-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(ecr): set correct resource policy for ecr repository #3590
Conversation
This fixes the aws-ecr-assets test where an IAM user receives the policy instead of the ECR repository.
"Resource": "*", | ||
"Resource": { | ||
"Fn::GetAtt": [ | ||
"TestHarnessRepoAA7E9724", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can't work though. Will lead to a dependency cycle, as this is the GetAtt
of the repository that is currently being created. Try resourceSelfArns: []
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's a good point, I'll look into a proper fix.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See previous comment.
@rix0rrr I've implemented the change, should be good now 👍 |
Thank you for contributing! Your pull request is now being automatically merged. |
Thank you for contributing! Your pull request is now being automatically merged. |
Fixes #3583. Adding
Resource: "*"
to an ECR repository policy gives the error "Invalid parameter at 'PolicyText'". According to the documentation, a proper ECR repository policy doesn't have this property. This PR removes that property.Please read the contribution guidelines and follow the pull-request checklist.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license