docker image assets should be usable outside of ECS #1219
Labels
feature-request
A feature should be added or improved.
Comments
eladb
pushed a commit
that referenced
this issue
Nov 22, 2018
This change enables using Docker assets as CodeBuild images. In order to enable that, a few changes were required in how Docker assets are modeled: Extracted a low-level `DockerImageAsset` class into a new module called @aws-cdk/assets-docker. This module provides the basic interaction with the toolkit and allows higher level APIs such as ECR or CodeBuild to manage permissions on the asset repository. Since CodeBuild needs permissions at the resource policy level (since images are not pulled via an assumed role), the adopted repository custom resource was extended to support specifying an arbitrary policy document for the repository. This is made available via an overload of `addToResourcePolicy` implemented by `AdoptedRepository`. In order to fix #1232 and simplify, the protocol between the toolkit and the asset class have been changed to only pass in the _repository name_ and the _tag_ (together). Previously the ARN of the repository was used, but it is impossible to parse the repository name from the ARN using CFN's split/select. It is possible to produce the ARN from a name, and the repository is ensured to be "local" to the account/region. Modernized ECR import/export and converted `RepositoryRef` to `IRepository`, and modified `ImportedRepository` to only parse the repository name from ARN in case the ARN is concrete (not a token). Otherwise, the name is also required. Renamed `grantUseImage` to `grantPull` and added `grantPullPush`. Added `repositoryUriForTag(tag)`. Fixes #1219 BREAKING CHANGE: `ecr.RepositoryRef` has been replaced by `ecr.IRepository`, which means that `RepositoryRef.import` is now `Repository.import`. Futhermore, the CDK Toolkit must also be upgraded since the docker asset protocol was modified. `IRepository.grantUseImage` was renamed to `IRepository.grantPull`.
9 tasks
eladb
pushed a commit
that referenced
this issue
Nov 30, 2018
…1233) This change enables using Docker assets as CodeBuild images. In order to enable that, a few changes were required in how Docker assets are modeled: Extracted a low-level `DockerImageAsset` class into a new module called @aws-cdk/assets-docker. This module provides the basic interaction with the toolkit and allows higher level APIs such as ECR or CodeBuild to manage permissions on the asset repository. Since CodeBuild needs permissions at the resource policy level (since images are not pulled via an assumed role), the adopted repository custom resource was extended to support specifying an arbitrary policy document for the repository. This is made available via an overload of `addToResourcePolicy` implemented by `AdoptedRepository`. In order to fix #1232 and simplify, the protocol between the toolkit and the asset class have been changed to only pass in the _repository name_ and the _tag_ (together). Previously the ARN of the repository was used, but it is impossible to parse the repository name from the ARN using CFN's split/select. It is possible to produce the ARN from a name, and the repository is ensured to be "local" to the account/region. Modernized ECR import/export and converted `RepositoryRef` to `IRepository`, and modified `ImportedRepository` to only parse the repository name from ARN in case the ARN is concrete (not a token). Otherwise, the name is also required. - Bump cxapi version to 0.19.0 (since protocol changed) - In integration tests, use local modules instead of "npm install" - Remove init template tests. Since they use "npm install" they can't really be validated like this against the local bits. We have integration tests for init template in our pipeline that work against the latest build. Renamed `grantUseImage` to `grantPull` and added `grantPullPush`. Added `repositoryUriForTag(tag)`. Fixes #1219 BREAKING CHANGE: `ecr.RepositoryRef` has been replaced by `ecr.IRepository`, which means that `RepositoryRef.import` is now `Repository.import`. Futhermore, the CDK Toolkit must also be upgraded since the docker asset protocol was modified. `IRepository.grantUseImage` was renamed to `IRepository.grantPull`.
srchase
added
feature-request
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
At the moment,
ImageAssetis part of the ECS library. There are definitely use cases where you'd want to use a docker image asset outside of an ECS context (EKS, CodeBuild, etc).Extract the code to
@aws-cdk/assets-dockerThe text was updated successfully, but these errors were encountered: