From 0bcc4b4b9d0a3dab29be343c4c3db4da7bbde00a Mon Sep 17 00:00:00 2001 From: Torben <8199725+tenjaa@users.noreply.github.com> Date: Thu, 17 Aug 2023 18:43:14 +0200 Subject: [PATCH] feat(app-staging-synthesizer): enable tag immutability (#26656) Closes https://github.com/aws/aws-cdk/issues/26655 I cannot run the integration tests and therefore cannot update the snapshot :( ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../lib/default-staging-stack.ts | 1 + ...-resourcesmax-ACCOUNT-REGION.template.json | 2 + .../tree.json | 254 +++++++++--------- 3 files changed, 131 insertions(+), 126 deletions(-) diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/default-staging-stack.ts b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/default-staging-stack.ts index 6875de6a123d2..3b3469cdbd827 100644 --- a/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/default-staging-stack.ts +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/default-staging-stack.ts @@ -422,6 +422,7 @@ export class DefaultStagingStack extends Stack implements IStagingResources { if (this.stagingRepos[asset.assetName] === undefined) { this.stagingRepos[asset.assetName] = new ecr.Repository(this, repoName, { repositoryName: repoName, + imageTagMutability: ecr.TagMutability.IMMUTABLE, lifecycleRules: [{ description: 'Garbage collect old image versions', maxImageCount: this.props.imageAssetVersionCount ?? 3, diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json index e414b1a846fa0..0be5d5c16bf64 100644 --- a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json @@ -567,6 +567,7 @@ "defaultresourcesmaxecrasset13112F7F9": { "Type": "AWS::ECR::Repository", "Properties": { + "ImageTagMutability": "IMMUTABLE", "LifecyclePolicy": { "LifecyclePolicyText": "{\"rules\":[{\"rulePriority\":1,\"description\":\"Garbage collect old image versions\",\"selection\":{\"tagStatus\":\"any\",\"countType\":\"imageCountMoreThan\",\"countNumber\":3},\"action\":{\"type\":\"expire\"}}]}" }, @@ -693,6 +694,7 @@ "defaultresourcesmaxecrasset2904B88A7": { "Type": "AWS::ECR::Repository", "Properties": { + "ImageTagMutability": "IMMUTABLE", "LifecyclePolicy": { "LifecyclePolicyText": "{\"rules\":[{\"rulePriority\":1,\"description\":\"Garbage collect old image versions\",\"selection\":{\"tagStatus\":\"any\",\"countType\":\"imageCountMoreThan\",\"countNumber\":3},\"action\":{\"type\":\"expire\"}}]}" }, diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/tree.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/tree.json index 7cc6ef475d20b..567d7bd469420 100644 --- a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/tree.json +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/tree.json @@ -28,8 +28,8 @@ "id": "ImportServiceRole", "path": "synthesize-default-resources/lambda-s3/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "Resource": { @@ -67,14 +67,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" } }, "Code": { @@ -85,22 +85,22 @@ "id": "Stage", "path": "synthesize-default-resources/lambda-s3/Code/Stage", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" } }, "AssetBucket": { "id": "AssetBucket", "path": "synthesize-default-resources/lambda-s3/Code/AssetBucket", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" } }, "Resource": { @@ -126,14 +126,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0" } }, "lambda-ecr-1-copy": { @@ -148,8 +148,8 @@ "id": "ImportServiceRole", "path": "synthesize-default-resources/lambda-ecr-1-copy/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "Resource": { @@ -187,14 +187,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" } }, "AssetImage": { @@ -205,22 +205,22 @@ "id": "Staging", "path": "synthesize-default-resources/lambda-ecr-1-copy/AssetImage/Staging", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" } }, "Repository": { "id": "Repository", "path": "synthesize-default-resources/lambda-ecr-1-copy/AssetImage/Repository", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_ecr.RepositoryBase", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_ecr_assets.DockerImageAsset", + "version": "0.0.0" } }, "Resource": { @@ -244,14 +244,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0" } }, "lambda-ecr-two": { @@ -266,8 +266,8 @@ "id": "ImportServiceRole", "path": "synthesize-default-resources/lambda-ecr-two/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "Resource": { @@ -305,14 +305,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" } }, "AssetImage": { @@ -323,22 +323,22 @@ "id": "Staging", "path": "synthesize-default-resources/lambda-ecr-two/AssetImage/Staging", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" } }, "Repository": { "id": "Repository", "path": "synthesize-default-resources/lambda-ecr-two/AssetImage/Repository", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_ecr.RepositoryBase", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_ecr_assets.DockerImageAsset", + "version": "0.0.0" } }, "Resource": { @@ -362,20 +362,20 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" } }, "StagingStack-default-resourcesmax-ACCOUNT-REGION": { @@ -390,8 +390,8 @@ "id": "ImportCdkFileRole", "path": "StagingStack-default-resourcesmax-ACCOUNT-REGION/CdkFileRole/ImportCdkFileRole", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "Resource": { @@ -441,8 +441,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" } }, "DefaultPolicy": { @@ -522,20 +522,20 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" } }, "BucketKey": { @@ -617,8 +617,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_kms.CfnKey", + "version": "0.0.0" } }, "Alias": { @@ -641,20 +641,20 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_kms.CfnAlias", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_kms.Alias", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_kms.Key", + "version": "0.0.0" } }, "CdkStagingBucket": { @@ -724,8 +724,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" } }, "Policy": { @@ -876,14 +876,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", + "version": "0.0.0" } }, "AutoDeleteObjectsCustomResource": { @@ -894,20 +894,20 @@ "id": "Default", "path": "StagingStack-default-resourcesmax-ACCOUNT-REGION/CdkStagingBucket/AutoDeleteObjectsCustomResource/Default", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0" } }, "Custom::S3AutoDeleteObjectsCustomResourceProvider": { @@ -918,22 +918,22 @@ "id": "Role", "path": "StagingStack-default-resourcesmax-ACCOUNT-REGION/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" } }, "Handler": { "id": "Handler", "path": "StagingStack-default-resourcesmax-ACCOUNT-REGION/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.CustomResourceProvider", + "version": "0.0.0" } }, "CdkImageRole": { @@ -944,8 +944,8 @@ "id": "ImportCdkImageRole", "path": "StagingStack-default-resourcesmax-ACCOUNT-REGION/CdkImageRole/ImportCdkImageRole", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "Resource": { @@ -995,8 +995,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" } }, "DefaultPolicy": { @@ -1056,20 +1056,20 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" } }, "default-resourcesmax--ecr-asset--1": { @@ -1082,6 +1082,7 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::ECR::Repository", "aws:cdk:cloudformation:props": { + "imageTagMutability": "IMMUTABLE", "lifecyclePolicy": { "lifecyclePolicyText": "{\"rules\":[{\"rulePriority\":1,\"description\":\"Garbage collect old image versions\",\"selection\":{\"tagStatus\":\"any\",\"countType\":\"imageCountMoreThan\",\"countNumber\":3},\"action\":{\"type\":\"expire\"}}]}" }, @@ -1095,8 +1096,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_ecr.CfnRepository", + "version": "0.0.0" } }, "AutoDeleteImagesCustomResource": { @@ -1107,20 +1108,20 @@ "id": "Default", "path": "StagingStack-default-resourcesmax-ACCOUNT-REGION/default-resourcesmax--ecr-asset--1/AutoDeleteImagesCustomResource/Default", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_ecr.Repository", + "version": "0.0.0" } }, "Custom::ECRAutoDeleteImagesCustomResourceProvider": { @@ -1131,22 +1132,22 @@ "id": "Role", "path": "StagingStack-default-resourcesmax-ACCOUNT-REGION/Custom::ECRAutoDeleteImagesCustomResourceProvider/Role", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" } }, "Handler": { "id": "Handler", "path": "StagingStack-default-resourcesmax-ACCOUNT-REGION/Custom::ECRAutoDeleteImagesCustomResourceProvider/Handler", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.CustomResourceProvider", + "version": "0.0.0" } }, "default-resourcesmax--ecr-asset-2": { @@ -1159,6 +1160,7 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::ECR::Repository", "aws:cdk:cloudformation:props": { + "imageTagMutability": "IMMUTABLE", "lifecyclePolicy": { "lifecyclePolicyText": "{\"rules\":[{\"rulePriority\":1,\"description\":\"Garbage collect old image versions\",\"selection\":{\"tagStatus\":\"any\",\"countType\":\"imageCountMoreThan\",\"countNumber\":3},\"action\":{\"type\":\"expire\"}}]}" }, @@ -1172,8 +1174,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_ecr.CfnRepository", + "version": "0.0.0" } }, "AutoDeleteImagesCustomResource": { @@ -1184,20 +1186,20 @@ "id": "Default", "path": "StagingStack-default-resourcesmax-ACCOUNT-REGION/default-resourcesmax--ecr-asset-2/AutoDeleteImagesCustomResource/Default", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.aws_ecr.Repository", + "version": "0.0.0" } } }, @@ -1230,22 +1232,22 @@ "id": "BootstrapVersion", "path": "integ-tests/DefaultTest/DeployAssert/BootstrapVersion", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "integ-tests/DefaultTest/DeployAssert/CheckBootstrapVersion", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" } } }, @@ -1270,8 +1272,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.69" + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" } } } \ No newline at end of file