(ecr): setting imageScanOnPush to false doesn't update Repository after first being set to true #18077

peterwoodworth · 2021-12-17T21:10:45Z

What is the problem?

Setting imageScanOnPush to false sets the property on the underlying CfnRepository to undefined

aws-cdk/packages/@aws-cdk/aws-ecr/lib/repository.ts

Lines 484 to 491 in dd5e12d

    
           const resource = new CfnRepository(this, 'Resource', { 
        
             repositoryName: this.physicalName, 
        
             // It says "Text", but they actually mean "Object". 
        
             repositoryPolicyText: Lazy.any({ produce: () => this.policyDocument }), 
        
             lifecyclePolicy: Lazy.any({ produce: () => this.renderLifecyclePolicy() }), 
        
             imageScanningConfiguration: !props.imageScanOnPush ? undefined : { 
        
               scanOnPush: true, 
        
             },

This is fine when creating the Repository because the default setting is to set this to false. However, it appears this is only the default setting for creating the repository - not the default setting for updating the repository.

Reproduction Steps

First create a new ECR Repository with imageScanOnPush set to true

 const repo = new Repository(this, 'repo', {
   imageScanOnPush: true
 })

Then update that setting to false and deploy

What did you expect to happen?

ScanOnPush to be set to false in AWS console

What actually happened?

ScanOnPush is still set to true

CDK CLI Version

2.2.0

Framework Version

No response

Node.js Version

16.0.0

OS

Mac

Language

Typescript

Language Version

No response

Other information

No response

The text was updated successfully, but these errors were encountered:

peterwoodworth · 2022-01-04T23:20:29Z

If you want to set this property to false after first having it set to true, use an escape hatch to set scanOnPush to false on the underlying CfnRepository.

… existing repository (#18078) fixes #18077 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

github-actions · 2022-03-18T13:33:36Z

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

peterwoodworth added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Dec 17, 2021

github-actions bot added the @aws-cdk/aws-ecr Related to Amazon Elastic Container Registry label Dec 17, 2021

github-actions bot assigned madeline-k Dec 17, 2021

peterwoodworth added effort/small Small work item – less than a day of effort p2 and removed needs-triage This issue or PR still needs to be triaged. labels Dec 17, 2021

peterwoodworth unassigned madeline-k Dec 17, 2021

peterwoodworth mentioned this issue Dec 17, 2021

fix(ecr): setting imageScanningConfiguration to false does nothing on existing repository #18078

Merged

mergify bot closed this as completed in #18078 Mar 18, 2022

peterwoodworth mentioned this issue Apr 15, 2022

(aws-ecr): repository automatically adds imageScanningConfiguration even when imageScanOnPush is undefined #19918

Closed

peterwoodworth mentioned this issue Nov 3, 2022

(codebuild): removing vpc from codebuild project will not actually remove the vpc configuration #22733

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

(ecr): setting imageScanOnPush to false doesn't update Repository after first being set to true #18077

(ecr): setting imageScanOnPush to false doesn't update Repository after first being set to true #18077

peterwoodworth commented Dec 17, 2021

peterwoodworth commented Jan 4, 2022

github-actions bot commented Mar 18, 2022