feat(aws-cdk): allow uploading Docker images as assets

packages/@aws-cdk/assets/lib/asset.ts

@@ -124,7 +124,7 @@ export class Asset extends cdk.Construct {
     // for tooling to be able to package and upload a directory to the
     // s3 bucket and plug in the bucket name and key in the correct
     // parameters.
-    const asset: cxapi.AssetMetadataEntry = {
+    const asset: cxapi.FileAssetMetadataEntry = {
       path: this.assetPath,
       id: this.uniqueId,
       packaging: props.packaging,

packages/@aws-cdk/cx-api/lib/cxapi.ts

@@ -79,7 +79,13 @@ export const DEFAULT_ACCOUNT_CONTEXT_KEY = 'aws:cdk:toolkit:default-account';
 export const DEFAULT_REGION_CONTEXT_KEY = 'aws:cdk:toolkit:default-region';
 
 export const ASSET_METADATA = 'aws:cdk:asset';
-export interface AssetMetadataEntry {
+
+export interface FileAssetMetadataEntry {
+  /**
+   * Requested packaging style
+   */
+  packaging: 'zip' | 'file';
+
   /**
    * Path on disk to the asset
    */
@@ -90,11 +96,6 @@ export interface AssetMetadataEntry {
    */
   id: string;
 
-  /**
-   * Requested packaging style
-   */
-  packaging: 'zip' | 'file';
-
   /**
    * Name of parameter where S3 bucket should be passed in
    */
@@ -106,6 +107,35 @@ export interface AssetMetadataEntry {
   s3KeyParameter: string;
 }
 
+export interface ContainerImageAssetMetadataEntry {
+  /**
+   * Type of asset
+   */
+  packaging: 'container-image';
+
+  /**
+   * Path on disk to the asset
+   */
+  path: string;
+
+  /**
+   * Logical identifier for the asset
+   */
+  id: string;
+
+  /**
+   * Name of the parameter that takes the repository name
+   */
+  repositoryParameter: string;
+
+  /**
+   * Name of the parameter that takes the tag
+   */
+  tagParameter: string;
+}
+
+export type AssetMetadataEntry = FileAssetMetadataEntry | ContainerImageAssetMetadataEntry;
+
 /**
  * Metadata key used to print INFO-level messages by the toolkit when an app is syntheized.
  */

packages/aws-cdk/lib/api/toolkit-info.ts

@@ -21,12 +21,15 @@ export interface Uploaded {
 }
 
 export class ToolkitInfo {
+  public readonly sdk: SDK;
+
   constructor(private readonly props: {
     sdk: SDK,
     bucketName: string,
     bucketEndpoint: string,
     environment: cxapi.Environment
-  }) { }
+  }) {
+  }
 
   public get bucketUrl() {
     return `https://${this.props.bucketEndpoint}`;
@@ -73,6 +76,86 @@ export class ToolkitInfo {
     return { filename, key, changed: true };
   }
 
+  /**
+   * Prepare an ECR repository for uploading to using Docker
+   */
+  public async prepareEcrRepository(id: string, imageTag: string): Promise<EcrRepositoryInfo> {
+    const ecr = await this.props.sdk.ecr(this.props.environment, Mode.ForWriting);
+
+    // Create the repository if it doesn't exist yet
+    const repositoryName = 'cdk/' + id.replace(/[:/]/g, '-').toLowerCase();
+
+    let repository;
+    try {
+      debug(`${repositoryName}: checking for repository.`);
+      const describeResponse = await ecr.describeRepositories({ repositoryNames: [repositoryName] }).promise();
+      repository = describeResponse.repositories![0];
+    } catch (e) {
+      if (e.code !== 'RepositoryNotFoundException') { throw e; }
+    }
+
+    if (repository) {
+      try {
+        debug(`${repositoryName}: checking for image ${imageTag}`);
+        await ecr.describeImages({ repositoryName, imageIds: [{ imageTag }] }).promise();
+
+        // If we got here, the image already exists. Nothing else needs to be done.
+        return {
+          alreadyExists: true,
+          repositoryUri: repository.repositoryUri!,
+          repositoryArn: repository.repositoryArn!,
+        };
+      } catch (e) {
+        if (e.code !== 'ImageNotFoundException') { throw e; }
+      }
+    } else {
+      debug(`${repositoryName}: creating`);
+      const response = await ecr.createRepository({ repositoryName }).promise();
+      repository = response.repository!;
+
+      // Better put a lifecycle policy on this so as to not cost too much money
+      await ecr.putLifecyclePolicy({
+        repositoryName,
+        lifecyclePolicyText: JSON.stringify(DEFAULT_REPO_LIFECYCLE)
+      }).promise();
+    }
+
+    // The repo exists, image just needs to be uploaded. Get auth to do so.
+
+    debug(`Fetching ECR authorization token`);
+    const authData =  (await ecr.getAuthorizationToken({ }).promise()).authorizationData || [];
+    if (authData.length === 0) {
+      throw new Error('No authorization data received from ECR');
+    }
+    const token = Buffer.from(authData[0].authorizationToken!, 'base64').toString('ascii');
+    const [username, password] = token.split(':');
+
+    return {
+      alreadyExists: false,
+      repositoryUri: repository.repositoryUri!,
+      repositoryArn: repository.repositoryArn!,
+      username,
+      password,
+      endpoint: authData[0].proxyEndpoint!,
+    };
+  }
+}
+
+export type EcrRepositoryInfo = CompleteEcrRepositoryInfo | UploadableEcrRepositoryInfo;
+
+export interface CompleteEcrRepositoryInfo {
+  repositoryUri: string;
+  repositoryArn: string;
+  alreadyExists: true;
+}
+
+export interface UploadableEcrRepositoryInfo {
+  repositoryUri: string;
+  repositoryArn: string;
+  alreadyExists: false;
+  username: string;
+  password: string;
+  endpoint: string;
 }
 
 async function objectExists(s3: aws.S3, bucket: string, key: string) {
@@ -114,3 +197,18 @@ function getOutputValue(stack: aws.CloudFormation.Stack, output: string): string
   }
   return result;
 }
+
+const DEFAULT_REPO_LIFECYCLE = {
+  rules: [
+    {
+      rulePriority: 100,
+      description: 'Retain only 5 images',
+      selection: {
+        tagStatus: 'any',
+        countType: 'imageCountMoreThan',
+        countNumber: 5,
+      },
+      action: { type: 'expire' }
+    }
+  ]
+};

packages/aws-cdk/lib/api/util/sdk.ts

@@ -104,6 +104,13 @@ export class SDK {
     });
   }
 
+  public async ecr(environment: Environment, mode: Mode): Promise<AWS.ECR> {
+    return new AWS.ECR({
+      region: environment.region,
+      credentials: await this.credentialsCache.get(environment.account, mode)
+    });
+  }
+
   public async defaultRegion(): Promise<string | undefined> {
     return await getCLICompatibleDefaultRegion(this.profile);
   }

packages/aws-cdk/lib/assets.ts

@@ -1,10 +1,12 @@
-import { ASSET_METADATA, ASSET_PREFIX_SEPARATOR, AssetMetadataEntry, StackMetadata, SynthesizedStack } from '@aws-cdk/cx-api';
+// tslint:disable-next-line:max-line-length
+import { ASSET_METADATA, ASSET_PREFIX_SEPARATOR, AssetMetadataEntry, FileAssetMetadataEntry, StackMetadata, SynthesizedStack } from '@aws-cdk/cx-api';
 import { CloudFormation } from 'aws-sdk';
 import fs = require('fs-extra');
 import os = require('os');
 import path = require('path');
 import { ToolkitInfo } from './api/toolkit-info';
 import { zipDirectory } from './archive';
+import { prepareContainerAsset } from './docker';
 import { debug, success } from './logging';
 
 export async function prepareAssets(stack: SynthesizedStack, toolkitInfo?: ToolkitInfo): Promise<CloudFormation.Parameter[]> {
@@ -35,12 +37,15 @@ async function prepareAsset(asset: AssetMetadataEntry, toolkitInfo: ToolkitInfo)
       return await prepareZipAsset(asset, toolkitInfo);
     case 'file':
       return await prepareFileAsset(asset, toolkitInfo);
+    case 'container-image':
+      return await prepareContainerAsset(asset, toolkitInfo);
     default:
-      throw new Error(`Unsupported packaging type: ${asset.packaging}`);
+      // tslint:disable-next-line:max-line-length
+      throw new Error(`Unsupported packaging type: ${(asset as any).packaging}. You might need to upgrade your aws-cdk toolkit to support this asset type.`);
   }
 }
 
-async function prepareZipAsset(asset: AssetMetadataEntry, toolkitInfo: ToolkitInfo): Promise<CloudFormation.Parameter[]> {
+async function prepareZipAsset(asset: FileAssetMetadataEntry, toolkitInfo: ToolkitInfo): Promise<CloudFormation.Parameter[]> {
   debug('Preparing zip asset from directory:', asset.path);
   const staging = await fs.mkdtemp(path.join(os.tmpdir(), 'cdk-assets'));
   try {
@@ -60,7 +65,7 @@ async function prepareZipAsset(asset: AssetMetadataEntry, toolkitInfo: ToolkitIn
  * @param contentType Content-type to use when uploading to S3 (none will be specified by default)
  */
 async function prepareFileAsset(
-    asset: AssetMetadataEntry,
+    asset: FileAssetMetadataEntry,
     toolkitInfo: ToolkitInfo,
     filePath?: string,
     contentType?: string): Promise<CloudFormation.Parameter[]> {