feat(aws-ecr): add support for ECR repositories

packages/@aws-cdk/aws-ecr/lib/index.ts

@@ -1,2 +1,6 @@
 // AWS::ECR CloudFormation Resources:
 export * from './ecr.generated';
+
+export * from './repository';
+export * from './repository-ref';
+export * from './lifecycle';

packages/@aws-cdk/aws-ecr/lib/lifecycle.ts

@@ -0,0 +1,135 @@
+/**
+ * An ECR life cycle rule
+ */
+export interface LifecycleRule {
+ /**
+ * Controls the order in which rules are evaluated (low to high)
+ *
+ * When you add rules to a lifecycle policy, you must give them each a
+ * unique value for rulePriority. Values do not need to be sequential
+ * across rules in a policy. A rule with a tagStatus value of any must have
+ * the highest value for rulePriority and be evaluated last.
+ */
+ rulePriority: number;
+
+ /**
+ * Describes the purpose of the rule
+ *
+ * @default No description
+ */
+ description?: string;
+
+ /**
+ * Select images based on tags
+ *
+ * Only one rule is allowed to select untagged images, and it must
+ * have the highest rulePriority.
+ *
+ * @default TagStatus.Any
+ */
+ tagStatus?: TagStatus;
+
+ /**
+ * Select images that have ALL the given prefixes in their tag.
+ *
+ * Only if tagStatus == TagStatus.Any
+ */
+ tagPrefixList?: string[];
+
+ /**
+ * Specify limit type to apply to the repository
+ */
+ countType: CountType;
+
+ /**
+ * The unit of specifying the count
+ *
+ * Only applies when countType = CountType.SinceImagePushed.
+ *
+ * @default CountUnit.Days
+ */
+ countUnit?: CountUnit;
+
+ /**
+ * The number of images or days, according to countType
+ */
+ countNumber: number;
+
+ /**
+ * The action to take
+ *
+ * @default Action.expire
+ */
+ action?: Action;
+}
+
+/**
+ * Select images based on tags
+ */
+export enum TagStatus {
+ /**
+ * Rule applies to all images
+ */
+ Any = 'any',
+
+ /**
+ * Rule applies to tagged images
+ */
+ Tagged = 'tagged',
+
+ /**
+ * Rule applies to untagged images
+ */
+ Untagged = 'untagged',
+}
+
+/**
+ * Select images based on counts
+ */
+export enum CountType {
+ /**
+ * Set a limit on the number of images in your repository
+ */
+ ImageCountMoreThan = 'imageCountMoreThan',
+
+ /**
+ * Set an age limit on the images in your repository
+ */
+ SinceImagePushed = 'sinceImagePushed',
+}
+
+/**
+ * The unit to count time in
+ */
+export enum CountUnit {
+ /**
+ * countNumber is in days
+ */
+ Days = 'days',
+
+ /**
+ * Do not use this value
+ *
+ * It is here to work around issues with the JSII type checker that
+ * occur when an enum only has one member.
+ */
+ _ = '_',
+}
+
+/**
+ * Action to take on the image
+ */
+export enum Action {
+ /**
+ * The image is expired
+ */
+ Expire = 'expire',
+
+ /**
+ * Do not use this value
+ *
+ * It is here to work around issues with the JSII type checker that
+ * occur when an enum only has one member.
+ */
+ _ = '_',
+}

packages/@aws-cdk/aws-ecr/lib/repository-ref.ts

@@ -0,0 +1,80 @@
+import cdk = require('@aws-cdk/cdk');
+import { RepositoryArn, RepositoryName } from './ecr.generated';
+
+/**
+ * An ECR repository
+ */
+export abstract class RepositoryRef extends cdk.Construct {
+ /**
+ * Import a repository
+ */
+ public static import(parent: cdk.Construct, id: string, props: RepositoryRefProps): RepositoryRef {
+ return new ImportedRepository(parent, id, props);
+ }
+
+ /**
+ * The name of the repository
+ */
+ public abstract readonly repositoryName: RepositoryName;
+
+ /**
+ * The ARN of the repository
+ */
+ public abstract readonly repositoryArn: RepositoryArn;
+
+ public abstract addToResourcePolicy(statement: cdk.PolicyStatement): void;
+
+ /**
+ * Export this repository from the stack
+ */
+ public export(): RepositoryRefProps {
+ return {
+ repositoryName: new RepositoryName(new cdk.Output(this, 'RepositoryName', { value: this.repositoryName }).makeImportValue()),
+ repositoryArn: new RepositoryArn(new cdk.Output(this, 'RepositoryArn', { value: this.repositoryArn }).makeImportValue()),
+ };
+ }
+
+ /**
+ * The URI of the repository, for use in Docker/image references
+ */
+ public get repositoryUri(): RepositoryUri {
+ // Calculate this from the ARN
+ const parts = cdk.Arn.parseToken(this.repositoryArn);
+ return new cdk.FnConcat(
+ parts.account,
+ ".dkr.ecr.",
+ parts.region,
+ ".amazonaws.com/",
+ parts.resourceName
+ );
+ }
+}
+
+/**
+ * URI of a repository
+ */
+export class RepositoryUri extends cdk.CloudFormationToken {
+}
+
+export interface RepositoryRefProps {
+ repositoryName: RepositoryName;
+ repositoryArn: RepositoryArn;
+}
+
+/**
+ * An already existing repository
+ */
+class ImportedRepository extends RepositoryRef {
+ public readonly repositoryName: RepositoryName;
+ public readonly repositoryArn: RepositoryArn;
+
+ constructor(parent: cdk.Construct, id: string, props: RepositoryRefProps) {
+ super(parent, id);
+ this.repositoryName = props.repositoryName;
+ this.repositoryArn = props.repositoryArn;
+ }
+
+ public addToResourcePolicy(_statement: cdk.PolicyStatement) {
+ // FIXME: Add annotation about policy we dropped on the floor
+ }
+}

packages/@aws-cdk/aws-ecr/lib/repository.ts

@@ -0,0 +1,138 @@
+import cdk = require('@aws-cdk/cdk');
+import { cloudformation, RepositoryArn, RepositoryName } from './ecr.generated';
+import { Action, CountType, CountUnit, LifecycleRule, TagStatus } from './lifecycle';
+import { RepositoryRef } from "./repository-ref";
+
+export interface RepositoryProps {
+ /**
+ * Name for this repository
+ *
+ * @default Automatically generated name.
+ */
+ repositoryName?: string;
+
+ /**
+ * Life cycle rules to apply to this registry
+ *
+ * @default No life cycle rules
+ */
+ lifecycleRules?: LifecycleRule[];
+
+ /**
+ * The AWS account ID associated with the registry that contains the repository.
+ *
+ * @default The default registry is assumed.
+ */
+ lifecycleRegistryId?: string;
+
+ /**
+ * Retain the registry on stack deletion
+ *
+ * If you don't set this to true, the registry must be empty, otherwise
+ * your stack deletion will fail.
+ *
+ * @default false
+ */
+ retain?: boolean;
+}
+
+/**
+ * Define an ECR repository
+ */
+export class Repository extends RepositoryRef {
+ public readonly repositoryName: RepositoryName;
+ public readonly repositoryArn: RepositoryArn;
+ private readonly lifecycleRules = new Array<LifecycleRule>();
+ private readonly registryId?: string;
+ private policyDocument?: cdk.PolicyDocument;
+
+ constructor(parent: cdk.Construct, id: string, props: RepositoryProps = {}) {
+ super(parent, id);
+
+ const resource = new cloudformation.RepositoryResource(this, 'Resource', {
+ repositoryName: props.repositoryName,
+ // It says "Text", but they actually mean "Object".
+ repositoryPolicyText: this.policyDocument,
+ lifecyclePolicy: new cdk.Token(() => cdk.resolve(this.renderLifecyclePolicy())),
+ });
+
+ if (props.retain) {
+ resource.options.deletionPolicy = cdk.DeletionPolicy.Retain;
+ }
+
+ this.registryId = props.lifecycleRegistryId;
+ if (props.lifecycleRules) {
+ props.lifecycleRules.forEach(this.addLifecycleRule.bind(this));
+ }
+
+ this.repositoryName = resource.ref;
+ this.repositoryArn = resource.repositoryArn;
+ }
+
+ public addToResourcePolicy(statement: cdk.PolicyStatement) {
+ if (this.policyDocument === undefined) {
+ this.policyDocument = new cdk.PolicyDocument();
+ }
+ this.policyDocument.addStatement(statement);
+ }
+
+ public addLifecycleRule(rule: LifecycleRule) {
+ this.lifecycleRules.push(rule);
+ }
+
+ private renderLifecyclePolicy(): cloudformation.RepositoryResource.LifecyclePolicyProperty | undefined {
+ let lifecyclePolicyText: any;
+
+ if (this.lifecycleRules.length === 0 && !this.registryId) { return undefined; }
+
+ if (this.lifecycleRules.length > 0) {
+ lifecyclePolicyText = JSON.stringify({
+ rules: this.lifecycleRules.map(renderLifecycleRule),
+ });
+ }
+
+ return {
+ lifecyclePolicyText,
+ registryId: this.registryId,
+ };
+ }
+}
+
+/**
+ * Render the lifecycle rule to JSON
+ */
+function renderLifecycleRule(rule: LifecycleRule) {
+ if (rule.tagStatus === TagStatus.Tagged && (rule.tagPrefixList === undefined || rule.tagPrefixList.length === 0)) {
+ throw new Error('TagStatus.Tagged requires the specification of a tagPrefixList');
+ }
+ if (rule.tagStatus !== TagStatus.Tagged && rule.tagPrefixList !== undefined) {
+ throw new Error('tagPrefixList can only be specified when tagStatus is set to Tagged');
+ }
+
+ if (rule.countType !== CountType.SinceImagePushed && rule.countUnit !== undefined) {
+ throw new Error('countUnit can only be specified when countType is set to SinceImagePushed');
+ }
+
+ if (rule.countUnit === CountUnit._) {
+ throw new Error('Do not use CountUnit._');
+ }
+
+ if (rule.action === Action._) {
+ throw new Error('Do not use Action._');
+ }
+
+ return {
+ rulePriority: rule.rulePriority,
+ description: rule.description,
+ selection: {
+ tagStatus: rule.tagStatus || TagStatus.Any,
+ tagPrefixList: rule.tagPrefixList,
+ countType: rule.countType,
+ countNumber: rule.countNumber,
+ countUnit: rule.countType === CountType.SinceImagePushed ? (rule.countUnit || CountUnit.Days) : undefined,
+ },
+ action: {
+ type: rule.action || Action.Expire
+ }
+ };
+}

packages/@aws-cdk/aws-ecr/package.json

@@ -55,7 +55,8 @@
  "@aws-cdk/assert": "^0.9.0",
  "cdk-build-tools": "^0.9.0",
  "cfn2ts": "^0.9.0",
- "pkglint": "^0.9.0"
+ "pkglint": "^0.9.0",
+ "cdk-integ-tools": "^0.9.0"
  },
  "dependencies": {
  "@aws-cdk/cdk": "^0.9.0"