feat(ecr): image tag mutability exclusion filters #35246
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
p2
distinguished-contributor
badmintoncryer
changed the title
aws-cdk-automation
previously requested changes
Aug 15, 2025
aws-cdk-automation
dismissed
their stale review
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
badmintoncryer
commented
Aug 16, 2025
| const hasExclusionFilters = !!exclusionFilters; | ||
|
|
||
| if (hasExclusionFilters && !requiresExclusion) { | ||
| if (!tagMutability) { |
There was a problem hiding this comment.
This condition causes deployment error.
Resource handler returned message: "Invalid parameter at 'imageTagMutabilityExclusionFilters' failed to satisfy constraint: 'ImageTagMutabilityExclusionFilters are not allowed when imageTagMutability is set as null' (Service: Ecr, Status Code: 400, Request ID: 1a63b3a2-f3e8-491c-af9c-c869b094867e) (SDK Attempt Count: 1)" (RequestToken: 87f7cbaa-ce48-590e-cbed-0d4ae8139b5a, HandlerErrorCode: GeneralServiceException)
badmintoncryer
commented
Aug 16, 2025
| 'imageTagMutability must be specified when imageTagMutabilityExclusionFilters is provided.', | ||
| this, | ||
| ); | ||
| } else { |
There was a problem hiding this comment.
This condition causes deployment error.
Resource handler returned message: "Invalid parameter at 'imageTagMutabilityExclusionFilters' failed to satisfy constraint: 'ImageTagMutabilityExclusionFilters are not allowed when imageTagMutability is set as IMMUTABLE' (Service: Ecr, Status Code: 400, Request ID: 6044fe0c-4fbb-454a-934c-5c2e1a5c8d03) (SDK Attempt Count: 1)" (RequestToken: 11f4763e-09ed-e19f-272e-ec47a466170f, HandlerErrorCode: GeneralServiceException)
Resource handler returned message: "Invalid parameter at 'imageTagMutabilityExclusionFilters' failed to satisfy constraint: 'ImageTagMutabilityExclusionFilters are not allowed when imageTagMutability is set as MUTABLE' (Service: Ecr, Status Code: 400, Request ID: 80475a75-c3d4-4a8c-be4a-796dd2de2278) (SDK Attempt Count: 1)" (RequestToken: bec51a5b-8198-0aab-7a47-2cf59e44b0b3, HandlerErrorCode: GeneralServiceException)| } | ||
| } | ||
|
|
||
| if (requiresExclusion && !hasExclusionFilters) { |
There was a problem hiding this comment.
This condition causes deployment error.
Resource handler returned message: "Invalid parameter at 'imageTagMutabilityExclusionFilters' failed to satisfy constraint: 'ImageTagMutabilityExclusionFilters can't be null when imageTagMutability is set as IMMUTABLE_WITH_EXCLUSION' (Service: Ecr, Status Code: 400, Request ID: bbbeac86-14dc-4c4a-b67d-5e39b6bc804d) (SDK Attempt Count: 1)" (RequestToken: a45ab23e-8817-52f1-8f80-dc9468d8b2fd, HandlerErrorCode: GeneralServiceException)
Comment on lines
932
to
937
| if (filterCount === 0) { | ||
| throw new ValidationError('At least one exclusion filter must be specified when imageTagMutabilityExclusionFilters is provided.', this); | ||
| } | ||
| if (filterCount > 5) { | ||
| throw new ValidationError(`Cannot specify more than 5 exclusion filters, got ${filterCount}.`, this); | ||
| } |
There was a problem hiding this comment.
badmintoncryer
force-pushed
the
image-tag-mutability
branch
from
e43d952 to
3dc8eed
Compare
go-to-k
approved these changes
Sep 26, 2025
|
@go-to-k Thanks always!! |
badmintoncryer
changed the title
github-actions
bot
added
the
effort/medium
badmintoncryer
changed the title
aws-cdk-automation
added
pr/needs-maintainer-review
ozelalisen
previously requested changes
Oct 21, 2025
package.json
Outdated
| "string-width": "^4.2.3" | ||
| } | ||
| }, | ||
| "packageManager": "[email protected]+sha1.1959a18351b811cdeedbd484a8f86c3cc3bbaf72" |
There was a problem hiding this comment.
I assume this is not intended change
Comment on lines
22
to
25
| ecr.ImageTagMutabilityExclusionFilter.wildcard('dev-*'), | ||
| ecr.ImageTagMutabilityExclusionFilter.wildcard('test-*'), | ||
| ecr.ImageTagMutabilityExclusionFilter.wildcard('pr-*'), | ||
| ], |
There was a problem hiding this comment.
nit: would be better to use different exclusion filters as provided in README
aws-cdk-automation
removed
the
pr/needs-maintainer-review
mergify
bot
dismissed
ozelalisen’s stale review
Pull request has been modified.
|
@ozelalisen Thank you for your review! I've resolved all of your comments. |
ozelalisen
approved these changes
Oct 22, 2025
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Comments on closed issues and PRs are hard for our team to see. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue # (if applicable)
Closes #35454
Reason for this change
AWS ECR now supports for image tag mutability exclusion filters but AWS CDK L2 construct does not support this feature yet.
Description of changes
imageTagMutabilityExclusionFiltersprop toRepositoryPropsTagMutabilityenumImageTagMutabilityExclusionFilterclassImageTagMutabilityExclusionFilterTypecurrently supports onlyWILDCARD, future additions are anticipated. Factory method-based instance creation has been implemented to ensure user convenience and future extensibility.Describe any new or updated permissions being added
None
Description of how you validated changes
Add both unit and integ tests
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license