feat(ecr): Add emptyOnDelete CloudFormation property to Repository L2 construct (#28233)

Added `emptyOnDelete` prop to the ecr `Repository` construct. `emptyOndelete` is supported by CloudFormation 
See here: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-emptyondelete


I've also deprecated the `autoDeleteImages` prop that deployed a custom resource. According to #24572 this was added before CloudFormation added the `EmptyOnDelete` property here aws-cloudformation/cloudformation-coverage-roadmap#515

Closes #28196 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: markmansur

packages/@aws-cdk-testing/framework-integ/test/aws-ecr/test/integ.basic.js.snapshot/aws-ecr-integ-stack.assets.json

@@ -65,6 +65,14 @@
      }
     ]
    }
+  },
+  "RepoWithEmptyOnDeleteCA5C67FA": {
+   "Type": "AWS::ECR::Repository",
+   "Properties": {
+    "EmptyOnDelete": true
+   },
+   "UpdateReplacePolicy": "Delete",
+   "DeletionPolicy": "Delete"
   }
  },
  "Outputs": {

packages/@aws-cdk-testing/framework-integ/test/aws-ecr/test/integ.basic.js.snapshot/aws-ecr-integ-stack.template.json

@@ -17,6 +17,11 @@ const user = new iam.User(stack, 'MyUser');
 repo.grantRead(user);
 repo.grantPullPush(user);
 
+new ecr.Repository(stack, 'RepoWithEmptyOnDelete', {
+  removalPolicy: cdk.RemovalPolicy.DESTROY,
+  emptyOnDelete: true,
+});
+
 new cdk.CfnOutput(stack, 'RepositoryURI', {
   value: repo.repositoryUri,
 });

packages/@aws-cdk-testing/framework-integ/test/aws-ecr/test/integ.basic.js.snapshot/cdk.out

@@ -253,7 +253,7 @@ const app = new App({
 
 By default, the staging resources will be cleaned up on stack deletion. That means that the
 S3 Bucket and ECR Repositories are set to `RemovalPolicy.DESTROY` and have `autoDeleteObjects`
-or `autoDeleteImages` turned on. This creates custom resources under the hood to facilitate
+or `emptyOnDelete` turned on. This creates custom resources under the hood to facilitate
 cleanup. To turn this off, specify `autoDeleteStagingAssets: false`.
 
 ```ts

packages/@aws-cdk-testing/framework-integ/test/aws-ecr/test/integ.basic.js.snapshot/cdkecrintegtestbasicDefaultTestDeployAssert4F7FBFB4.assets.json

@@ -429,7 +429,7 @@ export class DefaultStagingStack extends Stack implements IStagingResources {
         }],
         ...(this.autoDeleteStagingAssets ? {
           removalPolicy: RemovalPolicy.DESTROY,
-          autoDeleteImages: true,
+          emptyOnDelete: true,
         } : {
           removalPolicy: RemovalPolicy.RETAIN,
         }),

packages/@aws-cdk-testing/framework-integ/test/aws-ecr/test/integ.basic.js.snapshot/integ.json

@@ -568,175 +568,26 @@
   "defaultresourcesmaxecrasset13112F7F9": {
    "Type": "AWS::ECR::Repository",
    "Properties": {
+    "EmptyOnDelete": true,
     "ImageTagMutability": "IMMUTABLE",
     "LifecyclePolicy": {
      "LifecyclePolicyText": "{\"rules\":[{\"rulePriority\":1,\"description\":\"Garbage collect old image versions\",\"selection\":{\"tagStatus\":\"any\",\"countType\":\"imageCountMoreThan\",\"countNumber\":3},\"action\":{\"type\":\"expire\"}}]}"
     },
-    "RepositoryName": "default-resourcesmax/ecr-asset/1",
-    "Tags": [
-     {
-      "Key": "aws-cdk:auto-delete-images",
-      "Value": "true"
-     }
-    ]
+    "RepositoryName": "default-resourcesmax/ecr-asset/1"
    },
    "UpdateReplacePolicy": "Delete",
    "DeletionPolicy": "Delete"
   },
-  "defaultresourcesmaxecrasset1AutoDeleteImagesCustomResource0FD7F0F5": {
-   "Type": "Custom::ECRAutoDeleteImages",
-   "Properties": {
-    "ServiceToken": {
-     "Fn::GetAtt": [
-      "CustomECRAutoDeleteImagesCustomResourceProviderHandler8D89C030",
-      "Arn"
-     ]
-    },
-    "RepositoryName": {
-     "Ref": "defaultresourcesmaxecrasset13112F7F9"
-    }
-   },
-   "DependsOn": [
-    "defaultresourcesmaxecrasset13112F7F9"
-   ],
-   "UpdateReplacePolicy": "Delete",
-   "DeletionPolicy": "Delete"
-  },
-  "CustomECRAutoDeleteImagesCustomResourceProviderRole665F2773": {
-   "Type": "AWS::IAM::Role",
-   "Properties": {
-    "AssumeRolePolicyDocument": {
-     "Version": "2012-10-17",
-     "Statement": [
-      {
-       "Action": "sts:AssumeRole",
-       "Effect": "Allow",
-       "Principal": {
-        "Service": "lambda.amazonaws.com"
-       }
-      }
-     ]
-    },
-    "ManagedPolicyArns": [
-     {
-      "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
-     }
-    ],
-    "Policies": [
-     {
-      "PolicyName": "Inline",
-      "PolicyDocument": {
-       "Version": "2012-10-17",
-       "Statement": [
-        {
-         "Effect": "Allow",
-         "Action": [
-          "ecr:BatchDeleteImage",
-          "ecr:DescribeRepositories",
-          "ecr:ListImages",
-          "ecr:ListTagsForResource"
-         ],
-         "Resource": [
-          {
-           "Fn::Join": [
-            "",
-            [
-             "arn:",
-             {
-              "Ref": "AWS::Partition"
-             },
-             ":ecr:",
-             {
-              "Ref": "AWS::Region"
-             },
-             ":",
-             {
-              "Ref": "AWS::AccountId"
-             },
-             ":repository/*"
-            ]
-           ]
-          }
-         ],
-         "Condition": {
-          "StringEquals": {
-           "ecr:ResourceTag/aws-cdk:auto-delete-images": "true"
-          }
-         }
-        }
-       ]
-      }
-     }
-    ]
-   }
-  },
-  "CustomECRAutoDeleteImagesCustomResourceProviderHandler8D89C030": {
-   "Type": "AWS::Lambda::Function",
-   "Properties": {
-    "Code": {
-     "ZipFile": "\"use strict\";var C=Object.create;var c=Object.defineProperty;var S=Object.getOwnPropertyDescriptor;var w=Object.getOwnPropertyNames;var A=Object.getPrototypeOf,P=Object.prototype.hasOwnProperty;var L=(e,t)=>{for(var o in t)c(e,o,{get:t[o],enumerable:!0})},d=(e,t,o,s)=>{if(t&&typeof t==\"object\"||typeof t==\"function\")for(let r of w(t))!P.call(e,r)&&r!==o&&c(e,r,{get:()=>t[r],enumerable:!(s=S(t,r))||s.enumerable});return e};var p=(e,t,o)=>(o=e!=null?C(A(e)):{},d(t||!e||!e.__esModule?c(o,\"default\",{value:e,enumerable:!0}):o,e)),D=e=>d(c({},\"__esModule\",{value:!0}),e);var W={};L(W,{autoDeleteHandler:()=>I,handler:()=>k});module.exports=D(W);var h=require(\"@aws-sdk/client-ecr\");var m=p(require(\"https\")),R=p(require(\"url\")),n={sendHttpRequest:x,log:N,includeStackTraces:!0,userHandlerIndex:\"./index\"},l=\"AWSCDK::CustomResourceProviderFramework::CREATE_FAILED\",b=\"AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID\";function y(e){return async(t,o)=>{let s={...t,ResponseURL:\"...\"};if(n.log(JSON.stringify(s,void 0,2)),t.RequestType===\"Delete\"&&t.PhysicalResourceId===l){n.log(\"ignoring DELETE event caused by a failed CREATE event\"),await u(\"SUCCESS\",t);return}try{let r=await e(s,o),a=T(t,r);await u(\"SUCCESS\",a)}catch(r){let a={...t,Reason:n.includeStackTraces?r.stack:r.message};a.PhysicalResourceId||(t.RequestType===\"Create\"?(n.log(\"CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored\"),a.PhysicalResourceId=l):n.log(`ERROR: Malformed event. \"PhysicalResourceId\" is required: ${JSON.stringify(t)}`)),await u(\"FAILED\",a)}}}function T(e,t={}){let o=t.PhysicalResourceId??e.PhysicalResourceId??e.RequestId;if(e.RequestType===\"Delete\"&&o!==e.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from \"${e.PhysicalResourceId}\" to \"${t.PhysicalResourceId}\" during deletion`);return{...e,...t,PhysicalResourceId:o}}async function u(e,t){let o={Status:e,Reason:t.Reason??e,StackId:t.StackId,RequestId:t.RequestId,PhysicalResourceId:t.PhysicalResourceId||b,LogicalResourceId:t.LogicalResourceId,NoEcho:t.NoEcho,Data:t.Data};n.log(\"submit response to cloudformation\",o);let s=JSON.stringify(o),r=R.parse(t.ResponseURL),a={hostname:r.hostname,path:r.path,method:\"PUT\",headers:{\"content-type\":\"\",\"content-length\":Buffer.byteLength(s,\"utf8\")}};await H({attempts:5,sleep:1e3},n.sendHttpRequest)(a,s)}async function x(e,t){return new Promise((o,s)=>{try{let r=m.request(e,a=>o());r.on(\"error\",s),r.write(t),r.end()}catch(r){s(r)}})}function N(e,...t){console.log(e,...t)}function H(e,t){return async(...o)=>{let s=e.attempts,r=e.sleep;for(;;)try{return await t(...o)}catch(a){if(s--<=0)throw a;await F(Math.floor(Math.random()*r)),r*=2}}}async function F(e){return new Promise(t=>setTimeout(t,e))}var g=\"aws-cdk:auto-delete-images\",i=new h.ECR({}),k=y(I);async function I(e){switch(e.RequestType){case\"Create\":break;case\"Update\":return _(e);case\"Delete\":return f(e.ResourceProperties?.RepositoryName)}}async function _(e){let t=e,o=t.OldResourceProperties?.RepositoryName,s=t.ResourceProperties?.RepositoryName;if(s&&o&&s!==o)return f(o)}async function E(e){let t=await i.listImages(e),o=[],s=[];(t.imageIds??[]).forEach(a=>{\"imageTag\"in a?s.push(a):o.push(a)});let r=t.nextToken??null;o.length===0&&s.length===0||(s.length!==0&&await i.batchDeleteImage({repositoryName:e.repositoryName,imageIds:s}),o.length!==0&&await i.batchDeleteImage({repositoryName:e.repositoryName,imageIds:o}),r&&await E({...e,nextToken:r}))}async function f(e){if(!e)throw new Error(\"No RepositoryName was provided.\");let o=(await i.describeRepositories({repositoryNames:[e]})).repositories?.find(s=>s.repositoryName===e);if(!await q(o?.repositoryArn)){process.stdout.write(`Repository does not have '${g}' tag, skipping cleaning.\n`);return}try{await E({repositoryName:e})}catch(s){if(s.name!==\"RepositoryNotFoundException\")throw s}}async function q(e){return(await i.listTagsForResource({resourceArn:e})).tags?.some(o=>o.Key===g&&o.Value===\"true\")}0&&(module.exports={autoDeleteHandler,handler});\n"
-    },
-    "Timeout": 900,
-    "MemorySize": 128,
-    "Handler": "index.handler",
-    "Role": {
-     "Fn::GetAtt": [
-      "CustomECRAutoDeleteImagesCustomResourceProviderRole665F2773",
-      "Arn"
-     ]
-    },
-    "Runtime": "nodejs18.x",
-    "Description": {
-     "Fn::Join": [
-      "",
-      [
-       "Lambda function for auto-deleting images in ",
-       {
-        "Ref": "defaultresourcesmaxecrasset13112F7F9"
-       },
-       " repository."
-      ]
-     ]
-    }
-   },
-   "DependsOn": [
-    "CustomECRAutoDeleteImagesCustomResourceProviderRole665F2773"
-   ]
-  },
   "defaultresourcesmaxecrasset2904B88A7": {
    "Type": "AWS::ECR::Repository",
    "Properties": {
+    "EmptyOnDelete": true,
     "ImageTagMutability": "IMMUTABLE",
     "LifecyclePolicy": {
      "LifecyclePolicyText": "{\"rules\":[{\"rulePriority\":1,\"description\":\"Garbage collect old image versions\",\"selection\":{\"tagStatus\":\"any\",\"countType\":\"imageCountMoreThan\",\"countNumber\":3},\"action\":{\"type\":\"expire\"}}]}"
     },
-    "RepositoryName": "default-resourcesmax/ecr-asset-2",
-    "Tags": [
-     {
-      "Key": "aws-cdk:auto-delete-images",
-      "Value": "true"
-     }
-    ]
-   },
-   "UpdateReplacePolicy": "Delete",
-   "DeletionPolicy": "Delete"
-  },
-  "defaultresourcesmaxecrasset2AutoDeleteImagesCustomResource708714C1": {
-   "Type": "Custom::ECRAutoDeleteImages",
-   "Properties": {
-    "ServiceToken": {
-     "Fn::GetAtt": [
-      "CustomECRAutoDeleteImagesCustomResourceProviderHandler8D89C030",
-      "Arn"
-     ]
-    },
-    "RepositoryName": {
-     "Ref": "defaultresourcesmaxecrasset2904B88A7"
-    }
+    "RepositoryName": "default-resourcesmax/ecr-asset-2"
    },
-   "DependsOn": [
-    "defaultresourcesmaxecrasset2904B88A7"
-   ],
    "UpdateReplacePolicy": "Delete",
    "DeletionPolicy": "Delete"
   }