Create latest_container resolver

README.md

@@ -331,6 +331,19 @@ A set of possible attributes is available in the [AWS documentation](https://doc
 
 Any value can be an array of possible matches.
 
+### Latest Container from Repository
+
+Looks up the latest Container Image from an ECR repository. We use this instead of a "latest" tag, because if the tag is latest a CloudFormation update will not trigger a deployment of the container, since nothing has changed.
+As such this resolver will never return the latest tag for a container.
+
+```yaml
+container_image_id:
+  latest_container:
+    repository_name: nginx # Required. The name of the repository
+    registry_id: 012345678910 # The AWS Account ID the repository is located in. Defaults to the current account's default registry
+    region: us-east-1 # Defaults to the region the stack is located in
+```
+
 ### Environment Variable
 
 Lookup an environment variable:

lib/stack_master.rb

@@ -3,6 +3,7 @@
 require 'aws-sdk-acm'
 require 'aws-sdk-cloudformation'
 require 'aws-sdk-ec2'
+require 'aws-sdk-ecr'
 require 'aws-sdk-s3'
 require 'aws-sdk-sns'
 require 'aws-sdk-ssm'
@@ -74,6 +75,7 @@ module ParameterResolvers
     autoload :Env, 'stack_master/parameter_resolvers/env'
     autoload :ParameterStore, 'stack_master/parameter_resolvers/parameter_store'
     autoload :OnePassword, 'stack_master/parameter_resolvers/one_password'
+    autoload :LatestContainer, 'stack_master/parameter_resolvers/latest_container'
   end
 
   module AwsDriver

lib/stack_master/parameter_resolvers/latest_container.rb

@@ -0,0 +1,49 @@
+module StackMaster
+  module ParameterResolvers
+    class LatestContainer < Resolver
+      array_resolver class_name: 'LatestContainers'
+
+      def initialize(config, stack_definition)
+        @config = config
+        @stack_definition = stack_definition
+      end
+
+      def resolve(parameters)
+        @region = parameters['region'] || @stack_definition.region
+        ecr_client = Aws::ECR::Client.new(region: @region)
+        if parameters['repository_name'].nil?
+          raise ArgumentError, "repository_name parameter is required but was not supplied"
+        end
+        images = fetch_images(parameters['repository_name'], parameters['registry_id'], ecr_client)
+        return nil if images.empty?
+        images.sort! { |image_x, image_y| image_y.image_pushed_at <=> image_x.image_pushed_at }
+        latest_image = images.first
+        latest_tag = latest_image.image_tags.delete_if { |tag| tag == "latest" }.first
+        # aws_account_id.dkr.ecr.region.amazonaws.com
+        return  "#{latest_image.registry_id}.dkr.ecr.#{@region}.amazonaws.com/#{parameters['repository_name']}:#{latest_tag}"
+      end
+
+      private
+
+      def fetch_images(repository_name, registry_id, ecr)
+        images = []
+        next_token = nil
+        while
+          resp = ecr.describe_images({
+            repository_name: repository_name,
+            registry_id: registry_id,
+            next_token: next_token,
+          })
+
+          images.push(resp.image_details)
+          next_token = resp.next_token
+
+          if resp.next_token.nil?
+            break
+          end
+        end
+        images.flatten
+      end
+    end
+  end
+end

spec/stack_master/parameter_resolvers/latest_container_spec.rb

@@ -0,0 +1,59 @@
+RSpec.describe StackMaster::ParameterResolvers::LatestContainer do
+  let(:config) { double(base_dir: '/base') }
+  let(:stack_definition) { double(stack_name: 'mystack', region: 'us-east-1') }
+  subject(:resolver) { described_class.new(config, stack_definition) }
+  let(:ecr) { Aws::ECR::Client.new(stub_responses: true) }
+
+  before do
+    allow(Aws::ECR::Client).to receive(:new).and_return(ecr)
+  end
+
+  context 'when matches are found' do
+    before do
+      ecr.stub_responses(:describe_images, image_details: [
+        { registry_id: '012345678910', image_digest: 'decafc0ffee', image_pushed_at: Time.utc(2015,1,2,0,0), image_tags: ['v1'] },
+        { registry_id: '012345678910', image_digest: 'deadbeef', image_pushed_at: Time.utc(2015,1,3,0,0), image_tags: ['v2'] }
+      ])
+    end
+
+    it 'returns the latest one' do
+      expect(resolver.resolve({'repository_name' => 'foo'})).to eq '012345678910.dkr.ecr.us-east-1.amazonaws.com/foo:v2'
+    end
+  end
+
+  context 'when there are multiple tags including latest' do
+    before do
+      ecr.stub_responses(:describe_images, image_details: [
+        { registry_id: '012345678910', image_digest: 'decafc0ffee', image_pushed_at: Time.utc(2015,1,2,0,0), image_tags: ['v1'] },
+        { registry_id: '012345678910', image_digest: 'deadbeef', image_pushed_at: Time.utc(2015,1,3,0,0), image_tags: ['latest', 'v2'] }
+      ])
+    end
+
+    it 'does not return the latest tag' do
+      expect(resolver.resolve({'repository_name' => 'foo'})).to eq '012345678910.dkr.ecr.us-east-1.amazonaws.com/foo:v2'
+    end
+  end
+
+  context 'when no matches are found' do
+    before do
+      ecr.stub_responses(:describe_images, image_details: [])
+    end
+
+    it 'returns nil' do
+      expect(resolver.resolve({'repository_name' => 'foo'})).to be_nil
+    end
+  end
+
+  context 'when registry_id is passed in' do
+    before do
+      ecr.stub_responses(:describe_images, image_details: [
+        { registry_id: '012345678910', image_digest: 'decafc0ffee', image_pushed_at: Time.utc(2015,1,2,0,0), image_tags: ['v1'] },
+      ])
+    end
+
+    it 'passes registry_id to describe_images' do
+      expect(ecr).to receive(:describe_images).with(repository_name: "foo", registry_id: "012345678910", next_token: nil)
+      resolver.resolve({'repository_name' => 'foo', 'registry_id' => "012345678910"})
+    end
+  end
+end

stack_master.gemspec

@@ -46,6 +46,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "aws-sdk-s3", "~> 1"
   spec.add_dependency "aws-sdk-sns", "~> 1"
   spec.add_dependency "aws-sdk-ssm", "~> 1"
+  spec.add_dependency "aws-sdk-ecr", "~> 1"
   spec.add_dependency "diffy"
   spec.add_dependency "erubis"
   spec.add_dependency "colorize"