Lucasmacedo/AI-Frente-Corretora-Assistente
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
main
AI-Frente-Corretora-Assistente/infra/ecs_alb/ecr.py

100 lines
4.0 KiB
Python
Raw Permalink Blame History

import pulumi
import pulumi_aws as aws
import conf as config
import json
def create_ecr_repo():
ecr_repositories = []
for repo in config.ecr["repos"]:
if repo["create_ecr_repo"]:
ecr_repository = aws.ecr.Repository(
repo,
name=f"{repo}",
force_delete=True)
token = aws.ecr.get_authorization_token_output(registry_id=ecr_repository.registry_id)
langserve_ecr_life_cycle_policy = aws.ecr.LifecyclePolicy(f"{repo}-ecr-life-cycle-policy",
repository=ecr_repository.name,
policy=json.dumps({
"rules": [{
"rulePriority": 1,
"description": "Expire images when they are more than 10 available",
"selection": {
"tagStatus": "any",
"countType": "imageCountMoreThan",
"countNumber": 10,
},
"action": {
"type": "expire",
},
}],
}))
policy_ecr = aws.iam.get_policy_document(statements=[{
"sid": "new policy",
"effect": "Allow",
"principals": [{
"type": "AWS",
"identifiers": [config.account_id],
}],
"actions": [
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability",
"ecr:PutImage",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
"ecr:DescribeRepositories",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"ecr:DeleteRepository",
"ecr:BatchDeleteImage",
"ecr:SetRepositoryPolicy",
"ecr:DeleteRepositoryPolicy",
],
}])
attach_policy = aws.ecr.RepositoryPolicy(f"{repo}-policy_ecr",
repository=ecr_repository.name,
policy=policy_ecr.json)
else:
ecr_repository = aws.ecr.get_repository_output(name=repo['name'])
token = aws.ecr.get_authorization_token_output(registry_id=ecr_repository.registry_id)
repo['ecr_repo_resource'] = ecr_repository
repo['ecr_token'] = token
ecr_repositories.append(repo)
return ecr_repositories
def get_image(ecr_repo_name, image_tag=None, image_digest=None):
assert (image_tag is not None) != (image_digest is not None), 'User either tag or image_digest, not both, to identify ECR image version.'
if image_tag:
return aws.ecr.get_image(repository_name=ecr_repo_name, image_tag=image_tag)
elif image_digest:
return aws.ecr.get_image(repository_name=ecr_repo_name, image_digest=image_digest)
def build_and_push(ecr_repositories):
ecr_repo_images = {}
for repo in ecr_repositories:
ecr_repo = repo['ecr_repo_resource']
container_context = config.get("container-context")
if container_context is None:
container_context = "."
container_file = config.get("container-file")
if container_file is None:
container_file = "./Dockerfile"
assert ('tag' in repo.keys()) != ('image_digest' in repo.keys()), 'User must provide either tag or image_digest, but not both, to identify image version'
if 'tag' in repo.keys():
ecr_image=aws.ecr.get_image(repository_name=ecr_repo.name, image_tag=repo['tag'])
elif 'image_digest' in repo.keys():
ecr_image=aws.ecr.get_image(repository_name=ecr_repo.name, image_digest=repo['image_digest'])
repo['ecr_image'] = ecr_image
ecr_repo_images[repo['name']] = repo
#ecr_repo_images.append(repo)
return ecr_repo_images
Reference in New Issue View Git Blame Copy Permalink