daniel/agent-claw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

agent-claw: automated task changes

Browse Source
This commit is contained in:
daniel
2026-05-06 18:55:16 -05:00
parent 38905bb1e9
commit 732b00fb66
8494 changed files with 2018127 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
cdk/node_modules/aws-cdk-lib/aws-ecr/.jsiirc.json generated vendored Normal file
View File

@@ -0,0 +1,13 @@
{
"targets": {
"java": {
"package": "software.amazon.awscdk.services.ecr"
},
"dotnet": {
"namespace": "Amazon.CDK.AWS.ECR"
},
"python": {
"module": "aws_cdk.aws_ecr"
}
}
}

302
cdk/node_modules/aws-cdk-lib/aws-ecr/README.md generated vendored Normal file
View File

@@ -0,0 +1,302 @@
# Amazon ECR Construct Library
This package contains constructs for working with Amazon Elastic Container Registry.
## Repositories
Define a repository by creating a new instance of `Repository`. A repository
holds multiple versions of a single container image.
```ts
const repository = new ecr.Repository(this, 'Repository');
```
## Image scanning
Amazon ECR image scanning helps in identifying software vulnerabilities in your container images.
You can manually scan container images stored in Amazon ECR, or you can configure your repositories
to scan images when you push them to a repository. To create a new repository to scan on push, simply
enable `imageScanOnPush` in the properties.
```ts
const repository = new ecr.Repository(this, 'Repo', {
imageScanOnPush: true,
});
```
To create an `onImageScanCompleted` event rule and trigger the event target
```ts
declare const repository: ecr.Repository;
declare const target: SomeTarget;
repository.onImageScanCompleted('ImageScanComplete')
.addTarget(target);
```
### Authorization Token
Besides the Amazon ECR APIs, ECR also allows the Docker CLI or a language-specific Docker library to push and pull
images from an ECR repository. However, the Docker CLI does not support native IAM authentication methods and
additional steps must be taken so that Amazon ECR can authenticate and authorize Docker push and pull requests.
More information can be found at [Registry Authentication](https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth).
A Docker authorization token can be obtained using the `GetAuthorizationToken` ECR API. The following code snippets
grants an IAM user access to call this API.
```ts
const user = new iam.User(this, 'User');
ecr.AuthorizationToken.grantRead(user);
```
If you access images in the [Public ECR Gallery](https://gallery.ecr.aws/) as well, it is recommended you authenticate to the registry to benefit from
higher rate and bandwidth limits.
> See `Pricing` in https://aws.amazon.com/blogs/aws/amazon-ecr-public-a-new-public-container-registry/ and [Service quotas](https://docs.aws.amazon.com/AmazonECR/latest/public/public-service-quotas.html).
The following code snippet grants an IAM user access to retrieve an authorization token for the public gallery.
```ts
const user = new iam.User(this, 'User');
ecr.PublicGalleryAuthorizationToken.grantRead(user);
```
This user can then proceed to login to the registry using one of the [authentication methods](https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth).
### Other Grantee
#### grantPush
The grantPush method grants the specified IAM entity (the grantee) permission to push images to the ECR repository. Specifically, it grants permissions for the following actions:
- 'ecr:CompleteLayerUpload'
- 'ecr:UploadLayerPart'
- 'ecr:InitiateLayerUpload'
- 'ecr:BatchCheckLayerAvailability'
- 'ecr:PutImage'
- 'ecr:GetAuthorizationToken'
Here is an example of granting a user push permissions:
```ts
declare const repository: ecr.Repository;
const role = new iam.Role(this, 'Role', {
assumedBy: new iam.ServicePrincipal('codebuild.amazonaws.com'),
});
repository.grantPush(role);
```
#### grantPull
The grantPull method grants the specified IAM entity (the grantee) permission to pull images from the ECR repository. Specifically, it grants permissions for the following actions:
- 'ecr:BatchCheckLayerAvailability'
- 'ecr:GetDownloadUrlForLayer'
- 'ecr:BatchGetImage'
- 'ecr:GetAuthorizationToken'
```ts
declare const repository: ecr.Repository;
const role = new iam.Role(this, 'Role', {
assumedBy: new iam.ServicePrincipal('codebuild.amazonaws.com'),
});
repository.grantPull(role);
```
#### grantPullPush
The grantPullPush method grants the specified IAM entity (the grantee) permission to both pull and push images from/to the ECR repository. Specifically, it grants permissions for all the actions required for pull and push permissions.
Here is an example of granting a user both pull and push permissions:
```ts
declare const repository: ecr.Repository;
const role = new iam.Role(this, 'Role', {
assumedBy: new iam.ServicePrincipal('codebuild.amazonaws.com'),
});
repository.grantPullPush(role);
```
By using these methods, you can grant specific operational permissions on the ECR repository to IAM entities. This allows for proper management of access to the repository and ensures security.
### Image tag immutability
You can set tag immutability on images in your repository using the `imageTagMutability` construct prop.
```ts
new ecr.Repository(this, 'Repo', { imageTagMutability: ecr.TagMutability.IMMUTABLE });
```
#### Image tag mutability with exclusion filters
ECR supports more granular control over image tag mutability by allowing you to specify exclusion filters. This enables you to make your repository immutable while allowing specific tag patterns to remain mutable (or vice versa).
There are two new mutability options that work with exclusion filters:
- `MUTABLE_WITH_EXCLUSION`: Tags are mutable by default, except those matching the exclusion filters
- `IMMUTABLE_WITH_EXCLUSION`: Tags are immutable by default, except those matching the exclusion filters
Use `ImageTagMutabilityExclusionFilter.wildcard()` to create filters with wildcard patterns:
```ts
// Make all tags immutable except for those starting with 'dev-' or 'test-'
new ecr.Repository(this, 'Repo', {
imageTagMutability: ecr.TagMutability.IMMUTABLE_WITH_EXCLUSION,
imageTagMutabilityExclusionFilters: [
ecr.ImageTagMutabilityExclusionFilter.wildcard('dev-*'),
ecr.ImageTagMutabilityExclusionFilter.wildcard('test-*'),
],
});
```
```ts
// Make all tags mutable except for production releases
new ecr.Repository(this, 'Repo', {
imageTagMutability: ecr.TagMutability.MUTABLE_WITH_EXCLUSION,
imageTagMutabilityExclusionFilters: [
ecr.ImageTagMutabilityExclusionFilter.wildcard('prod-*'),
ecr.ImageTagMutabilityExclusionFilter.wildcard('release-v*'),
],
});
```
##### Exclusion filter pattern rules
- Patterns can contain alphanumeric characters, dots (.), underscores (_), hyphens (-), and asterisks (*) as wildcards
- Maximum pattern length is 128 characters
- You can specify up to 5 exclusion filters per repository
### Encryption
By default, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. For more control over the encryption for your Amazon ECR repositories, you can use server-side encryption with KMS keys stored in AWS Key Management Service (AWS KMS). Read more about this feature in the [ECR Developer Guide](https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html).
When you use AWS KMS to encrypt your data, you can either use the default AWS managed key, which is managed by Amazon ECR, by specifying `RepositoryEncryption.KMS` in the `encryption` property. Or specify your own customer managed KMS key, by specifying the `encryptionKey` property.
When `encryptionKey` is set, the `encryption` property must be `KMS` or empty.
In the case `encryption` is set to `KMS` but no `encryptionKey` is set, an AWS managed KMS key is used.
```ts
new ecr.Repository(this, 'Repo', {
encryption: ecr.RepositoryEncryption.KMS
});
```
Otherwise, a customer-managed KMS key is used if `encryptionKey` was set and `encryption` was optionally set to `KMS`.
```ts
import * as kms from 'aws-cdk-lib/aws-kms';
new ecr.Repository(this, 'Repo', {
encryptionKey: new kms.Key(this, 'Key'),
});
```
## Automatically clean up repositories
You can set life cycle rules to automatically clean up old images from your
repository. The first life cycle rule that matches an image will be applied
against that image. For example, the following deletes images older than
30 days, while keeping all images tagged with prod (note that the order
is important here):
```ts
declare const repository: ecr.Repository;
repository.addLifecycleRule({ tagPrefixList: ['prod'], maxImageCount: 9999 });
repository.addLifecycleRule({ maxImageAge: Duration.days(30) });
```
When using `tagPatternList`, an image is successfully matched if it matches
the wildcard filter.
```ts
declare const repository: ecr.Repository;
repository.addLifecycleRule({ tagPatternList: ['prod*'], maxImageCount: 9999 });
```
### Repository deletion
When a repository is removed from a stack (or the stack is deleted), the ECR
repository will be removed according to its removal policy (which by default will
simply orphan the repository and leave it in your AWS account). If the removal
policy is set to `RemovalPolicy.DESTROY`, the repository will be deleted as long
as it does not contain any images.
To override this and force all images to get deleted during repository deletion,
enable the `emptyOnDelete` option as well as setting the removal policy to
`RemovalPolicy.DESTROY`.
```ts
const repository = new ecr.Repository(this, 'MyTempRepo', {
removalPolicy: RemovalPolicy.DESTROY,
emptyOnDelete: true,
});
```
## Managing the Resource Policy
You can add statements to the resource policy of the repository using the
`addToResourcePolicy` method. However, be advised that you must not include
a `resources` section in the `PolicyStatement`.
```ts
declare const repository: ecr.Repository;
repository.addToResourcePolicy(new iam.PolicyStatement({
actions: ['ecr:GetDownloadUrlForLayer'],
// resources: ['*'], // not currently allowed!
principals: [new iam.AnyPrincipal()],
}));
```
## Import existing repository
You can import an existing repository into your CDK app using the `Repository.fromRepositoryArn`, `Repository.fromRepositoryName` or `Repository.fromLookup` method.
These methods take the ARN or the name of the repository and returns an `IRepository` object.
```ts
// import using repository name
const repositoryFromName = ecr.Repository.fromRepositoryName(this, 'ImportedRepoByName', 'my-repo-name');
// import using repository ARN
const repositoryFromArn = ecr.Repository.fromRepositoryArn(this, 'ImportedRepoByArn', 'arn:aws:ecr:us-east-1:123456789012:repository/my-repo-name');
// import using repository lookup
// You have to provide either `repositoryArn` or `repositoryName` to lookup the repository
const repositoryFromLookup = ecr.Repository.fromLookup(this, 'ImportedRepoByLookup', {
repositoryArn: 'arn:aws:ecr:us-east-1:123456789012:repository/my-repo-name',
repositoryName: 'my-repo-name',
});
```
## CloudWatch event rules
You can publish repository events to a CloudWatch event rule with `onEvent`:
```ts
import * as lambda from 'aws-cdk-lib/aws-lambda';
import { LambdaFunction } from 'aws-cdk-lib/aws-events-targets';
const repo = new ecr.Repository(this, 'Repo');
const lambdaHandler = new lambda.Function(this, 'LambdaFunction', {
runtime: lambda.Runtime.PYTHON_3_12,
code: lambda.Code.fromInline('# dummy func'),
handler: 'index.handler',
});
repo.onEvent('OnEventTargetLambda', {
target: new LambdaFunction(lambdaHandler),
});
```
## Mixins
ECR provides [mixins](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib-readme.html#mixins) that can be applied to L1 and L2 constructs.
### RepositoryAutoDeleteImages
Automatically deletes all images from a repository when it is removed from the stack or when the stack is deleted. Requires the repository's removal policy to be set to `DESTROY`:
```ts
new ecr.CfnRepository(this, 'Repo')
.with(new ecr.mixins.RepositoryAutoDeleteImages());
```

1
cdk/node_modules/aws-cdk-lib/aws-ecr/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1 @@
export * from './lib';

1
cdk/node_modules/aws-cdk-lib/aws-ecr/index.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

25
cdk/node_modules/aws-cdk-lib/aws-ecr/lib/auth-token.d.ts generated vendored Normal file
View File

@@ -0,0 +1,25 @@
import * as iam from '../../aws-iam';
/**
* Authorization token to access private ECR repositories in the current environment via Docker CLI.
*
* @see https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html
*/
export declare class AuthorizationToken {
/**
* Grant access to retrieve an authorization token.
*/
static grantRead(grantee: iam.IGrantable): void;
private constructor();
}
/**
* Authorization token to access the global public ECR Gallery via Docker CLI.
*
* @see https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth
*/
export declare class PublicGalleryAuthorizationToken {
/**
* Grant access to retrieve an authorization token.
*/
static grantRead(grantee: iam.IGrantable): void;
private constructor();
}

1
cdk/node_modules/aws-cdk-lib/aws-ecr/lib/auth-token.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.PublicGalleryAuthorizationToken=exports.AuthorizationToken=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var iam=()=>{var tmp=require("../../aws-iam");return iam=()=>tmp,tmp};class AuthorizationToken{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ecr.AuthorizationToken",version:"2.252.0"};static grantRead(grantee){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_IGrantable(grantee)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.grantRead),error}grantee.grantPrincipal.addToPrincipalPolicy(new(iam()).PolicyStatement({actions:["ecr:GetAuthorizationToken"],resources:["*"]}))}constructor(){}}exports.AuthorizationToken=AuthorizationToken;class PublicGalleryAuthorizationToken{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ecr.PublicGalleryAuthorizationToken",version:"2.252.0"};static grantRead(grantee){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_IGrantable(grantee)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.grantRead),error}grantee.grantPrincipal.addToPrincipalPolicy(new(iam()).PolicyStatement({actions:["ecr-public:GetAuthorizationToken","sts:GetServiceBearerToken"],resources:["*"]}))}constructor(){}}exports.PublicGalleryAuthorizationToken=PublicGalleryAuthorizationToken;

1664
cdk/node_modules/aws-cdk-lib/aws-ecr/lib/ecr.generated.d.ts generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1
cdk/node_modules/aws-cdk-lib/aws-ecr/lib/ecr.generated.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

5
cdk/node_modules/aws-cdk-lib/aws-ecr/lib/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1,5 @@
export * from './ecr.generated';
export * from './repository';
export * from './lifecycle';
export * from './auth-token';
export * as mixins from './mixins';

1
cdk/node_modules/aws-cdk-lib/aws-ecr/lib/index.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

88
cdk/node_modules/aws-cdk-lib/aws-ecr/lib/lifecycle.d.ts generated vendored Normal file
View File

@@ -0,0 +1,88 @@
import type { Duration } from '../../core';
/**
* An ECR life cycle rule
*/
export interface LifecycleRule {
/**
* Controls the order in which rules are evaluated (low to high)
*
* All rules must have a unique priority, where lower numbers have
* higher precedence. The first rule that matches is applied to an image.
*
* There can only be one rule with a tagStatus of Any, and it must have
* the highest rulePriority.
*
* All rules without a specified priority will have incrementing priorities
* automatically assigned to them, higher than any rules that DO have priorities.
*
* @default Automatically assigned
*/
readonly rulePriority?: number;
/**
* Describes the purpose of the rule
*
* @default No description
*/
readonly description?: string;
/**
* Select images based on tags
*
* Only one rule is allowed to select untagged images, and it must
* have the highest rulePriority.
*
* @default TagStatus.Tagged if tagPrefixList or tagPatternList is
* given, TagStatus.Any otherwise
*/
readonly tagStatus?: TagStatus;
/**
* Select images that have ALL the given prefixes in their tag.
*
* Both tagPrefixList and tagPatternList cannot be specified
* together in a rule.
*
* Only if tagStatus == TagStatus.Tagged
*/
readonly tagPrefixList?: string[];
/**
* Select images that have ALL the given patterns in their tag.
*
* There is a maximum limit of four wildcards (*) per string.
* For example, ["*test*1*2*3", "test*1*2*3*"] is valid but
* ["test*1*2*3*4*5*6"] is invalid.
*
* Both tagPrefixList and tagPatternList cannot be specified
* together in a rule.
*
* Only if tagStatus == TagStatus.Tagged
*/
readonly tagPatternList?: string[];
/**
* The maximum number of images to retain
*
* Specify exactly one of maxImageCount and maxImageAge.
*/
readonly maxImageCount?: number;
/**
* The maximum age of images to retain. The value must represent a number of days.
*
* Specify exactly one of maxImageCount and maxImageAge.
*/
readonly maxImageAge?: Duration;
}
/**
* Select images based on tags
*/
export declare enum TagStatus {
/**
* Rule applies to all images
*/
ANY = "any",
/**
* Rule applies to tagged images
*/
TAGGED = "tagged",
/**
* Rule applies to untagged images
*/
UNTAGGED = "untagged"
}

1
cdk/node_modules/aws-cdk-lib/aws-ecr/lib/lifecycle.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.TagStatus=void 0;var TagStatus;(function(TagStatus2){TagStatus2.ANY="any",TagStatus2.TAGGED="tagged",TagStatus2.UNTAGGED="untagged"})(TagStatus||(exports.TagStatus=TagStatus={}));

16
cdk/node_modules/aws-cdk-lib/aws-ecr/lib/mixins/.jsiirc.json generated vendored Normal file
View File

@@ -0,0 +1,16 @@
{
"targets": {
"java": {
"package": "software.amazon.awscdk.services.ecr.mixins"
},
"dotnet": {
"namespace": "Amazon.CDK.AWS.ECR.Mixins"
},
"python": {
"module": "aws_cdk.aws_ecr.mixins"
},
"go": {
"packageName": "awsecrmixins"
}
}
}

1
cdk/node_modules/aws-cdk-lib/aws-ecr/lib/mixins/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1 @@
export * from './repository';

1
cdk/node_modules/aws-cdk-lib/aws-ecr/lib/mixins/index.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";var __createBinding=exports&&exports.__createBinding||(Object.create?(function(o,m,k,k2){k2===void 0&&(k2=k);var desc=Object.getOwnPropertyDescriptor(m,k);(!desc||("get"in desc?!m.__esModule:desc.writable||desc.configurable))&&(desc={enumerable:!0,get:function(){return m[k]}}),Object.defineProperty(o,k2,desc)}):(function(o,m,k,k2){k2===void 0&&(k2=k),o[k2]=m[k]})),__exportStar=exports&&exports.__exportStar||function(m,exports2){for(var p in m)p!=="default"&&!Object.prototype.hasOwnProperty.call(exports2,p)&&__createBinding(exports2,m,p)};Object.defineProperty(exports,"__esModule",{value:!0});var _noFold;exports.RepositoryAutoDeleteImages=void 0,Object.defineProperty(exports,_noFold="RepositoryAutoDeleteImages",{enumerable:!0,configurable:!0,get:()=>{var value=require("./repository").RepositoryAutoDeleteImages;return Object.defineProperty(exports,_noFold="RepositoryAutoDeleteImages",{enumerable:!0,configurable:!0,value}),value}});

13
cdk/node_modules/aws-cdk-lib/aws-ecr/lib/mixins/repository.d.ts generated vendored Normal file
View File

@@ -0,0 +1,13 @@
import type { IConstruct } from 'constructs';
import { Mixin } from '../../../core/lib/mixins';
import { CfnRepository } from '../ecr.generated';
/**
* ECR-specific Mixin to force-delete all images from a repository
* when the repository is removed from the stack or when the stack is deleted.
*
* Sets the `emptyOnDelete` property on the repository.
*/
export declare class RepositoryAutoDeleteImages extends Mixin {
supports(construct: IConstruct): construct is CfnRepository;
applyTo(construct: IConstruct): void;
}

1
cdk/node_modules/aws-cdk-lib/aws-ecr/lib/mixins/repository.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.RepositoryAutoDeleteImages=void 0;const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var mixins_1=()=>{var tmp=require("../../../core/lib/mixins");return mixins_1=()=>tmp,tmp},ecr_generated_1=()=>{var tmp=require("../ecr.generated");return ecr_generated_1=()=>tmp,tmp};class RepositoryAutoDeleteImages extends mixins_1().Mixin{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ecr.mixins.RepositoryAutoDeleteImages",version:"2.252.0"};supports(construct){return ecr_generated_1().CfnRepository.isCfnRepository(construct)}applyTo(construct){this.supports(construct)&&(construct.emptyOnDelete=!0)}}exports.RepositoryAutoDeleteImages=RepositoryAutoDeleteImages;

514
cdk/node_modules/aws-cdk-lib/aws-ecr/lib/repository.d.ts generated vendored Normal file
View File

@@ -0,0 +1,514 @@
import type { IConstruct, Construct } from 'constructs';
import { CfnRepository } from './ecr.generated';
import type { LifecycleRule } from './lifecycle';
import * as events from '../../aws-events';
import * as iam from '../../aws-iam';
import type * as kms from '../../aws-kms';
import type { IResource } from '../../core';
import { RemovalPolicy, Resource } from '../../core';
import type { IRepositoryRef, RepositoryReference } from '../../interfaces/generated/aws-ecr-interfaces.generated';
/**
* Represents an ECR repository.
*/
export interface IRepository extends IResource, IRepositoryRef {
/**
* The name of the repository
* @attribute
*/
readonly repositoryName: string;
/**
* The ARN of the repository
* @attribute
*/
readonly repositoryArn: string;
/**
* The URI of this repository (represents the latest image):
*
* ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY
*
* @attribute
*/
readonly repositoryUri: string;
/**
* The URI of this repository's registry:
*
* ACCOUNT.dkr.ecr.REGION.amazonaws.com
*
* @attribute
*/
readonly registryUri: string;
/**
* Returns the URI of the repository for a certain tag. Can be used in `docker push/pull`.
*
* ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG]
*
* @param tag Image tag to use (tools usually default to "latest" if omitted)
*/
repositoryUriForTag(tag?: string): string;
/**
* Returns the URI of the repository for a certain digest. Can be used in `docker push/pull`.
*
* ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST]
*
* @param digest Image digest to use (tools usually default to the image with the "latest" tag if omitted)
*/
repositoryUriForDigest(digest?: string): string;
/**
* Returns the URI of the repository for a certain tag or digest, inferring based on the syntax of the tag. Can be used in `docker push/pull`.
*
* ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG]
* ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST]
*
* @param tagOrDigest Image tag or digest to use (tools usually default to the image with the "latest" tag if omitted)
*/
repositoryUriForTagOrDigest(tagOrDigest?: string): string;
/**
* Add a policy statement to the repository's resource policy
*/
addToResourcePolicy(statement: iam.PolicyStatement): iam.AddToResourcePolicyResult;
/**
* Grant the given principal identity permissions to perform the actions on this repository
*/
grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant;
/**
* Grant the given identity permissions to read images in this repository.
*/
grantRead(grantee: iam.IGrantable): iam.Grant;
/**
* Grant the given identity permissions to pull images in this repository.
*/
grantPull(grantee: iam.IGrantable): iam.Grant;
/**
* Grant the given identity permissions to push images in this repository.
*/
grantPush(grantee: iam.IGrantable): iam.Grant;
/**
* Grant the given identity permissions to pull and push images to this repository.
*/
grantPullPush(grantee: iam.IGrantable): iam.Grant;
/**
* Define a CloudWatch event that triggers when something happens to this repository
*
* Requires that there exists at least one CloudTrail Trail in your account
* that captures the event. This method will not create the Trail.
*
* @param id The id of the rule
* @param options Options for adding the rule
*/
onCloudTrailEvent(id: string, options?: events.OnEventOptions): events.Rule;
/**
* Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this
* repository.
*
* Requires that there exists at least one CloudTrail Trail in your account
* that captures the event. This method will not create the Trail.
*
* @param id The id of the rule
* @param options Options for adding the rule
*/
onCloudTrailImagePushed(id: string, options?: OnCloudTrailImagePushedOptions): events.Rule;
/**
* Defines an AWS CloudWatch event rule that can trigger a target when the image scan is completed
*
*
* @param id The id of the rule
* @param options Options for adding the rule
*/
onImageScanCompleted(id: string, options?: OnImageScanCompletedOptions): events.Rule;
/**
* Defines a CloudWatch event rule which triggers for repository events. Use
* `rule.addEventPattern(pattern)` to specify a filter.
*/
onEvent(id: string, options?: events.OnEventOptions): events.Rule;
}
/**
* Base class for ECR repository. Reused between imported repositories and owned repositories.
*/
export declare abstract class RepositoryBase extends Resource implements IRepository {
private readonly REPO_PULL_ACTIONS;
private readonly REPO_PUSH_ACTIONS;
/**
* The name of the repository
*/
abstract readonly repositoryName: string;
/**
* The ARN of the repository
*/
abstract readonly repositoryArn: string;
/**
* A reference to this repository
*/
get repositoryRef(): RepositoryReference;
/**
* Add a policy statement to the repository's resource policy
*/
abstract addToResourcePolicy(statement: iam.PolicyStatement): iam.AddToResourcePolicyResult;
/**
* The URI of this repository (represents the latest image):
*
* ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY
*
*/
get repositoryUri(): string;
/**
* The URI of this repository's registry:
*
* ACCOUNT.dkr.ecr.REGION.amazonaws.com
*
*/
get registryUri(): string;
/**
* Returns the URL of the repository. Can be used in `docker push/pull`.
*
* ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG]
*
* @param tag Optional image tag
*/
repositoryUriForTag(tag?: string): string;
/**
* Returns the URL of the repository. Can be used in `docker push/pull`.
*
* ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST]
*
* @param digest Optional image digest
*/
repositoryUriForDigest(digest?: string): string;
/**
* Returns the URL of the repository. Can be used in `docker push/pull`.
*
* ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG]
* ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST]
*
* @param tagOrDigest Optional image tag or digest (digests must start with `sha256:`)
*/
repositoryUriForTagOrDigest(tagOrDigest?: string): string;
/**
* Returns the repository URI, with an appended suffix, if provided.
* @param suffix An image tag or an image digest.
* @private
*/
private repositoryUriWithSuffix;
/**
* Define a CloudWatch event that triggers when something happens to this repository
*
* Requires that there exists at least one CloudTrail Trail in your account
* that captures the event. This method will not create the Trail.
*
* @param id The id of the rule
* @param options Options for adding the rule
*/
onCloudTrailEvent(id: string, options?: events.OnEventOptions): events.Rule;
/**
* Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this
* repository.
*
* Requires that there exists at least one CloudTrail Trail in your account
* that captures the event. This method will not create the Trail.
*
* @param id The id of the rule
* @param options Options for adding the rule
*/
onCloudTrailImagePushed(id: string, options?: OnCloudTrailImagePushedOptions): events.Rule;
/**
* Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed
*
*
* @param id The id of the rule
* @param options Options for adding the rule
*/
onImageScanCompleted(id: string, options?: OnImageScanCompletedOptions): events.Rule;
/**
* Defines a CloudWatch event rule which triggers for repository events. Use
* `rule.addEventPattern(pattern)` to specify a filter.
*/
onEvent(id: string, options?: events.OnEventOptions): events.Rule;
/**
* Grant the given principal identity permissions to perform the actions on this repository
* [disable-awslint:no-grants]
*/
grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant;
/**
* Grant the given identity permissions to read the images in this repository
* [disable-awslint:no-grants]
*/
grantRead(grantee: iam.IGrantable): iam.Grant;
/**
* Grant the given identity permissions to use the images in this repository
* [disable-awslint:no-grants]
*/
grantPull(grantee: iam.IGrantable): iam.Grant;
/**
* Grant the given identity permissions to use the images in this repository
* [disable-awslint:no-grants]
*/
grantPush(grantee: iam.IGrantable): iam.Grant;
/**
* Grant the given identity permissions to pull and push images to this repository.
* [disable-awslint:no-grants]
*/
grantPullPush(grantee: iam.IGrantable): iam.Grant;
/**
* Returns the resource that backs the given IAM grantee if we cannot put a direct reference
* to the grantee in the resource policy of this ECR repository,
* and 'undefined' in case we can.
*/
private unsafeCrossAccountResourcePolicyPrincipal;
}
/**
* Options for the onCloudTrailImagePushed method
*/
export interface OnCloudTrailImagePushedOptions extends events.OnEventOptions {
/**
* Only watch changes to this image tag
*
* @default - Watch changes to all tags
*/
readonly imageTag?: string;
}
/**
* Options for the OnImageScanCompleted method
*/
export interface OnImageScanCompletedOptions extends events.OnEventOptions {
/**
* Only watch changes to the image tags specified.
* Leave it undefined to watch the full repository.
*
* @default - Watch the changes to the repository with all image tags
*/
readonly imageTags?: string[];
}
export interface RepositoryProps {
/**
* Name for this repository.
*
* The repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes.
*
* > If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
*
* @default Automatically generated name.
*/
readonly repositoryName?: string;
/**
* The kind of server-side encryption to apply to this repository.
*
* If you choose KMS, you can specify a KMS key via `encryptionKey`. If
* encryptionKey is not specified, an AWS managed KMS key is used.
*
* @default - `KMS` if `encryptionKey` is specified, or `AES256` otherwise.
*/
readonly encryption?: RepositoryEncryption;
/**
* External KMS key to use for repository encryption.
*
* The 'encryption' property must be either not specified or set to "KMS".
* An error will be emitted if encryption is set to "AES256".
*
* @default - If encryption is set to `KMS` and this property is undefined,
* an AWS managed KMS key is used.
*/
readonly encryptionKey?: kms.IKeyRef;
/**
* Life cycle rules to apply to this registry
*
* @default No life cycle rules
*/
readonly lifecycleRules?: LifecycleRule[];
/**
* The AWS account ID associated with the registry that contains the repository.
*
* @see https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html
* @default The default registry is assumed.
*/
readonly lifecycleRegistryId?: string;
/**
* Determine what happens to the repository when the resource/stack is deleted.
*
* @default RemovalPolicy.Retain
*/
readonly removalPolicy?: RemovalPolicy;
/**
* Enable the scan on push when creating the repository
*
* @default false
*/
readonly imageScanOnPush?: boolean;
/**
* The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten.
*
* @default TagMutability.MUTABLE
*/
readonly imageTagMutability?: TagMutability;
/**
* The image tag mutability exclusion filters for the repository.
*
* These filters specify which image tags can override the repository's default image tag mutability setting.
*
* @default undefined - AWS ECR default is no exclusion filters
* @see https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-tag-mutability.html
*/
readonly imageTagMutabilityExclusionFilters?: ImageTagMutabilityExclusionFilter[];
/**
* Whether all images should be automatically deleted when the repository is
* removed from the stack or when the stack is deleted.
*
* Requires the `removalPolicy` to be set to `RemovalPolicy.DESTROY`.
*
* @default false
* @deprecated Use `emptyOnDelete` instead.
*/
readonly autoDeleteImages?: boolean;
/**
* If true, deleting the repository force deletes the contents of the repository. If false, the repository must be empty before attempting to delete it.
*
* @default false
*/
readonly emptyOnDelete?: boolean;
}
/**
* Properties for looking up an existing Repository.
*/
export interface RepositoryLookupOptions {
/**
* The name of the repository.
*
* @default - Do not filter on repository name
*/
readonly repositoryName?: string;
/**
* The ARN of the repository.
*
* @default - Do not filter on repository ARN
*/
readonly repositoryArn?: string;
}
export interface RepositoryAttributes {
readonly repositoryName: string;
readonly repositoryArn: string;
}
/**
* Define an ECR repository
*/
export declare class Repository extends RepositoryBase {
/**
* Uniquely identifies this class.
*/
static readonly PROPERTY_INJECTION_ID: string;
/**
* Lookup an existing repository
*/
static fromLookup(scope: Construct, id: string, options: RepositoryLookupOptions): IRepository;
/**
* Import a repository
*/
static fromRepositoryAttributes(scope: Construct, id: string, attrs: RepositoryAttributes): IRepository;
static fromRepositoryArn(scope: Construct, id: string, repositoryArn: string): IRepository;
static fromRepositoryName(scope: Construct, id: string, repositoryName: string): IRepository;
/**
* Returns an ECR ARN for a repository that resides in the same account/region
* as the current stack.
*/
static arnForLocalRepository(repositoryName: string, scope: IConstruct, account?: string): string;
private static validateRepositoryName;
private readonly lifecycleRules;
private readonly registryId?;
private readonly _policyDocument;
private readonly _resource;
get repositoryName(): string;
get repositoryArn(): string;
constructor(scope: Construct, id: string, props?: RepositoryProps);
/**
* Add a policy statement to the repository's resource policy.
*
* While other resources policies in AWS either require or accept a resource section,
* Cfn for ECR does not allow us to specify a resource policy.
* It will fail if a resource section is present at all.
*/
addToResourcePolicy(statement: iam.PolicyStatement): iam.AddToResourcePolicyResult;
/**
* Add a life cycle rule to the repository
*
* Life cycle rules automatically expire images from the repository that match
* certain conditions.
*/
addLifecycleRule(rule: LifecycleRule): void;
private validateTagMutability;
/**
* Render the life cycle policy object
*/
private renderLifecyclePolicy;
/**
* Return life cycle rules with automatic ordering applied.
*
* Also applies validation of the 'any' rule.
*/
private orderedLifecycleRules;
/**
* Set up key properties and return the Repository encryption property from the
* user's configuration.
*/
private parseEncryption;
private enableAutoDeleteImages;
}
/**
* The tag mutability setting for your repository.
*/
export declare enum TagMutability {
/**
* allow image tags to be overwritten.
*/
MUTABLE = "MUTABLE",
/**
* all image tags within the repository will be immutable which will prevent them from being overwritten.
*/
IMMUTABLE = "IMMUTABLE",
/**
* all image tags within the repository will be immutable, while allowing you to define some filters for tags that can be changed.
*/
IMMUTABLE_WITH_EXCLUSION = "IMMUTABLE_WITH_EXCLUSION",
/**
* allow image tags to be overwritten while allowing you to define some filters for tags that should remain unchanged.
*/
MUTABLE_WITH_EXCLUSION = "MUTABLE_WITH_EXCLUSION"
}
/**
* Represents an image tag mutability exclusion filter for ECR repository
*/
export declare class ImageTagMutabilityExclusionFilter {
private readonly filterType;
private readonly filterValue;
/**
* Creates a wildcard filter for image tag mutability exclusion
* @param pattern The wildcard pattern to match image tags (e.g., 'dev-*', 'release-v*')
*/
static wildcard(pattern: string): ImageTagMutabilityExclusionFilter;
private constructor();
/**
* Renders the filter to CloudFormation properties
* @internal
*/
_render(): CfnRepository.ImageTagMutabilityExclusionFilterProperty;
}
/**
* Indicates whether server-side encryption is enabled for the object, and whether that encryption is
* from the AWS Key Management Service (AWS KMS) or from Amazon S3 managed encryption (SSE-S3).
* @see https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#SysMetadata
*/
export declare class RepositoryEncryption {
readonly value: string;
/**
* 'AES256'
*/
static readonly AES_256: RepositoryEncryption;
/**
* 'KMS'
*/
static readonly KMS: RepositoryEncryption;
/**
* 'KMS_DSSE'
*/
static readonly KMS_DSSE: RepositoryEncryption;
/**
* @param value the string value of the encryption
*/
protected constructor(value: string);
}

1
cdk/node_modules/aws-cdk-lib/aws-ecr/lib/repository.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long