UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

111 lines (110 loc) 4.94 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
import * as ec2 from '../../aws-ec2'; import * as ecr from '../../aws-ecr'; import * as iam from '../../aws-iam'; import * as secretsmanager from '../../aws-secretsmanager'; /** * Represents credentials used to access a Docker registry. */ export declare abstract class DockerCredential { protected readonly usages?: DockerCredentialUsage[] | undefined; /** * Creates a DockerCredential for DockerHub. * Convenience method for `customRegistry('https://index.docker.io/v1/', opts)`. */ static dockerHub(secret: secretsmanager.ISecret, opts?: ExternalDockerCredentialOptions): DockerCredential; /** * Creates a DockerCredential for a registry, based on its domain name (e.g., 'www.example.com'). */ static customRegistry(registryDomain: string, secret: secretsmanager.ISecret, opts?: ExternalDockerCredentialOptions): DockerCredential; /** * Creates a DockerCredential for one or more ECR repositories. * * NOTE - All ECR repositories in the same account and region share a domain name * (e.g., 0123456789012.dkr.ecr.eu-west-1.amazonaws.com), and can only have one associated * set of credentials (and DockerCredential). Attempting to associate one set of credentials * with one ECR repo and another with another ECR repo in the same account and region will * result in failures when using these credentials in the pipeline. */ static ecr(repositories: ecr.IRepository[], opts?: EcrDockerCredentialOptions): DockerCredential; constructor(usages?: DockerCredentialUsage[] | undefined); /** * Determines if this credential is relevant to the input usage. * @internal */ _applicableForUsage(usage: DockerCredentialUsage): boolean; /** * Grant read-only access to the registry credentials. * This grants read access to any secrets, and pull access to any repositories. */ abstract grantRead(grantee: iam.IGrantable, usage: DockerCredentialUsage): void; /** * Creates and returns the credential configuration, to be used by `cdk-assets` * to support the `docker-credential-cdk-assets` tool for `docker login`. * @internal */ abstract _renderCdkAssetsConfig(): DockerCredentialCredentialSource; } /** Options for defining credentials for a Docker Credential */ export interface ExternalDockerCredentialOptions { /** * The name of the JSON field of the secret which contains the user/login name. * @default 'username' */ readonly secretUsernameField?: string; /** * The name of the JSON field of the secret which contains the secret/password. * @default 'secret' */ readonly secretPasswordField?: string; /** * An IAM role to assume prior to accessing the secret. * @default - none. The current execution role will be used. */ readonly assumeRole?: iam.IRole; /** * Defines which stages of the pipeline should be granted access to these credentials. * @default - all relevant stages (synth, self-update, asset publishing) are granted access. */ readonly usages?: DockerCredentialUsage[]; } /** Options for defining access for a Docker Credential composed of ECR repos */ export interface EcrDockerCredentialOptions { /** * An IAM role to assume prior to accessing the secret. * @default - none. The current execution role will be used. */ readonly assumeRole?: iam.IRole; /** * Defines which stages of the pipeline should be granted access to these credentials. * @default - all relevant stages (synth, self-update, asset publishing) are granted access. */ readonly usages?: DockerCredentialUsage[]; } /** Defines which stages of a pipeline require the specified credentials */ export declare enum DockerCredentialUsage { /** Synth/Build */ SYNTH = "SYNTH", /** Self-update */ SELF_UPDATE = "SELF_UPDATE", /** Asset publishing */ ASSET_PUBLISHING = "ASSET_PUBLISHING" } /** Format for the CDK assets config. See the cdk-assets `DockerDomainCredentialSource` */ interface DockerCredentialCredentialSource { readonly secretsManagerSecretId?: string; readonly secretsUsernameField?: string; readonly secretsPasswordField?: string; readonly ecrRepository?: boolean; readonly assumeRoleArn?: string; } /** * Creates a set of OS-specific buildspec installation commands for setting up the given * registries and associated credentials. * * @param registries - Registries to configure credentials for. It is an error to provide * multiple registries for the same domain. * @param osType - (optional) Defaults to Linux. * @returns An array of commands to configure cdk-assets to use these credentials. */ export declare function dockerCredentialsInstallCommands(usage: DockerCredentialUsage, registries?: DockerCredential[], osType?: ec2.OperatingSystemType | 'both'): string[]; export {};