ECR
BatchCheckLayerAvailability
valid {
input.Body.registryId == STRING
input.Body.repositoryName == STRING
input.Body.layerDigests[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
BatchDeleteImage
valid {
input.Body.registryId == STRING
input.Body.repositoryName == STRING
input.Body.imageIds[_].imageDigest == STRING
input.Body.imageIds[_].imageTag == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
BatchGetImage
valid {
input.Body.registryId == STRING
input.Body.repositoryName == STRING
input.Body.imageIds[_].imageDigest == STRING
input.Body.imageIds[_].imageTag == STRING
input.Body.acceptedMediaTypes[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
BatchGetRepositoryScanningConfiguration
valid {
input.Body.repositoryNames[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CompleteLayerUpload
valid {
input.Body.registryId == STRING
input.Body.repositoryName == STRING
input.Body.uploadId == STRING
input.Body.layerDigests[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreatePullThroughCacheRule
enum_UpstreamRegistry := [ "ecr-public", "quay", "k8s", "docker-hub", "github-container-registry", "azure-container-registry", "gitlab-container-registry" ]
valid {
input.Body.ecrRepositoryPrefix == STRING
input.Body.upstreamRegistryUrl == STRING
input.Body.registryId == STRING
input.Body.upstreamRegistry == enum_UpstreamRegistry[_]
input.Body.credentialArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateRepository
enum_EncryptionType := [ "AES256", "KMS", "KMS_DSSE" ]
enum_ImageTagMutability := [ "MUTABLE", "IMMUTABLE" ]
valid {
input.Body.registryId == STRING
input.Body.repositoryName == STRING
input.Body.tags[_].Key == STRING
input.Body.tags[_].Value == STRING
input.Body.imageTagMutability == enum_ImageTagMutability[_]
input.Body.imageScanningConfiguration.scanOnPush == BOOLEAN
input.Body.encryptionConfiguration.encryptionType == enum_EncryptionType[_]
input.Body.encryptionConfiguration.kmsKey == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateRepositoryCreationTemplate
enum_EncryptionType := [ "AES256", "KMS", "KMS_DSSE" ]
enum_ImageTagMutability := [ "MUTABLE", "IMMUTABLE" ]
enum_RCTAppliedFor := [ "REPLICATION", "PULL_THROUGH_CACHE" ]
valid {
input.Body.prefix == STRING
input.Body.description == STRING
input.Body.encryptionConfiguration.encryptionType == enum_EncryptionType[_]
input.Body.encryptionConfiguration.kmsKey == STRING
input.Body.resourceTags[_].Key == STRING
input.Body.resourceTags[_].Value == STRING
input.Body.imageTagMutability == enum_ImageTagMutability[_]
input.Body.repositoryPolicy == STRING
input.Body.lifecyclePolicy == STRING
input.Body.appliedFor[_] == enum_RCTAppliedFor[_]
input.Body.customRoleArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteLifecyclePolicy
valid {
input.Body.registryId == STRING
input.Body.repositoryName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeletePullThroughCacheRule
valid {
input.Body.ecrRepositoryPrefix == STRING
input.Body.registryId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteRegistryPolicy
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteRepository
valid {
input.Body.registryId == STRING
input.Body.repositoryName == STRING
input.Body.force == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteRepositoryCreationTemplate
valid {
input.Body.prefix == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteRepositoryPolicy
valid {
input.Body.registryId == STRING
input.Body.repositoryName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeImageReplicationStatus
valid {
input.Body.repositoryName == STRING
input.Body.imageId.imageDigest == STRING
input.Body.imageId.imageTag == STRING
input.Body.registryId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeImageScanFindings
valid {
input.Body.registryId == STRING
input.Body.repositoryName == STRING
input.Body.imageId.imageDigest == STRING
input.Body.imageId.imageTag == STRING
input.Body.nextToken == STRING
input.Body.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeImages
enum_TagStatus := [ "TAGGED", "UNTAGGED", "ANY" ]
valid {
input.Body.registryId == STRING
input.Body.repositoryName == STRING
input.Body.imageIds[_].imageDigest == STRING
input.Body.imageIds[_].imageTag == STRING
input.Body.nextToken == STRING
input.Body.maxResults == INTEGER
input.Body.filter.tagStatus == enum_TagStatus[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribePullThroughCacheRules
valid {
input.Body.registryId == STRING
input.Body.ecrRepositoryPrefixes[_] == STRING
input.Body.nextToken == STRING
input.Body.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeRegistry
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeRepositories
valid {
input.Body.registryId == STRING
input.Body.repositoryNames[_] == STRING
input.Body.nextToken == STRING
input.Body.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeRepositoryCreationTemplates
valid {
input.Body.prefixes[_] == STRING
input.Body.nextToken == STRING
input.Body.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAccountSetting
valid {
input.Body.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAuthorizationToken
valid {
input.Body.registryIds[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetDownloadUrlForLayer
valid {
input.Body.registryId == STRING
input.Body.repositoryName == STRING
input.Body.layerDigest == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetLifecyclePolicy
valid {
input.Body.registryId == STRING
input.Body.repositoryName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetLifecyclePolicyPreview
enum_TagStatus := [ "TAGGED", "UNTAGGED", "ANY" ]
valid {
input.Body.registryId == STRING
input.Body.repositoryName == STRING
input.Body.imageIds[_].imageDigest == STRING
input.Body.imageIds[_].imageTag == STRING
input.Body.nextToken == STRING
input.Body.maxResults == INTEGER
input.Body.filter.tagStatus == enum_TagStatus[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetRegistryPolicy
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetRegistryScanningConfiguration
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetRepositoryPolicy
valid {
input.Body.registryId == STRING
input.Body.repositoryName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
InitiateLayerUpload
valid {
input.Body.registryId == STRING
input.Body.repositoryName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListImages
enum_TagStatus := [ "TAGGED", "UNTAGGED", "ANY" ]
valid {
input.Body.registryId == STRING
input.Body.repositoryName == STRING
input.Body.nextToken == STRING
input.Body.maxResults == INTEGER
input.Body.filter.tagStatus == enum_TagStatus[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListTagsForResource
valid {
input.Body.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutAccountSetting
valid {
input.Body.name == STRING
input.Body.value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutImage
valid {
input.Body.registryId == STRING
input.Body.repositoryName == STRING
input.Body.imageManifest == STRING
input.Body.imageManifestMediaType == STRING
input.Body.imageTag == STRING
input.Body.imageDigest == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutImageScanningConfiguration
valid {
input.Body.registryId == STRING
input.Body.repositoryName == STRING
input.Body.imageScanningConfiguration.scanOnPush == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutImageTagMutability
enum_ImageTagMutability := [ "MUTABLE", "IMMUTABLE" ]
valid {
input.Body.registryId == STRING
input.Body.repositoryName == STRING
input.Body.imageTagMutability == enum_ImageTagMutability[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutLifecyclePolicy
valid {
input.Body.registryId == STRING
input.Body.repositoryName == STRING
input.Body.lifecyclePolicyText == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutRegistryPolicy
valid {
input.Body.policyText == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutRegistryScanningConfiguration
enum_ScanFrequency := [ "SCAN_ON_PUSH", "CONTINUOUS_SCAN", "MANUAL" ]
enum_ScanType := [ "BASIC", "ENHANCED" ]
enum_ScanningRepositoryFilterType := [ "WILDCARD" ]
valid {
input.Body.scanType == enum_ScanType[_]
input.Body.rules[_].scanFrequency == enum_ScanFrequency[_]
input.Body.rules[_].repositoryFilters[_].filter == STRING
input.Body.rules[_].repositoryFilters[_].filterType == enum_ScanningRepositoryFilterType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutReplicationConfiguration
enum_RepositoryFilterType := [ "PREFIX_MATCH" ]
valid {
input.Body.replicationConfiguration.rules[_].destinations[_].region == STRING
input.Body.replicationConfiguration.rules[_].destinations[_].registryId == STRING
input.Body.replicationConfiguration.rules[_].repositoryFilters[_].filter == STRING
input.Body.replicationConfiguration.rules[_].repositoryFilters[_].filterType == enum_RepositoryFilterType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
SetRepositoryPolicy
valid {
input.Body.registryId == STRING
input.Body.repositoryName == STRING
input.Body.policyText == STRING
input.Body.force == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
StartImageScan
valid {
input.Body.registryId == STRING
input.Body.repositoryName == STRING
input.Body.imageId.imageDigest == STRING
input.Body.imageId.imageTag == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
StartLifecyclePolicyPreview
valid {
input.Body.registryId == STRING
input.Body.repositoryName == STRING
input.Body.lifecyclePolicyText == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagResource
valid {
input.Body.resourceArn == STRING
input.Body.tags[_].Key == STRING
input.Body.tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagResource
valid {
input.Body.resourceArn == STRING
input.Body.tagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdatePullThroughCacheRule
valid {
input.Body.registryId == STRING
input.Body.ecrRepositoryPrefix == STRING
input.Body.credentialArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateRepositoryCreationTemplate
enum_EncryptionType := [ "AES256", "KMS", "KMS_DSSE" ]
enum_ImageTagMutability := [ "MUTABLE", "IMMUTABLE" ]
enum_RCTAppliedFor := [ "REPLICATION", "PULL_THROUGH_CACHE" ]
valid {
input.Body.prefix == STRING
input.Body.description == STRING
input.Body.encryptionConfiguration.encryptionType == enum_EncryptionType[_]
input.Body.encryptionConfiguration.kmsKey == STRING
input.Body.resourceTags[_].Key == STRING
input.Body.resourceTags[_].Value == STRING
input.Body.imageTagMutability == enum_ImageTagMutability[_]
input.Body.repositoryPolicy == STRING
input.Body.lifecyclePolicy == STRING
input.Body.appliedFor[_] == enum_RCTAppliedFor[_]
input.Body.customRoleArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UploadLayerPart
valid {
input.Body.registryId == STRING
input.Body.repositoryName == STRING
input.Body.uploadId == STRING
input.Body.partFirstByte == LONG
input.Body.partLastByte == LONG
input.Body.layerPartBlob == BLOB
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ValidatePullThroughCacheRule
valid {
input.Body.ecrRepositoryPrefix == STRING
input.Body.registryId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Updated 3 days ago