AWS::ECR::Repository- [BUG] - EmptyOnDelete does not work in CloudControl API

[corymhall]

Name of the resource

AWS::ECR::Repository

Resource Name

No response

Issue Description

EmptyOnDelete was added to CloudFormation, but it doesn't work in CloudControl.

Expected Behavior

I would expect for a repository with EmptyOnDelete=true to be successfully deleted when it contains images.

Observed Behavior

The delete fails with

The repository with name 'testrepository' in registry with id '111111111111' cannot be deleted because it still contains images

Test Cases

Step1 - Create a repository with EmptyOnDelete=true

$ aws cloudcontrol create-resource \
    --type-name AWS::ECR::Repository \
    --desired-state "{\"EmptyOnDelete\": true, \"RepositoryName\": \"testrepository\"}"

Step2 - Push an image

$ export AWS_REGION=us-east-2
$ export AWS_ACCOUNT=$(aws sts get-caller-identity --query 'Account' --output text)

$ aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT.dkr.ecr.$AWS_REGION.amazonaws.com docker pull alpine:latest
$ docker tag alpine:latest $AWS_ACCOUNT.dkr.ecr.$AWS_REGION.amazonaws.com/testrepository:latest
$ docker push $AWS_ACCOUNT.dkr.ecr.$AWS_REGION.amazonaws.com/testrepository:latest

Step3 - Delete resource

$ aws cloudcontrol delete-resource --identifier testrepository --type-name 'AWS::ECR::Repository'

Step4 - Look for error message

$ aws cloudcontrol list-resource-requests  --resource-request-status-filter Operations=DELETE,OperationStatuses=FAILED --query 'ResourceRequestStatusSummaries[?Identifier==`testrepository`]'

Other Details

No response

[yanmjy]

Hey, this is a known issue for CloudFormation. The fix is in the road map and coming soon. Before the fix coming in, we suggest customers to do two-step approach for delete. That is, delete the contents of ECR Repository first and then invoke delete using CCAPI.

Please let me know if you have any other questions. Thanks!