feat(client-ecr): This release adds Amazon ECR to Amazon ECR pull through cache rules support.

Author: awstools

clients/client-ecr/src/commands/CreatePullThroughCacheRuleCommand.ts

@@ -42,8 +42,10 @@ export interface CreatePullThroughCacheRuleCommandOutput extends CreatePullThrou
  *   ecrRepositoryPrefix: "STRING_VALUE", // required
  *   upstreamRegistryUrl: "STRING_VALUE", // required
  *   registryId: "STRING_VALUE",
- *   upstreamRegistry: "ecr-public" || "quay" || "k8s" || "docker-hub" || "github-container-registry" || "azure-container-registry" || "gitlab-container-registry",
+ *   upstreamRegistry: "ecr" || "ecr-public" || "quay" || "k8s" || "docker-hub" || "github-container-registry" || "azure-container-registry" || "gitlab-container-registry",
  *   credentialArn: "STRING_VALUE",
+ *   customRoleArn: "STRING_VALUE",
+ *   upstreamRepositoryPrefix: "STRING_VALUE",
  * };
  * const command = new CreatePullThroughCacheRuleCommand(input);
  * const response = await client.send(command);
@@ -52,8 +54,10 @@ export interface CreatePullThroughCacheRuleCommandOutput extends CreatePullThrou
  * //   upstreamRegistryUrl: "STRING_VALUE",
  * //   createdAt: new Date("TIMESTAMP"),
  * //   registryId: "STRING_VALUE",
- * //   upstreamRegistry: "ecr-public" || "quay" || "k8s" || "docker-hub" || "github-container-registry" || "azure-container-registry" || "gitlab-container-registry",
+ * //   upstreamRegistry: "ecr" || "ecr-public" || "quay" || "k8s" || "docker-hub" || "github-container-registry" || "azure-container-registry" || "gitlab-container-registry",
  * //   credentialArn: "STRING_VALUE",
+ * //   customRoleArn: "STRING_VALUE",
+ * //   upstreamRepositoryPrefix: "STRING_VALUE",
  * // };
  *
  * ```

clients/client-ecr/src/commands/DeletePullThroughCacheRuleCommand.ts

@@ -47,6 +47,8 @@ export interface DeletePullThroughCacheRuleCommandOutput extends DeletePullThrou
  * //   createdAt: new Date("TIMESTAMP"),
  * //   registryId: "STRING_VALUE",
  * //   credentialArn: "STRING_VALUE",
+ * //   customRoleArn: "STRING_VALUE",
+ * //   upstreamRepositoryPrefix: "STRING_VALUE",
  * // };
  *
  * ```

clients/client-ecr/src/commands/DescribePullThroughCacheRulesCommand.ts

@@ -58,7 +58,9 @@ export interface DescribePullThroughCacheRulesCommandOutput
  * //       createdAt: new Date("TIMESTAMP"),
  * //       registryId: "STRING_VALUE",
  * //       credentialArn: "STRING_VALUE",
- * //       upstreamRegistry: "ecr-public" || "quay" || "k8s" || "docker-hub" || "github-container-registry" || "azure-container-registry" || "gitlab-container-registry",
+ * //       customRoleArn: "STRING_VALUE",
+ * //       upstreamRepositoryPrefix: "STRING_VALUE",
+ * //       upstreamRegistry: "ecr" || "ecr-public" || "quay" || "k8s" || "docker-hub" || "github-container-registry" || "azure-container-registry" || "gitlab-container-registry",
  * //       updatedAt: new Date("TIMESTAMP"),
  * //     },
  * //   ],

clients/client-ecr/src/commands/UpdatePullThroughCacheRuleCommand.ts

@@ -38,7 +38,8 @@ export interface UpdatePullThroughCacheRuleCommandOutput extends UpdatePullThrou
  * const input = { // UpdatePullThroughCacheRuleRequest
  *   registryId: "STRING_VALUE",
  *   ecrRepositoryPrefix: "STRING_VALUE", // required
- *   credentialArn: "STRING_VALUE", // required
+ *   credentialArn: "STRING_VALUE",
+ *   customRoleArn: "STRING_VALUE",
  * };
  * const command = new UpdatePullThroughCacheRuleCommand(input);
  * const response = await client.send(command);
@@ -47,6 +48,8 @@ export interface UpdatePullThroughCacheRuleCommandOutput extends UpdatePullThrou
  * //   registryId: "STRING_VALUE",
  * //   updatedAt: new Date("TIMESTAMP"),
  * //   credentialArn: "STRING_VALUE",
+ * //   customRoleArn: "STRING_VALUE",
+ * //   upstreamRepositoryPrefix: "STRING_VALUE",
  * // };
  *
  * ```

clients/client-ecr/src/commands/ValidatePullThroughCacheRuleCommand.ts

@@ -54,6 +54,8 @@ export interface ValidatePullThroughCacheRuleCommandOutput
  * //   registryId: "STRING_VALUE",
  * //   upstreamRegistryUrl: "STRING_VALUE",
  * //   credentialArn: "STRING_VALUE",
+ * //   customRoleArn: "STRING_VALUE",
+ * //   upstreamRepositoryPrefix: "STRING_VALUE",
  * //   isValid: true || false,
  * //   failure: "STRING_VALUE",
  * // };

clients/client-ecr/src/models/models_0.ts

@@ -801,6 +801,7 @@ export class UploadNotFoundException extends __BaseException {
 export const UpstreamRegistry = {
   AzureContainerRegistry: "azure-container-registry",
   DockerHub: "docker-hub",
+  Ecr: "ecr",
   EcrPublic: "ecr-public",
   GitHubContainerRegistry: "github-container-registry",
   GitLabContainerRegistry: "gitlab-container-registry",
@@ -819,6 +820,11 @@ export type UpstreamRegistry = (typeof UpstreamRegistry)[keyof typeof UpstreamRe
 export interface CreatePullThroughCacheRuleRequest {
   /**
    * <p>The repository name prefix to use when caching images from the source registry.</p>
+   *          <important>
+   *             <p>There is always an assumed <code>/</code> applied to the end of the prefix. If you
+   *                 specify <code>ecr-public</code> as the prefix, Amazon ECR treats that as
+   *                     <code>ecr-public/</code>.</p>
+   *          </important>
    * @public
    */
   ecrRepositoryPrefix: string | undefined;
@@ -829,32 +835,42 @@ export interface CreatePullThroughCacheRuleRequest {
    *             registry.</p>
    *          <ul>
    *             <li>
-   *                <p>Amazon ECR Public (<code>ecr-public</code>) - <code>public.ecr.aws</code>
+   *                <p>Amazon ECR (<code>ecr</code>) –
+   *                     <code>dkr.ecr.<region>.amazonaws.com</code>
+   *                </p>
+   *             </li>
+   *             <li>
+   *                <p>Amazon ECR Public (<code>ecr-public</code>) – <code>public.ecr.aws</code>
    *                </p>
    *             </li>
    *             <li>
-   *                <p>Docker Hub (<code>docker-hub</code>) -
+   *                <p>Docker Hub (<code>docker-hub</code>) –
    *                     <code>registry-1.docker.io</code>
    *                </p>
    *             </li>
    *             <li>
-   *                <p>Quay (<code>quay</code>) - <code>quay.io</code>
+   *                <p>GitHub Container Registry (<code>github-container-registry</code>) –
+   *                         <code>ghcr.io</code>
    *                </p>
    *             </li>
    *             <li>
-   *                <p>Kubernetes (<code>k8s</code>) - <code>registry.k8s.io</code>
+   *                <p>GitLab Container Registry (<code>gitlab-container-registry</code>) –
+   *                         <code>registry.gitlab.com</code>
    *                </p>
    *             </li>
    *             <li>
-   *                <p>GitHub Container Registry (<code>github-container-registry</code>) -
-   *                         <code>ghcr.io</code>
+   *                <p>Kubernetes (<code>k8s</code>) – <code>registry.k8s.io</code>
    *                </p>
    *             </li>
    *             <li>
-   *                <p>Microsoft Azure Container Registry (<code>azure-container-registry</code>) -
+   *                <p>Microsoft Azure Container Registry (<code>azure-container-registry</code>) –
    *                         <code><custom>.azurecr.io</code>
    *                </p>
    *             </li>
+   *             <li>
+   *                <p>Quay (<code>quay</code>) – <code>quay.io</code>
+   *                </p>
+   *             </li>
    *          </ul>
    * @public
    */
@@ -879,6 +895,22 @@ export interface CreatePullThroughCacheRuleRequest {
    * @public
    */
   credentialArn?: string | undefined;
+
+  /**
+   * <p>Amazon Resource Name (ARN) of the IAM role to be assumed by Amazon ECR to authenticate to
+   *             the ECR upstream registry. This role must be in the same account as the registry that
+   *             you are configuring.</p>
+   * @public
+   */
+  customRoleArn?: string | undefined;
+
+  /**
+   * <p>The repository name prefix of the upstream registry to match with the upstream
+   *             repository name. When this field isn't specified, Amazon ECR will use the
+   *             <code>ROOT</code>.</p>
+   * @public
+   */
+  upstreamRepositoryPrefix?: string | undefined;
 }
 
 /**
@@ -922,6 +954,18 @@ export interface CreatePullThroughCacheRuleResponse {
    * @public
    */
   credentialArn?: string | undefined;
+
+  /**
+   * <p>The ARN of the IAM role associated with the pull through cache rule.</p>
+   * @public
+   */
+  customRoleArn?: string | undefined;
+
+  /**
+   * <p>The upstream repository prefix associated with the pull through cache rule.</p>
+   * @public
+   */
+  upstreamRepositoryPrefix?: string | undefined;
 }
 
 /**
@@ -1498,8 +1542,8 @@ export interface RepositoryCreationTemplate {
   imageTagMutability?: ImageTagMutability | undefined;
 
   /**
-   * <p>he repository policy to apply to repositories created using the template. A repository
-   *             policy is a permissions policy associated with a repository to control access
+   * <p>The repository policy to apply to repositories created using the template. A
+   *             repository policy is a permissions policy associated with a repository to control access
    *             permissions. </p>
    * @public
    */
@@ -1701,6 +1745,18 @@ export interface DeletePullThroughCacheRuleResponse {
    * @public
    */
   credentialArn?: string | undefined;
+
+  /**
+   * <p>The ARN of the IAM role associated with the pull through cache rule.</p>
+   * @public
+   */
+  customRoleArn?: string | undefined;
+
+  /**
+   * <p>The upstream repository prefix associated with the pull through cache rule.</p>
+   * @public
+   */
+  upstreamRepositoryPrefix?: string | undefined;
 }
 
 /**
@@ -2249,10 +2305,10 @@ export interface ImageDetail {
    *          <p>If the image is a manifest list, this will be the max size of all manifests in the
    *             list.</p>
    *          <note>
-   *             <p>Beginning with Docker version 1.9, the Docker client compresses image layers
-   *                 before pushing them to a V2 Docker registry. The output of the <code>docker
-   *                     images</code> command shows the uncompressed image size, so it may return a
-   *                 larger image size than the image sizes returned by <a>DescribeImages</a>.</p>
+   *             <p>Starting with Docker version 1.9, the Docker client compresses image layers before
+   *                 pushing them to a V2 Docker registry. The output of the <code>docker images</code>
+   *                 command shows the uncompressed image size. Therefore, Docker might return a larger
+   *                 image than the image sizes returned by <a>DescribeImages</a>.</p>
    *          </note>
    * @public
    */
@@ -3075,6 +3131,18 @@ export interface PullThroughCacheRule {
    */
   credentialArn?: string | undefined;
 
+  /**
+   * <p>The ARN of the IAM role associated with the pull through cache rule.</p>
+   * @public
+   */
+  customRoleArn?: string | undefined;
+
+  /**
+   * <p>The upstream repository prefix associated with the pull through cache rule.</p>
+   * @public
+   */
+  upstreamRepositoryPrefix?: string | undefined;
+
   /**
    * <p>The name of the upstream source registry associated with the pull through cache
    *             rule.</p>
@@ -3389,10 +3457,10 @@ export interface GetAccountSettingResponse {
   name?: string | undefined;
 
   /**
-   * <p>The setting value for the setting name. The following are valid values for the basic scan
-   *             type being used: <code>AWS_NATIVE</code> or <code>CLAIR</code>. The following are valid
-   *             values for the registry policy scope being used: <code>V1</code> or
-   *             <code>V2</code>.</p>
+   * <p>The setting value for the setting name. The following are valid values for the basic
+   *             scan type being used: <code>AWS_NATIVE</code> or <code>CLAIR</code>. The following are
+   *             valid values for the registry policy scope being used: <code>V1</code> or
+   *                 <code>V2</code>.</p>
    * @public
    */
   value?: string | undefined;
@@ -4816,7 +4884,15 @@ export interface UpdatePullThroughCacheRuleRequest {
    *             to the upstream registry.</p>
    * @public
    */
-  credentialArn: string | undefined;
+  credentialArn?: string | undefined;
+
+  /**
+   * <p>Amazon Resource Name (ARN) of the IAM role to be assumed by Amazon ECR to authenticate to the
+   *             ECR upstream registry. This role must be in the same account as the registry that you
+   *             are configuring.</p>
+   * @public
+   */
+  customRoleArn?: string | undefined;
 }
 
 /**
@@ -4848,6 +4924,18 @@ export interface UpdatePullThroughCacheRuleResponse {
    * @public
    */
   credentialArn?: string | undefined;
+
+  /**
+   * <p>The ARN of the IAM role associated with the pull through cache rule.</p>
+   * @public
+   */
+  customRoleArn?: string | undefined;
+
+  /**
+   * <p>The upstream repository prefix associated with the pull through cache rule.</p>
+   * @public
+   */
+  upstreamRepositoryPrefix?: string | undefined;
 }
 
 /**
@@ -5116,6 +5204,18 @@ export interface ValidatePullThroughCacheRuleResponse {
    */
   credentialArn?: string | undefined;
 
+  /**
+   * <p>The ARN of the IAM role associated with the pull through cache rule.</p>
+   * @public
+   */
+  customRoleArn?: string | undefined;
+
+  /**
+   * <p>The upstream repository prefix associated with the pull through cache rule.</p>
+   * @public
+   */
+  upstreamRepositoryPrefix?: string | undefined;
+
   /**
    * <p>Whether or not the pull through cache rule was validated. If <code>true</code>, Amazon ECR
    *             was able to reach the upstream registry and authentication was successful. If

clients/client-ecr/src/protocols/Aws_json1_1.ts

@@ -2928,10 +2928,12 @@ const de_CreatePullThroughCacheRuleResponse = (
   return take(output, {
     createdAt: (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))),
     credentialArn: __expectString,
+    customRoleArn: __expectString,
     ecrRepositoryPrefix: __expectString,
     registryId: __expectString,
     upstreamRegistry: __expectString,
     upstreamRegistryUrl: __expectString,
+    upstreamRepositoryPrefix: __expectString,
   }) as any;
 };
 
@@ -3020,9 +3022,11 @@ const de_DeletePullThroughCacheRuleResponse = (
   return take(output, {
     createdAt: (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))),
     credentialArn: __expectString,
+    customRoleArn: __expectString,
     ecrRepositoryPrefix: __expectString,
     registryId: __expectString,
     upstreamRegistryUrl: __expectString,
+    upstreamRepositoryPrefix: __expectString,
   }) as any;
 };
 
@@ -3399,11 +3403,13 @@ const de_PullThroughCacheRule = (output: any, context: __SerdeContext): PullThro
   return take(output, {
     createdAt: (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))),
     credentialArn: __expectString,
+    customRoleArn: __expectString,
     ecrRepositoryPrefix: __expectString,
     registryId: __expectString,
     updatedAt: (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))),
     upstreamRegistry: __expectString,
     upstreamRegistryUrl: __expectString,
+    upstreamRepositoryPrefix: __expectString,
   }) as any;
 };
 
@@ -3643,9 +3649,11 @@ const de_UpdatePullThroughCacheRuleResponse = (
 ): UpdatePullThroughCacheRuleResponse => {
   return take(output, {
     credentialArn: __expectString,
+    customRoleArn: __expectString,
     ecrRepositoryPrefix: __expectString,
     registryId: __expectString,
     updatedAt: (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))),
+    upstreamRepositoryPrefix: __expectString,
   }) as any;
 };