush`.

Added `repositoryUriForTag(tag)`.

Fixes #1219

BREAKING CHANGE: `ecr.RepositoryRef` has been replaced by `ecr.IRepository`, which
means that `RepositoryRef.import` is now `Repository.import`. Futhermore, the CDK 
Toolkit must also be upgraded since the docker asset protocol was modified. 
`IRepository.grantUseImage` was renamed to `IRepository.grantPull`.
@srchase srchase added feature-request A feature should be added or improved. and removed enhancement labels Jan 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature-request A feature should be added or improved.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants