Merge branch 'master' into associate-cloudmap-service

aws · Mar 9, 2021 · b9324b2 · b9324b2
2 parents eb19953 + c4dc3bc
commit b9324b2
Show file tree

Hide file tree

Showing 4 changed files with 47 additions and 0 deletions.
diff --git a/packages/@aws-cdk/aws-ecr/README.md b/packages/@aws-cdk/aws-ecr/README.md
@@ -74,6 +74,14 @@ ecr.PublicGalleryAuthorizationToken.grantRead(user);
 
 This user can then proceed to login to the registry using one of the [authentication methods](https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth).
 
+### Image tag immutability
+
+You can set tag immutability on images in our repository using the `imageTagMutability` construct prop.
+
+```ts
+new ecr.Repository(stack, 'Repo', { imageTagMutability: ecr.TagMutability.IMMUTABLE });
+```
+
 ## Automatically clean up repositories
 
 You can set life cycle rules to automatically clean up old images from your

diff --git a/packages/@aws-cdk/aws-ecr/lib/repository.ts b/packages/@aws-cdk/aws-ecr/lib/repository.ts
@@ -354,6 +354,13 @@ export interface RepositoryProps {
    *  @default false
    */
   readonly imageScanOnPush?: boolean;
+
+  /**
+   * The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten.
+   *
+   *  @default TagMutability.MUTABLE
+   */
+  readonly imageTagMutability?: TagMutability;
 }
 
 export interface RepositoryAttributes {
@@ -452,6 +459,7 @@ export class Repository extends RepositoryBase {
       imageScanningConfiguration: !props.imageScanOnPush ? undefined : {
         ScanOnPush: true,
       },
+      imageTagMutability: props.imageTagMutability || undefined,
     });
 
     resource.applyRemovalPolicy(props.removalPolicy);
@@ -610,3 +618,19 @@ const enum CountType {
    */
   SINCE_IMAGE_PUSHED = 'sinceImagePushed',
 }
+
+/**
+ * The tag mutability setting for your repository.
+ */
+export enum TagMutability {
+  /**
+   * allow image tags to be overwritten.
+   */
+  MUTABLE = 'MUTABLE',
+
+  /**
+   * all image tags within the repository will be immutable which will prevent them from being overwritten.
+   */
+  IMMUTABLE = 'IMMUTABLE',
+
+}
diff --git a/packages/@aws-cdk/aws-ecr/package.json b/packages/@aws-cdk/aws-ecr/package.json
@@ -103,6 +103,7 @@
       "import:@aws-cdk/aws-ecr.Repository",
       "construct-base-is-private:@aws-cdk/aws-ecr.RepositoryBase",
       "docs-public-apis:@aws-cdk/aws-ecr.Repository.fromRepositoryArn",
+      "docs-public-apis:@aws-cdk/aws-ecr.Repository.imageTagMutability",
       "docs-public-apis:@aws-cdk/aws-ecr.Repository.fromRepositoryName",
       "props-default-doc:@aws-cdk/aws-ecr.LifecycleRule.maxImageAge",
       "props-default-doc:@aws-cdk/aws-ecr.LifecycleRule.maxImageCount",

diff --git a/packages/@aws-cdk/aws-ecr/test/test.repository.ts b/packages/@aws-cdk/aws-ecr/test/test.repository.ts
@@ -63,6 +63,20 @@ export = {
     test.done();
   },
 
+
+  'image tag mutability can be set'(test: Test) {
+    // GIVEN
+    const stack = new cdk.Stack();
+    new ecr.Repository(stack, 'Repo', { imageTagMutability: ecr.TagMutability.IMMUTABLE });
+
+    // THEN
+    expect(stack).to(haveResource('AWS::ECR::Repository', {
+      ImageTagMutability: 'IMMUTABLE',
+    }));
+
+    test.done();
+  },
+
   'add day-based lifecycle policy'(test: Test) {
     // GIVEN
     const stack = new cdk.Stack();