fix(ecr): policytext errors when includes resource

[ahammond]

ECR does not allow resource to be included in private repository resource policies.
CFN largely swallows the error message.
Most resources require or at least allow a resource in their policies, so we should at least warn.

See issue #24314

[aws-cdk-automation]

The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.

A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.

✅ Updated pull request passes all PRLinter validations. Dissmissing previous PRLinter review.

[TheRealAmazonKendra]

Thanks for picking this up!

Looks like hasWarnings should be hasWarning, which is causing the build failure. Also just a note that on a fix the PR title should state the bug, not the solution implemented. Can you adjust that, please?

Pull request has been modified.

[ahammond]

I tried to test this locally, but

❯ ../../../scripts/buildup         
************************************************************
 buildup usage:
 - execute 'buildup --resume' to resume after failure
 - execute 'buildup' to restart the build from the start

 for advanced usage, see /Users/ahammond/Documents/aws/aws-cdk/scripts/foreach.sh
************************************************************
state cleared. you are free to start a new command.
starting new session ('@aws-cdk/aws-ecr' and its dependencies)
---------------------------------------------------------------------------------
/Users/ahammond/Documents/aws/aws-cdk/tools/@aws-cdk/eslint-plugin: yarn build  (23 remaining)
---------------------------------------------------------------------------------
/Users/ahammond/Documents/aws/aws-cdk/tools/@aws-cdk/node-bundle: yarn build  (22 remaining)
---------------------------------------------------------------------------------
/Users/ahammond/Documents/aws/aws-cdk/tools/@aws-cdk/pkglint: yarn build  (21 remaining)
yarn run v1.22.19
$ tsc -b && eslint . --ext=.ts && chmod +x bin/pkglint

/Users/ahammond/Documents/aws/aws-cdk/tools/@aws-cdk/pkglint/lib/rules.ts
  20:25  error  `../package.json` import should occur before import of `./aws-service-official-names.json`  import/order

/Users/ahammond/Documents/aws/aws-cdk/tools/@aws-cdk/pkglint/test/rules.test.ts
  3:1  error  `./fake-module` import should occur after import of `../lib/rules`  import/order

✖ 2 problems (2 errors, 0 warnings)
  1 error and 0 warnings potentially fixable with the `--fix` option.

error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
error: last command failed. fix problem and resume by executing: /Users/ahammond/Documents/aws/aws-cdk/scripts/foreach.sh
directory:    /Users/ahammond/Documents/aws/aws-cdk/tools/@aws-cdk/pkglint

[TheRealAmazonKendra]

Oh, we just added some linting checks are you're running up against, probably because your branch is from before we did that. It's annoying so gimme an hour or two and I'll resolve the issues on this PR.

[TheRealAmazonKendra]

@Mergifyio update

[mergify]

update

✅ Branch has been successfully updated

[ahammond]

@TheRealAmazonKendra I see that the codebuild failed, however when I try to click through to see the issue I end up at an AWS login. I don't imagine I have the necessary credentials. :) Anyway, I've tried and failed to run the build and test locally and can't see the output of the failed build. I'm feeling a little bit blocked here.

[ahammond]

Ah, I see the build logs link above. I'll chase that down.

[ahammond]

@Mergifyio update

[mergify]

update

☑️ Nothing to do

• #commits-behind>0 [:pushpin: update requirement]
• -closed [:pushpin: update requirement]

[ahammond]

@Mergifyio update

[aws-cdk-automation]

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

[ahammond]

My thought is that there’s nothing more fact based than a direct link to the issue. If it makes it easier for customers to share their voice around an issue, that’s a bonus.

On Fri, Mar 10, 2023 at 1:25 PM Joshua Weber ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ In ***@***.***/aws-ecr/README.md <#24401 (comment)>: > +a `resources` section in the `PolicyStatement`. See AWS internal ticket +`#WRITEME` for details around the ECR and Cfn team working together to @ahammond <https://github.com/ahammond> My opinion: The documentation is technical and fact-based. The purpose is not to put pressure on a team to get a desired feature. — Reply to this email directly, view it on GitHub <#24401 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AADM2RER3DIXGIMQW4XUL6DW3OL5RANCNFSM6AAAAAAVMKXHUI> . You are receiving this because you were mentioned.Message ID: ***@***.***>

-- MiniLockID: uX4VrN5FvyFxFCxgTksGxJqvKa16iBhqseYxxA1UkZVJw GPG: 773A 6BDD 71CE 0AB8 0F5A 1176 8679 A114 FB1A 69BD

[aws-cdk-automation]

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

[aws-cdk-automation]

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

[aws-cdk-automation]

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

[aws-cdk-automation]

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

[aws-cdk-automation]

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

[aws-cdk-automation]

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

[aws-cdk-automation]

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

[aws-cdk-automation]

This PR has been in the MERGE CONFLICTS state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week.

Pull request has been modified.

[ahammond]

@TheRealAmazonKendra PR updated.

[aws-cdk-automation]

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

[aws-cdk-automation]

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

[ahammond]

@TheRealAmazonKendra updated again. Please merge.

[TheRealAmazonKendra]

Looks good!

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: c2f9212
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).