New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(aws-ecr): repository automatically adds imageScanningConfiguration even when imageScanOnPush is undefined #19918
Comments
We actually added this line of code because of this bug where setting it to false can do nothing. I hadn't considered that regions might not support this property unfortunately... Or else your proposed fix would've been perfectly fine as well. (How it worked before is if you explicitly set it to false then the property would still be undefined) I think changing this to your proposed solution would work, or maybe there's something we could do with the |
I edited my comment to fix the possible solution. My original suggestion wasn't correct. |
You're right, I'll fix that up and add a test to verify functionality works as expected |
fixes #19918 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
fixes aws#19918 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Describe the bug
Hi CDK team,
A recent change to Repository started automatically adding
ImageScanningConfiguration
to the generated CloudFormation forAWS::ECR::Repository
even whenscanOnPush
isundefined
. This property is not supported in all regions (e.g.us-iso-east-1
) and causes CloudFormation deployments to fail on the unrecognized property.Line in question:
aws-cdk/packages/@aws-cdk/aws-ecr/lib/repository.ts
Line 537 in d0ace8f
Suggested logic:
The current workaround is to remove that property via escape hatch, however customers only know to do this after the deployment has already failed which is far from ideal.
Expected Behavior
ImageScanningConfiguration
property is only added toAWS::ECR::Repository
whenscanOnPush
is explicitly defined.Current Behavior
ImageScanningConfiguration
is always added even for unsupported regions.Reproduction Steps
// Note: imageScanOnPush is not being set
const repo = new Repository(this, 'SomeRepo', {});
Possible Solution
(untested) Change the line to:
Additional Information/Context
No response
CDK CLI Version
2.18.0 (build 75c90fa)
Framework Version
No response
Node.js Version
node-v14.19.1
OS
MacOS
Language
Typescript
Language Version
No response
Other information
No response
The text was updated successfully, but these errors were encountered: