(ecr): ECR is generating invalid cloudformation

[cplee]

When creating an ECR repository with image_scan_on_push enabled, the resulting CloudFormation template is invalid and reports an error.

ecr_repo = ecr.Repository(
                self,
                "ecr-repository",
                image_scan_on_push=True,
                repository_name=ecr_repo_name,
            )

Stack operations on resource archivemicrosoftecrrepository7FB5D8DF would fail starting from 03/01/2021 as the template has invalid properties. Please refer to the resource documentation to fix the template. Properties validation failed for resource archivemicrosoftecrrepository7FB5D8DF with message: #/ImageScanningConfiguration: extraneous key [scanOnPush] is not permitted

Reproduction Steps

What did you expect to happen?

CloudFormation template should look like:

"ImageScanningConfiguration" : {
      "ScanOnPush": "true"
    }

What actually happened?

"ImageScanningConfiguration" : {
      "scanOnPush": "true"
    }

Environment

• CDK CLI Version : 1.91.0
• Framework Version: 1.91.0
• Node.js Version: v14.11.0
• OS : macOS
• Language (Version): Python 3.8.6

Other

---

This is 🐛 Bug Report

[NetaNir]

Were you able to deploy the template? The scheme is case insensitive** so it should work.
Generally, the Resource scheme is automatically generated from the CloudFormation spec, we only patch the generated L1s in the rare event the spec had a breaking change. See example in #12204.

---

**only true for some resources

[cplee]

This used to work but is now reporting the error above

[MrArnoldPalmer]

@cplee does this work with previous versions of CDK? Or was it working previously with 1.91.0 and then just stopped?

[cplee]

Check out aws-cloudformation/cloudformation-coverage-roadmap#245 for similar issue

[cplee]

Also, see: https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ecr/blob/9b93cbd64f26fe62a5389ea2df6a3d86274fe1fe/aws-ecr-repository/aws-ecr-repository.json

[MrArnoldPalmer]

Thanks @cplee. Was trying to figure out if this was something that changed on the service side, which it appears to be if this previously worked.

Gonna keep investigating as #13420 fixes this for users of ecr.Repository but someone using ecr.CfnRepository may be passing scanOnPush themselves and their app will be broken still.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.