ecs_composex.ecr package

Submodules

ecs_composex.ecr.ecr_scans_eval module

ecs_composex.ecr.ecr_scans_eval. define_ecr_session ( account_id , current_account_id , repo_name , region , settings , role_arn = None ) [source]

Function to determine the boto3 session to use for subsequent API calls to ECR :param account_id: :param current_account_id: :param repo_name: :param region: :param settings: :param str role_arn: :return:

ecs_composex.ecr.ecr_scans_eval. define_result ( image_url , security_findings , thresholds , vulnerability_config ) [source]

Function to define what to do with findings, if any. If VulnerabilitiesScan.Fail is False, then ignore the findings and display only

Parameters
  • image_url ( str ) –

  • security_findings ( dict ) –

  • thresholds ( dict ) –

  • vulnerability_config ( dict ) –

Returns

Whether there is a breach of thresholds or not

Return type

bool

ecs_composex.ecr.ecr_scans_eval. define_service_image ( service , settings ) [source]

Function to parse and identify the image for the service in AWS ECR

Parameters
Returns

ecs_composex.ecr.ecr_scans_eval. identify_service_image ( repo_name , image_sha , image_tag , session ) [source]

Function to identify the image in repository that matches the one defined in services.image

Parameters
  • repo_name ( str ) –

  • image_sha ( str ) –

  • image_tag ( str ) –

  • session ( boto3.session.Session ) –

Returns

The image definition

Return type

dict

ecs_composex.ecr.ecr_scans_eval. initial_scan_retrieval ( registry , repository_name , image , image_url , trigger_scan , ecr_session = None ) [source]

Function to retrieve the scan findings from ECR, and if none, can trigger scan

Parameters
  • registry ( str ) –

  • repository_name ( str ) –

  • image ( dict ) –

  • image_url ( str ) –

  • trigger_scan ( bool ) –

  • ecr_session ( boto3.session.Session ) –

Returns

The scan report

Return type

dict

ecs_composex.ecr.ecr_scans_eval. interpolate_ecr_uri_tag_with_digest ( image_url , image_digest ) [source]

Function to replace the tag from image_url

Parameters
  • image_url ( str ) –

  • image_digest ( str ) –

Returns

ecs_composex.ecr.ecr_scans_eval. invalidate_image_from_ecr ( service , mute = False ) [source]

Function to validate that the image URI is from valid and from private ECR

Parameters
Returns

True when the image is not from ECR

Return type

bool

ecs_composex.ecr.ecr_scans_eval. scan_poll_and_wait ( registry , repository_name , image , image_url , ecr_session = None ) [source]

Function to pull the scans results until no longer in progress

Parameters
  • ecr_session ( boto3.session.Session ) –

  • registry

  • repository_name

  • image

  • image_url

  • ecr_session

Returns

The scan report

Return type

dict

ecs_composex.ecr.ecr_scans_eval. scan_service_image ( service , settings , the_image = None ) [source]

Function to review the service definition and evaluate scan if properties defined

Parameters
Returns

ecs_composex.ecr.ecr_scans_eval. validate_input ( service ) [source]

Validates that we have enough settings and the URL matches AWS ECR Private Repo

Parameters

service ( ecs_composex.common.compose_services.ComposeService ) –

Returns

ecs_composex.ecr.ecr_scans_eval. validate_the_image_input ( the_image ) [source]

Function to validet the_image input

Parameters

the_image ( dict ) –

Raises

ValueError if is None

Raises

TypeError if the_image is not dict

Raises

KeyError if imageDigest is missing

ecs_composex.ecr.ecr_scans_eval. wait_for_scan_report ( registry , repository_name , image , image_url , trigger_scan = False , ecr_session = None ) [source]

Function to wait for the scan report to go from In Progress to else

Parameters
  • registry ( str ) –

  • repository_name ( str ) –

  • image ( dict ) –

  • image_url: ( str ) –

  • trigger_scan ( bool ) –

  • ecr_session ( boto3.session.Session ) –

Returns

Module contents

x-ecr module