ecs_composex.compose.compose_services.service_image package ¶

Submodules ¶

ecs_composex.compose.compose_services.service_image.docker_opts module ¶

Helper functions around ECR and docker images, done early to ensure viability of the execution before doing all the resources allocations / lookups

ecs_composex.compose.compose_services.service_image.docker_opts. evaluate_ecr_configs ( settings ) [source] ¶

Function to go over each service of each family in its final state and evaluate the ECR Image validity.

Return type :: int

ecs_composex.compose.compose_services.service_image.ecr_helpers module ¶

ecs_composex.compose.compose_services.service_image.ecr_helpers. define_ecr_session ( account_id , repo_name , region , settings , role_arn = None ) [source] ¶: Function to determine the boto3 session to use for subsequent API calls to ECR :type account_id: :param account_id: :type repo_name: :param repo_name: :type region: :param region: :type settings: :param settings: :param str role_arn: :return:

ecs_composex.compose.compose_services.service_image.ecr_helpers. define_service_image ( service , settings ) [source] ¶

Function to parse and identify the image for the service in AWS ECR

Parameters :

service ( ecs_composex.common.compose_services.ComposeService ) –
settings ( ecs_composex.common.settings.ComposeXSettings ) – The settings for the execution

Returns :

ecs_composex.compose.compose_services.service_image.ecr_helpers. identify_service_image ( service , repo_name , image_sha , image_tag , session ) [source] ¶

Function to identify the image in repository that matches the one defined in service for a private ECR Based image.

Parameters :

repo_name ( str ) –
image_sha ( str ) –
image_tag ( str ) –
session ( boto3.session.Session ) –

Returns :

The image definition

Return type :

dict

ecs_composex.compose.compose_services.service_image.ecr_helpers. interpolate_ecr_uri_tag_with_digest ( image_url , image_digest ) [source] ¶

Function to replace the tag from image_url

Parameters :

image_url ( str ) –
image_digest ( str ) –

Returns :

ecs_composex.compose.compose_services.service_image.ecr_scans_eval module ¶

ecs_composex.compose.compose_services.service_image.ecr_scans_eval. define_result ( image_url , security_findings , thresholds , vulnerability_config ) [source] ¶

Function to define what to do with findings, if any. If VulnerabilitiesScan.Fail is False, then ignore the findings and display only

Parameters :

image_url ( str ) –
security_findings ( dict ) –
thresholds ( dict ) –
vulnerability_config ( dict ) –

Returns :

Whether there is a breach of thresholds or not

Return type :

bool

ecs_composex.compose.compose_services.service_image.ecr_scans_eval. initial_scan_retrieval ( registry , repository_name , image , service_image , trigger_scan , ecr_session = None ) [source] ¶

Function to retrieve the scan findings from ECR, and if none, can trigger scan

Parameters :

registry ( str ) –
repository_name ( str ) –
image ( dict ) –
service_image ( ServiceImage ) –
trigger_scan ( bool ) –
ecr_session ( boto3.session.Session ) –

Returns :

The scan report

Return type :

dict

ecs_composex.compose.compose_services.service_image.ecr_scans_eval. scan_poll_and_wait ( registry , repository_name , image , image_url , ecr_session = None , scan_frequency = None , scan_on_push = False ) [source] ¶: Function to pull the scans results until no longer in progress

ecs_composex.compose.compose_services.service_image.ecr_scans_eval. scan_service_image ( service , settings , the_image = None ) [source] ¶

Function to review the service definition and evaluate scan if properties defined

Parameters :

service ( ecs_composex.common.compose_services.ComposeService ) –
settings ( ecs_composex.common.settings.ComposeXSettings ) – The settings for the execution
the_image – The image to use for scanning references.

ecs_composex.compose.compose_services.service_image.ecr_scans_eval. validate_input ( service ) [source] ¶

Validates that we have enough settings and the URL matches AWS ECR Private Repo

Parameters :: service ( ecs_composex.common.compose_services.ComposeService ) –
Returns :

ecs_composex.compose.compose_services.service_image.ecr_scans_eval. validate_the_image_input ( the_image ) [source] ¶

Function to validet the_image input

Parameters :: the_image ( dict ) –
Raises :: ValueError if is None
Raises :: TypeError if the_image is not dict
Raises :: KeyError if imageDigest is missing

ecs_composex.compose.compose_services.service_image.ecr_scans_eval. wait_for_scan_report ( registry , repository_name , image , image_url , trigger_scan = False , ecr_session = None ) [source] ¶

Function to wait for the scan report to go from In Progress to else

Parameters :

registry ( str ) –
repository_name ( str ) –
image –
image_url: ( str ) –
trigger_scan ( bool ) –
ecr_session ( boto3.session.Session ) –

Returns :

Module contents ¶

class ecs_composex.compose.compose_services.service_image. ServiceImage ( service , image_param = None ) [source] ¶

Bases: object

Variables :

_image –
image_uri ( str ) –

property image : Union [ str , Ref ] ¶

property image_param : Parameter ¶

interpolate_image_digest ( settings = None ) [source] ¶: if service x-ecr is set, and image URI indicates a resolvable image, sets image_digest

property private_ecr : Optional [ Match ] ¶

private_ecr_digest ( settings ) [source] ¶

property public_ecr : Optional [ Match ] ¶

retrieve_image_digest ( ) [source] ¶: Retrieves the docker images digest from the repository to use instead of the image tag.

property service : ComposeService ¶

ecs_composex.compose.compose_services.service_image. get_image_from_ssm_parameter ( ssm_parameter , session = None ) [source] ¶

Return type :: typing.Optional [ str ]