Feat/environment agnostic custom images references (#623)

* fix documentation error for codebuild custom inage

* environment agnostic custom codebuild image configuration

* ecr policies for codebuild

* applying suggested changes in the review

* Update src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/cdk/cdk_constructs/adf_codebuild.py

* Add updated CodeBuild ECR Provider docs

---------

Co-authored-by: Abhijit
Co-authored-by: Simon Kok
Co-authored-by: AndyEfaa

Author: abhi1094

docs/providers-guide.md

@@ -254,23 +254,40 @@ Provider type: `codebuild`.
 
 #### Properties
 
-- *image* *(String)* - default: `STANDARD_7_0`.
+- *image* *(String|Object)* - default: `STANDARD_7_0`.
   - The Image that the AWS CodeBuild will use. Images can be found
     [here](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-codebuild.LinuxBuildImage.html).
-  - Image can also take an object that contains a property key of
-    `repository_arn` which is the repository ARN of an ECR repository on the
-    deployment account within the main deployment region. This allows your
-    pipeline to consume a custom image if required.
-  - Along with `repository_arn`, we also support a `tag` key which can be used
-    to define which image should be used (defaults to `latest`). An example of
-    this setup is provided [here](user-guide.md#custom-build-images).
   - Image can also take an object that contains a reference to a public docker
     hub image with a prefix of `docker-hub://`, such as
     `docker-hub://bitnami/mongodb`. This allows your pipeline to consume a
     public docker hub image if required. Along with the docker hub image name,
     we also support using a tag which can be provided after the docker hub image
     name such as `docker-hub://bitnami/mongodb:3.6.23` in order to define which
     image should be used (defaults to `latest`).
+  - For images hosted in Amazon ECR, you can define the repository and image to
+    use by specifying an image object.
+    This allows your pipeline to consume a custom image if required.
+    For example, to configure a specific repository ARN, configure it as:
+
+    ```yaml
+    image:
+      repository_arn: 'arn:${partition}:ecr:${region}:${source_account_id}:repository/your-repo-name'
+      tag: 'latest' # Optional, defaults to latest
+    ```
+
+    Alternatively, you can set the `repository_name` if the ECR is hosted in
+    the deployment account in the main deployment region.
+
+    ```yaml
+    image:
+      repository_name: 'your-repo-name'
+      tag: 'latest' # Optional, defaults to latest
+    ```
+
+    Along with `repository_arn` or `repository_name`, we also support a `tag`
+    key. This can be used to define which image should be used
+    (defaults to `latest`). An example of this setup is provided
+    [here](user-guide.md#custom-build-images).
 - *size* *(String)* **(small|medium|large)** - default: `small`.
   - The Compute type to use for the build, types can be found
     [here](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html).

src/lambda_codebase/initial_commit/bootstrap_repository/adf-bootstrap/deployment/global.yml

@@ -358,6 +358,8 @@ Resources:
               - "ecr:CompleteLayerUpload"
               - "ecr:BatchCheckLayerAvailability"
               - "ecr:PutImage"
+              - "ecr:BatchGetImage"
+              - "ecr:GetDownloadUrlForLayer"
             Resource:
               - "*"
           - Effect: Allow

src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/cdk/cdk_constructs/adf_codebuild.py

@@ -375,15 +375,30 @@ def determine_build_image(codebuild_id, scope, target, map_params):
                 .get('image')
             )
         if isinstance(specific_image, dict):
-            repo_arn = _ecr.Repository.from_repository_arn(
+            repository_name = specific_image.get('repository_name', '')
+            repository_arn = specific_image.get('repository_arn', '')
+            if not repository_arn and not repository_name:
+                raise ValueError("The repository arn or name needs to be specified")
+
+            if repository_arn and repository_name:
+                raise AssertionError("Specify the arn or the name of the repository, not both.")
+
+            if repository_name:
+                repository_arn = (
+                    f"arn:aws:ecr:{ADF_DEPLOYMENT_REGION}:"
+                    f"{ADF_DEPLOYMENT_ACCOUNT_ID}:{repository_name}"
+                )
+
+            ecr_repo = _ecr.Repository.from_repository_arn(
                 scope,
                 f'custom_repo_{codebuild_id}',
-                specific_image.get('repository_arn', ''),
+                repository_arn,
             )
             return _codebuild.LinuxBuildImage.from_ecr_repository(
-                repo_arn,
+                ecr_repo,
                 specific_image.get('tag', 'latest'),
             )
+
         return CodeBuild.get_image_by_name(specific_image)
 
     @staticmethod

src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/schema_validation.py

@@ -117,7 +117,8 @@
 
 # CodeBuild
 CODEBUILD_IMAGE_PROPS = {
-    "repository_arn": str,  # arn:aws:ecr:region:111111111111:repository/test
+    Optional("repository_arn"): str,  # arn:aws:ecr:region:111111111111:repository/test
+    Optional("repository_name"): str, # hello-world
     Optional("tag"): str,   # defaults to latest
 }
 CODEBUILD_PROPS = {