codeperl
diff --git a/‎localstack/services/cloudformation/resource_provider.py
Lines changed: 1 addition & 0 deletions b/‎localstack/services/cloudformation/resource_provider.py
Lines changed: 1 addition & 0 deletions
diff --git a/‎localstack/services/ecr/__init__.py b/‎localstack/services/ecr/__init__.py
diff --git a/‎localstack/services/ecr/resource_providers/__init__.py b/‎localstack/services/ecr/resource_providers/__init__.py
diff --git a/‎localstack/services/ecr/resource_providers/aws_ecr_repository.py
Lines changed: 167 additions & 0 deletions b/‎localstack/services/ecr/resource_providers/aws_ecr_repository.py
Lines changed: 167 additions & 0 deletions
diff --git a/‎localstack/services/ecr/resource_providers/aws_ecr_repository.schema.json
Lines changed: 210 additions & 0 deletions b/‎localstack/services/ecr/resource_providers/aws_ecr_repository.schema.json
Lines changed: 210 additions & 0 deletions
@@ -66,6 +66,7 @@
     "AWS::DynamoDB::Table": "ResourceProvider",
     "AWS::CloudWatch::Alarm": "ResourceProvider",
     "AWS::CloudWatch::CompositeAlarm": "ResourceProvider",
+    "AWS::ECR::Repository": "ResourceProvider",
 }
 
 
 
@@ -0,0 +1,167 @@
+# LocalStack Resource Provider Scaffolding v2
+from __future__ import annotations
+
+import logging
+from pathlib import Path
+from typing import Optional, TypedDict
+
+import localstack.services.cloudformation.provider_utils as util
+from localstack.services.cloudformation.resource_provider import (
+    OperationStatus,
+    ProgressEvent,
+    ResourceProvider,
+    ResourceRequest,
+)
+from localstack.utils.aws import arns
+
+LOG = logging.getLogger(__name__)
+
+# simple mock state
+default_repos_per_stack = {}
+
+
+class ECRRepositoryProperties(TypedDict):
+    Arn: Optional[str]
+    EncryptionConfiguration: Optional[EncryptionConfiguration]
+    ImageScanningConfiguration: Optional[ImageScanningConfiguration]
+    ImageTagMutability: Optional[str]
+    RepositoryName: Optional[str]
+    RepositoryPolicyText: Optional[dict | str]
+    RepositoryUri: Optional[str]
+    Tags: Optional[list[Tag]]
+
+
+class LifecyclePolicy(TypedDict):
+    LifecyclePolicyText: Optional[str]
+    RegistryId: Optional[str]
+
+
+class Tag(TypedDict):
+    Key: Optional[str]
+    Value: Optional[str]
+
+
+class ImageScanningConfiguration(TypedDict):
+    ScanOnPush: Optional[bool]
+
+
+class EncryptionConfiguration(TypedDict):
+    EncryptionType: Optional[str]
+    KmsKey: Optional[str]
+
+
+REPEATED_INVOCATION = "repeated_invocation"
+
+
+class ECRRepositoryProvider(ResourceProvider[ECRRepositoryProperties]):
+
+    TYPE = "AWS::ECR::Repository"  # Autogenerated. Don't change
+    SCHEMA = util.get_schema_path(Path(__file__))  # Autogenerated. Don't change
+
+    def create(
+        self,
+        request: ResourceRequest[ECRRepositoryProperties],
+    ) -> ProgressEvent[ECRRepositoryProperties]:
+        """
+        Create a new resource.
+
+        Primary identifier fields:
+          - /properties/RepositoryName
+
+        Create-only properties:
+          - /properties/RepositoryName
+          - /properties/EncryptionConfiguration
+          - /properties/EncryptionConfiguration/EncryptionType
+          - /properties/EncryptionConfiguration/KmsKey
+
+        Read-only properties:
+          - /properties/Arn
+          - /properties/RepositoryUri
+
+        IAM permissions required:
+          - ecr:CreateRepository
+          - ecr:PutLifecyclePolicy
+          - ecr:SetRepositoryPolicy
+          - ecr:TagResource
+          - kms:DescribeKey
+          - kms:CreateGrant
+          - kms:RetireGrant
+
+        """
+        model = request.desired_state
+
+        default_repos_per_stack[request.stack_name] = model["RepositoryName"]
+        LOG.warning(
+            "Creating a Mock ECR Repository for CloudFormation. This is only intended to be used for allowing a successful CDK bootstrap and does not provision any underlying ECR repository."
+        )
+        model.update(
+            {
+                "Arn": arns.get_ecr_repository_arn(model["RepositoryName"]),
+                "RepositoryUri": "http://localhost:4566",
+                "ImageTagMutability": "MUTABLE",
+                "ImageScanningConfiguration": {"scanOnPush": True},
+            }
+        )
+        return ProgressEvent(
+            status=OperationStatus.SUCCESS,
+            resource_model=model,
+            custom_context=request.custom_context,
+        )
+
+    def read(
+        self,
+        request: ResourceRequest[ECRRepositoryProperties],
+    ) -> ProgressEvent[ECRRepositoryProperties]:
+        """
+        Fetch resource information
+
+        IAM permissions required:
+          - ecr:DescribeRepositories
+          - ecr:GetLifecyclePolicy
+          - ecr:GetRepositoryPolicy
+          - ecr:ListTagsForResource
+        """
+        raise NotImplementedError
+
+    def delete(
+        self,
+        request: ResourceRequest[ECRRepositoryProperties],
+    ) -> ProgressEvent[ECRRepositoryProperties]:
+        """
+        Delete a resource
+
+        IAM permissions required:
+          - ecr:DeleteRepository
+          - kms:RetireGrant
+        """
+        if default_repos_per_stack.get(request.stack_name):
+            del default_repos_per_stack[request.stack_name]
+
+        return ProgressEvent(
+            status=OperationStatus.SUCCESS,
+            resource_model=request.desired_state,
+            custom_context=request.custom_context,
+        )
+
+    def update(
+        self,
+        request: ResourceRequest[ECRRepositoryProperties],
+    ) -> ProgressEvent[ECRRepositoryProperties]:
+        """
+        Update a resource
+
+        IAM permissions required:
+          - ecr:PutLifecyclePolicy
+          - ecr:SetRepositoryPolicy
+          - ecr:TagResource
+          - ecr:UntagResource
+          - ecr:DeleteLifecyclePolicy
+          - ecr:DeleteRepositoryPolicy
+          - ecr:PutImageScanningConfiguration
           - ecr:PutImageTagMutability
+          - kms:DescribeKey
+          - kms:CreateGrant
+          - kms:RetireGrant
+        """
+        raise NotImplementedError
@@ -0,0 +1,210 @@
+{
+  "typeName": "AWS::ECR::Repository",
+  "description": "The AWS::ECR::Repository resource specifies an Amazon Elastic Container Registry (Amazon ECR) repository, where users can push and pull Docker images. For more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/Repositories.html",
+  "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ecr.git",
+  "definitions": {
+    "LifecyclePolicy": {
+      "type": "object",
+      "description": "The LifecyclePolicy property type specifies a lifecycle policy. For information about lifecycle policy syntax, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html",
+      "properties": {
+        "LifecyclePolicyText": {
+          "$ref": "#/definitions/LifecyclePolicyText"
+        },
+        "RegistryId": {
+          "$ref": "#/definitions/RegistryId"
+        }
+      },
+      "additionalProperties": false
+    },
+    "LifecyclePolicyText": {
+      "type": "string",
+      "description": "The JSON repository policy text to apply to the repository.",
+      "minLength": 100,
+      "maxLength": 30720
+    },
+    "RegistryId": {
+      "type": "string",
+      "description": "The AWS account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed. ",
+      "minLength": 12,
+      "maxLength": 12,
+      "pattern": "^[0-9]{12}$"
+    },
+    "Tag": {
+      "description": "A key-value pair to associate with a resource.",
+      "type": "object",
+      "properties": {
+        "Key": {
+          <
F438
span class="pl-ent">"type": "string",
+          "description": "The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ",
+          "minLength": 1,
+          "maxLength": 127
+        },
+        "Value": {
+          "type": "string",
+          "description": "The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ",
+          "minLength": 1,
+          "maxLength": 255
+        }
+      },
+      "required": [
+        "Value",
+        "Key"
+      ],
+      "additionalProperties": false
+    },
+    "ImageScanningConfiguration": {
+      "type": "object",
+      "description": "The image scanning configuration for the repository. This setting determines whether images are scanned for known vulnerabilities after being pushed to the repository.",
+      "properties": {
+        "ScanOnPush": {
+          "$ref": "#/definitions/ScanOnPush"
+        }
+      },
+      "additionalProperties": false
+    },
+    "ScanOnPush": {
+      "type": "boolean",
+      "description": "The setting that determines whether images are scanned after being pushed to a repository."
+    },
+    "EncryptionConfiguration": {
+      "type": "object",
+      "description": "The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.\n\nBy default, when no encryption configuration is set or the AES256 encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part.\n\nFor more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html",
+      "properties": {
+        "EncryptionType": {
+          "$ref": "#/definitions/EncryptionType"
+        },
+        "KmsKey": {
+          "$ref": "#/definitions/KmsKey"
+        }
+      },
+      "required": [
+        "EncryptionType"
+      ],
+      "additionalProperties": false
+    },
+    "EncryptionType": {
+      "type": "string",
+      "description": "The encryption type to use.",
+      "enum": [
+        "AES256",
+        "KMS"
+      ]
+    },
+    "KmsKey": {
+      "type": "string",
+      "description": "If you use the KMS encryption type, specify the CMK to use for encryption. The alias, key ID, or full ARN of the CMK can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed CMK for Amazon ECR will be used.",
+      "minLength": 1,
+      "maxLength": 2048
+    }
+  },
+  "properties": {
+    "LifecyclePolicy": {
+      "$ref": "#/definitions/LifecyclePolicy"
+    },
+    "RepositoryName": {
+      "type": "string",
+      "description": "The name to use for the repository. The repository name may be specified on its own (such as nginx-web-app) or it can be prepended with a namespace to group the repository into a category (such as project-a/nginx-web-app). If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the repository name. For more information, see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html.",
+      "minLength": 2,
+      "maxLength": 256,
+      "pattern": "^(?=.{2,256}$)((?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*)$"
+    },
+    "RepositoryPolicyText": {
+      "type": [
+        "object",
+        "string"
+      ],
+      "description": "The JSON repository policy text to apply to the repository. For more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/RepositoryPolicyExamples.html in the Amazon Elastic Container Registry User Guide. "
+    },
+    "Tags": {
+      "type": "array",
+      "maxItems": 50,
+      "uniqueItems": true,
+      "insertionOrder": false,
+      "description": "An array of key-value pairs to apply to this resource.",
+      "items": {
+        "$ref": "#/definitions/Tag"
+      }
+    },
+    "Arn": {
+      "type": "string"
+    },
+    "RepositoryUri": {
+      "type": "string"
+    },
+    "ImageTagMutability": {
+      "type": "string",
+      "description": "The image tag mutability setting for the repository.",
+      "enum": [
+        "MUTABLE",
+        "IMMUTABLE"
+      ]
+    },
+    "ImageScanningConfiguration": {
+      "$ref": "#/definitions/ImageScanningConfiguration"
+    },
+    "EncryptionConfiguration": {
+      "$ref": "#/definitions/EncryptionConfiguration"
+    }
+  },
+  "createOnlyProperties": [
+    "/properties/RepositoryName",
+    "/properties/EncryptionConfiguration",
+    "/properties/EncryptionConfiguration/EncryptionType",
+    "/properties/EncryptionConfiguration/KmsKey"
+  ],
+  "readOnlyProperties": [
+    "/properties/Arn",
+    "/properties/RepositoryUri"
+  ],
+  "primaryIdentifier": [
+    "/properties/RepositoryName"
+  ],
+  "handlers": {
+    "create": {
+      "permissions": [
+        "ecr:CreateRepository",
+        "ecr:PutLifecyclePolicy",
+        "ecr:SetRepositoryPolicy",
+        "ecr:TagResource",
+        "kms:DescribeKey",
+        "kms:CreateGrant",
+        "kms:RetireGrant"
+      ]
+    },
+    "read": {
+      "permissions": [
+        "ecr:DescribeRepositories",
+        "ecr:GetLifecyclePolicy",
+        "ecr:GetRepositoryPolicy",
+        "ecr:ListTagsForResource"
+      ]
+    },
+    "update": {
+      "permissions": [
+        "ecr:PutLifecyclePolicy",
+        "ecr:SetRepositoryPolicy",
+        "ecr:TagResource",
+        "ecr:UntagResource",
+        "ecr:DeleteLifecyclePolicy",
+        "ecr:DeleteRepositoryPolicy",
+        "ecr:PutImageScanningConfiguration",
+        "ecr:PutImageTagMutability",
+        "kms:DescribeKey",
+        "kms:CreateGrant",
+        "kms:RetireGrant"
+      ]
+    },
+    "delete": {
+      "permissions": [
+        "ecr:DeleteRepository",
+        "kms:RetireGrant"
+      ]
+    },
+    "list": {
+      "permissions": [
+        "ecr:DescribeRepositories"
+      ]
+    }
+  },
+  "additionalProperties": false
+}
Original file line number	Diff line number	Diff line change
`@@ -66,6 +66,7 @@`
`66`	`66`	`"AWS::DynamoDB::Table": "ResourceProvider",`
`67`	`67`	`"AWS::CloudWatch::Alarm": "ResourceProvider",`
`68`	`68`	`"AWS::CloudWatch::CompositeAlarm": "ResourceProvider",`
	`69`	`+ "AWS::ECR::Repository": "ResourceProvider",`
`69`	`70`	`}`
`70`	`71`
`71`	`72`