feat(core): support ssh build arg in DockerImageAsset (#26356)

Adds support for the docker build --ssh flag for specifying ssh agent socket or ssh keys for ecr DockerImageAsset

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/demo-image-ssh/Dockerfile

@@ -0,0 +1,10 @@
+FROM public.ecr.aws/lambda/python:3.6
+RUN yum makecache fast
+RUN yum install -y openssh-clients
+RUN ssh-keygen -t rsa -b 2048 -f /root/.ssh/id_rsa -q -N ""
+RUN ssh-keygen -y -f /root/.ssh/id_rsa > /root/.ssh/id_rsa.pub
+RUN cat /root/.ssh/id_rsa.pub >> out.pub
+WORKDIR /app
+EXPOSE 8000
+ADD . /app
+CMD python3 index.py

packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/demo-image-ssh/index.py

@@ -0,0 +1,35 @@
+#!/usr/bin/python
+import os
+import sys
+import textwrap
+import http.server
+import socketserver
+
+PORT = 8000
+
+class Handler(http.server.SimpleHTTPRequestHandler):
+    def do_GET(self):
+        with open('/root/.ssh/id_rsa.pub', 'r') as file:
+            data = file.read()
+
+        self.send_response(200)
+        self.send_header('Content-Type', 'text/html')
+        self.end_headers()
+        self.wfile.write(textwrap.dedent(f'''\
+            <!doctype html>
+            <html><head><title>It works</title></head>
+            <body>
+                <h1>Hello from the integ test container</h1>
+                <p>This container got built and started as part of the integ test.</p>
+                <p>Public key: {data}</p>
+                <img src="https://media.giphy.com/media/nFjDu1LjEADh6/giphy.gif">
+            </body>
+            ''').encode('utf-8'))
+
+def main():
+    httpd = http.server.HTTPServer(("", PORT), Handler)
+    print("serving at port", PORT)
+    httpd.serve_forever()
+
+if __name__ == '__main__':
+    main()

packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/integ.assets-docker.js.snapshot/asset.6308cecadfac022764e8f3e3272baeab95b48a260cae3978b7ef93bd3ff2be17/Dockerfile

@@ -0,0 +1,7 @@
+FROM public.ecr.aws/lambda/python:3.6
+RUN yum makecache fast
+RUN yum install -y openssh-clients
+RUN ssh-keygen -t rsa -b 2048 -f /root/.ssh/id_rsa -q -N ""
+RUN ssh-keygen -y -f /root/.ssh/id_rsa > /root/.ssh/id_rsa.pub
+WORKDIR /app
+CMD python3 index.py

packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/integ.assets-docker.js.snapshot/asset.6308cecadfac022764e8f3e3272baeab95b48a260cae3978b7ef93bd3ff2be17/index.py

@@ -0,0 +1,35 @@
+#!/usr/bin/python
+import os
+import sys
+import textwrap
+import http.server
+import socketserver
+
+PORT = 8000
+
+class Handler(http.server.SimpleHTTPRequestHandler):
+    def do_GET(self):
+        with open('/root/.ssh/id_rsa.pub', 'r') as file:
+            data = file.read()
+
+        self.send_response(200)
+        self.send_header('Content-Type', 'text/html')
+        self.end_headers()
+        self.wfile.write(textwrap.dedent(f'''\
+            <!doctype html>
+            <html><head><title>It works</title></head>
+            <body>
+                <h1>Hello from the integ test container</h1>
+                <p>This container got built and started as part of the integ test.</p>
+                <p>Public key: {data}</p>
+                <img src="https://media.giphy.com/media/nFjDu1LjEADh6/giphy.gif">
+            </body>
+            ''').encode('utf-8'))
+
+def main():
+    httpd = http.server.HTTPServer(("", PORT), Handler)
+    print("serving at port", PORT)
+    httpd.serve_forever()
+
+if __name__ == '__main__':
+    main()

packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/integ.assets-docker.js.snapshot/cdk.out

@@ -1 +1 @@
-{"version":"29.0.0"}
+{"version":"33.0.0"}

packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/integ.assets-docker.js.snapshot/integ-assets-docker.assets.json

@@ -1,15 +1,15 @@
 {
-  "version": "29.0.0",
+  "version": "33.0.0",
   "files": {
-    "b1025f887a56783d23c02c714067f4e119f3a3393c9db47c7ce05076e52e58bd": {
+    "edc1ba041db81671404e8a861496095ba07bd672d374473e59818e6cb877af42": {
       "source": {
         "path": "integ-assets-docker.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "b1025f887a56783d23c02c714067f4e119f3a3393c9db47c7ce05076e52e58bd.json",
+          "objectKey": "edc1ba041db81671404e8a861496095ba07bd672d374473e59818e6cb877af42.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }
@@ -70,6 +70,18 @@
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-image-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }
+    },
+    "6308cecadfac022764e8f3e3272baeab95b48a260cae3978b7ef93bd3ff2be17": {
+      "source": {
+        "directory": "asset.6308cecadfac022764e8f3e3272baeab95b48a260cae3978b7ef93bd3ff2be17"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "repositoryName": "cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}",
+          "imageTag": "6308cecadfac022764e8f3e3272baeab95b48a260cae3978b7ef93bd3ff2be17",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-image-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
     }
   }
 }

packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/integ.assets-docker.js.snapshot/integ-assets-docker.template.json

@@ -86,6 +86,11 @@
    "Value": {
     "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14"
    }
+  },
+  "ImageUri7": {
+   "Value": {
+    "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:6308cecadfac022764e8f3e3272baeab95b48a260cae3978b7ef93bd3ff2be17"
+   }
   }
  },
  "Parameters": {

packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/integ.assets-docker.js.snapshot/integ.json

@@ -1,5 +1,5 @@
 {
-  "version": "29.0.0",
+  "version": "33.0.0",
   "testCases": {
     "integ.assets-docker": {
       "stacks": [

packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/integ.assets-docker.js.snapshot/manifest.json

@@ -1,5 +1,5 @@
 {
-  "version": "29.0.0",
+  "version": "33.0.0",
   "artifacts": {
     "integ-assets-docker.assets": {
       "type": "cdk:asset-manifest",
@@ -17,7 +17,7 @@
         "validateOnSynth": false,
         "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
         "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
-        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/b1025f887a56783d23c02c714067f4e119f3a3393c9db47c7ce05076e52e58bd.json",
+        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/edc1ba041db81671404e8a861496095ba07bd672d374473e59818e6cb877af42.json",
         "requiresBootstrapStackVersion": 6,
         "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
         "additionalDependencies": [
@@ -75,6 +75,18 @@
             "data": "ImageUri5"
           }
         ],
+        "/integ-assets-docker/ImageUri6": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "ImageUri6"
+          }
+        ],
+        "/integ-assets-docker/ImageUri7": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "ImageUri7"
+          }
+        ],
         "/integ-assets-docker/BootstrapVersion": [
           {
             "type": "aws:cdk:logicalId",