docs: include ecr:PutLifecyclePolicy (#573)

The documented policy is not complete. Added the missing ecr:PutLifecyclePolicy. I also sorted the policy names so they look nicer. Also ran `pre-commit` and that changed some stuff. --------- Co-authored-by: Enrico Stahn <enrico.stahn@gmail.com>
estahn · Feb 13, 2024 · 751a1c0 · 751a1c0
1 parent f541b8d
commit 751a1c0
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 19 deletions.
diff --git a/docs/getting-started.md b/docs/getting-started.md
@@ -439,15 +439,16 @@ resource "aws_iam_role_policy" "k8s_image_swapper" {
             "Sid": "",
             "Effect": "Allow",
             "Action": [
-                "ecr:UploadLayerPart",
-                "ecr:PutImage",
-                "ecr:ListImages",
-                "ecr:InitiateLayerUpload",
-                "ecr:GetDownloadUrlForLayer",
-                "ecr:CreateRepository",
-                "ecr:CompleteLayerUpload",
+                "ecr:BatchCheckLayerAvailability",
                 "ecr:BatchGetImage",
-                "ecr:BatchCheckLayerAvailability"
+                "ecr:CompleteLayerUpload",
+                "ecr:CreateRepository",
+                "ecr:GetDownloadUrlForLayer",
+                "ecr:InitiateLayerUpload",
+                "ecr:ListImages",
+                "ecr:PutImage",
+                "ecr:PutLifecyclePolicy",
+                "ecr:UploadLayerPart"
             ],
             "Resource": [
               "arn:aws:ecr:*:${data.aws_caller_identity.current.account_id}:repository/docker.io/*",
@@ -507,15 +508,16 @@ EOF
                     "Sid": "",
                     "Effect": "Allow",
                     "Action": [
-                        "ecr:UploadLayerPart",
-                        "ecr:PutImage",
-                        "ecr:ListImages",
-                        "ecr:InitiateLayerUpload",
-                        "ecr:GetDownloadUrlForLayer",
-                        "ecr:CreateRepository",
-                        "ecr:CompleteLayerUpload",
-                        "ecr:BatchGetImage",
                         "ecr:BatchCheckLayerAvailability"
+                        "ecr:BatchGetImage",
+                        "ecr:CompleteLayerUpload",
+                        "ecr:CreateRepository",
+                        "ecr:GetDownloadUrlForLayer",
+                        "ecr:InitiateLayerUpload",
+                        "ecr:ListImages",
+                        "ecr:PutImage",
+                        "ecr:PutLifecyclePolicy",
+                        "ecr:UploadLayerPart"
                     ],
                     "Resource": "arn:aws:ecr:*:123456789:repository/*"
                 }

diff --git a/pkg/registry/ecr.go b/pkg/registry/ecr.go
@@ -4,12 +4,13 @@ import (
 	"context"
 	"encoding/base64"
 	"fmt"
-	"github.com/containers/image/v5/docker/reference"
 	"math/rand"
 	"net/http"
 	"os/exec"
 	"time"
 
+	"github.com/containers/image/v5/docker/reference"
+
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"

diff --git a/pkg/registry/ecr_test.go b/pkg/registry/ecr_test.go
@@ -2,9 +2,10 @@ package registry
 
 import (
 	"encoding/base64"
-	"github.com/containers/image/v5/transports/alltransports"
 	"testing"
 
+	"github.com/containers/image/v5/transports/alltransports"
+
 	"github.com/estahn/k8s-image-swapper/pkg/config"
 	"github.com/stretchr/testify/assert"
 )

diff --git a/pkg/registry/gar_test.go b/pkg/registry/gar_test.go
@@ -1,9 +1,10 @@
 package registry
 
 import (
-	"github.com/containers/image/v5/transports/alltransports"
 	"testing"
 
+	"github.com/containers/image/v5/transports/alltransports"
+
 	"github.com/stretchr/testify/assert"
 )