feat(ecr): throw ValidationError instead of untyped Errors (#33750)

badmintoncryer · web-flow · commit 242690f9aa89 · 2025-03-13T13:26:49.000Z
### Issue # (if applicable) Relates to #32569 ### Reason for this change untyped Errors are not recommended ### Description of changes ValidationErrors everywhere ### Describe any new or updated permissions being added none ### Description of how you validated changes Existing tests. Exemptions granted as this is a refactor of existing code. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
diff --git a/packages/aws-cdk-lib/.eslintrc.js b/packages/aws-cdk-lib/.eslintrc.js
@@ -41,6 +41,7 @@ const enableNoThrowDefaultErrorIn = [
   'aws-cloudtrail',
   'aws-cloudwatch',
   'aws-cloudwatch-actions',
+  'aws-ecr',
   'aws-elasticloadbalancing',
   'aws-elasticloadbalancingv2',
   'aws-elasticloadbalancingv2-actions',
diff --git a/packages/aws-cdk-lib/aws-ecr/lib/repository.ts b/packages/aws-cdk-lib/aws-ecr/lib/repository.ts
@@ -18,6 +18,8 @@ import {
   TokenComparison,
   CustomResource,
   Aws,
+  ValidationError,
+  UnscopedValidationError,
 } from '../../core';
 import { addConstructMetadata, MethodMetadata } from '../../core/lib/metadata-resource';
 import { AutoDeleteImagesProvider } from '../../custom-resource-handlers/dist/aws-ecr/auto-delete-images-provider.generated';
@@ -630,7 +632,7 @@ export class Repository extends RepositoryBase {
     // repository names can include "/" (e.g. foo/bar/myrepo) and it is impossible to
     // parse the name from an ARN using CloudFormation's split/select.
     if (Token.isUnresolved(repositoryArn)) {
-      throw new Error('"repositoryArn" is a late-bound value, and therefore "repositoryName" is required. Use `fromRepositoryAttributes` instead');
+      throw new UnscopedValidationError('"repositoryArn" is a late-bound value, and therefore "repositoryName" is required. Use `fromRepositoryAttributes` instead');
     }
 
     validateRepositoryArn();
@@ -655,7 +657,7 @@ export class Repository extends RepositoryBase {
       const splitArn = repositoryArn.split(':');
 
       if (!splitArn[splitArn.length - 1].startsWith('repository/')) {
-        throw new Error(`Repository arn should be in the format 'arn:<PARTITION>:ecr:<REGION>:<ACCOUNT>:repository/<NAME>', got ${repositoryArn}.`);
+        throw new UnscopedValidationError(`Repository arn should be in the format 'arn:<PARTITION>:ecr:<REGION>:<ACCOUNT>:repository/<NAME>', got ${repositoryArn}.`);
       }
     }
   }
@@ -707,7 +709,7 @@ export class Repository extends RepositoryBase {
     }
 
     if (errors.length > 0) {
-      throw new Error(`Invalid ECR repository name (value: ${repositoryName})${EOL}${errors.join(EOL)}`);
+      throw new UnscopedValidationError(`Invalid ECR repository name (value: ${repositoryName})${EOL}${errors.join(EOL)}`);
     }
   }
 
@@ -754,10 +756,10 @@ export class Repository extends RepositoryBase {
     });
 
     if (props.emptyOnDelete && props.removalPolicy !== RemovalPolicy.DESTROY) {
-      throw new Error('Cannot use \'emptyOnDelete\' property on a repository without setting removal policy to \'DESTROY\'.');
+      throw new ValidationError('Cannot use \'emptyOnDelete\' property on a repository without setting removal policy to \'DESTROY\'.', this);
     } else if (props.emptyOnDelete == undefined && props.autoDeleteImages) {
       if (props.removalPolicy !== RemovalPolicy.DESTROY) {
-        throw new Error('Cannot use \'autoDeleteImages\' property on a repository without setting removal policy to \'DESTROY\'.');
+        throw new ValidationError('Cannot use \'autoDeleteImages\' property on a repository without setting removal policy to \'DESTROY\'.', this);
       }
       this.enableAutoDeleteImages();
     }
@@ -801,28 +803,28 @@ export class Repository extends RepositoryBase {
       && (rule.tagPrefixList === undefined || rule.tagPrefixList.length === 0)
       && (rule.tagPatternList === undefined || rule.tagPatternList.length === 0)
     ) {
-      throw new Error('TagStatus.Tagged requires the specification of a tagPrefixList or a tagPatternList');
+      throw new ValidationError('TagStatus.Tagged requires the specification of a tagPrefixList or a tagPatternList', this);
     }
     if (rule.tagStatus !== TagStatus.TAGGED && (rule.tagPrefixList !== undefined || rule.tagPatternList !== undefined)) {
-      throw new Error('tagPrefixList and tagPatternList can only be specified when tagStatus is set to Tagged');
+      throw new ValidationError('tagPrefixList and tagPatternList can only be specified when tagStatus is set to Tagged', this);
     }
     if (rule.tagPrefixList !== undefined && rule.tagPatternList !== undefined) {
-      throw new Error('Both tagPrefixList and tagPatternList cannot be specified together in a rule');
+      throw new ValidationError('Both tagPrefixList and tagPatternList cannot be specified together in a rule', this);
     }
     if (rule.tagPatternList !== undefined) {
       rule.tagPatternList.forEach((pattern) => {
         const splitPatternLength = pattern.split('*').length;
         if (splitPatternLength > 5) {
-          throw new Error(`A tag pattern cannot contain more than four wildcard characters (*), pattern: ${pattern}, counts: ${splitPatternLength - 1}`);
+          throw new ValidationError(`A tag pattern cannot contain more than four wildcard characters (*), pattern: ${pattern}, counts: ${splitPatternLength - 1}`, this);
         }
       });
     }
     if ((rule.maxImageAge !== undefined) === (rule.maxImageCount !== undefined)) {
-      throw new Error(`Life cycle rule must contain exactly one of 'maxImageAge' and 'maxImageCount', got: ${JSON.stringify(rule)}`);
+      throw new ValidationError(`Life cycle rule must contain exactly one of 'maxImageAge' and 'maxImageCount', got: ${JSON.stringify(rule)}`, this);
     }
 
     if (rule.tagStatus === TagStatus.ANY && this.lifecycleRules.filter(r => r.tagStatus === TagStatus.ANY).length > 0) {
-      throw new Error('Life cycle can only have one TagStatus.Any rule');
+      throw new ValidationError('Life cycle can only have one TagStatus.Any rule', this);
     }
 
     this.lifecycleRules.push({ ...rule });
@@ -862,7 +864,7 @@ export class Repository extends RepositoryBase {
     const anyRules = this.lifecycleRules.filter(r => r.tagStatus === TagStatus.ANY);
     if (anyRules.length > 0 && anyRules[0].rulePriority !== undefined && autoPrioritizedRules.length > 0) {
       // Supporting this is too complex for very little value. We just prohibit it.
-      throw new Error("Cannot combine prioritized TagStatus.Any rule with unprioritized rules. Remove rulePriority from the 'Any' rule.");
+      throw new ValidationError("Cannot combine prioritized TagStatus.Any rule with unprioritized rules. Remove rulePriority from the 'Any' rule.", this);
     }
 
     const prios = prioritizedRules.map(r => r.rulePriority!);
@@ -891,7 +893,7 @@ export class Repository extends RepositoryBase {
 
     // if encryption key is set, encryption must be set to KMS.
     if (encryptionType !== RepositoryEncryption.KMS && props.encryptionKey) {
-      throw new Error(`encryptionKey is specified, so 'encryption' must be set to KMS (value: ${encryptionType.value})`);
+      throw new ValidationError(`encryptionKey is specified, so 'encryption' must be set to KMS (value: ${encryptionType.value})`, this);
     }
 
     if (encryptionType === RepositoryEncryption.AES_256) {
@@ -905,7 +907,7 @@ export class Repository extends RepositoryBase {
       };
     }
 
-    throw new Error(`Unexpected 'encryptionType': ${encryptionType}`);
+    throw new ValidationError(`Unexpected 'encryptionType': ${encryptionType}`, this);
   }
 
   private enableAutoDeleteImages() {
@@ -958,7 +960,7 @@ function validateAnyRuleLast(rules: LifecycleRule[]) {
   if (anyRules.length === 1) {
     const maxPrio = Math.max(...rules.map(r => r.rulePriority!));
     if (anyRules[0].rulePriority !== maxPrio) {
-      throw new Error(`TagStatus.Any rule must have highest priority, has ${anyRules[0].rulePriority} which is smaller than ${maxPrio}`);
+      throw new UnscopedValidationError(`TagStatus.Any rule must have highest priority, has ${anyRules[0].rulePriority} which is smaller than ${maxPrio}`);
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,8 @@ import {`
`18`	`18`	`TokenComparison,`
`19`	`19`	`CustomResource,`
`20`	`20`	`Aws,`
	`21`	`+ ValidationError,`
	`22`	`+ UnscopedValidationError,`
`21`	`23`	`} from '../../core';`
`22`	`24`	`import { addConstructMetadata, MethodMetadata } from '../../core/lib/metadata-resource';`
`23`	`25`	`import { AutoDeleteImagesProvider } from '../../custom-resource-handlers/dist/aws-ecr/auto-delete-images-provider.generated';`
`@@ -630,7 +632,7 @@ export class Repository extends RepositoryBase {`
`630`	`632`	`// repository names can include "/" (e.g. foo/bar/myrepo) and it is impossible to`
`631`	`633`	`// parse the name from an ARN using CloudFormation's split/select.`
`632`	`634`	`if (Token.isUnresolved(repositoryArn)) {`
`633`		- throw new Error('"repositoryArn" is a late-bound value, and therefore "repositoryName" is required. Use `fromRepositoryAttributes` instead');
	`635`	+ throw new UnscopedValidationError('"repositoryArn" is a late-bound value, and therefore "repositoryName" is required. Use `fromRepositoryAttributes` instead');
`634`	`636`	`}`
`635`	`637`
`636`	`638`	`validateRepositoryArn();`
`@@ -655,7 +657,7 @@ export class Repository extends RepositoryBase {`
`655`	`657`	`const splitArn = repositoryArn.split(':');`
`656`	`658`
`657`	`659`	`if (!splitArn[splitArn.length - 1].startsWith('repository/')) {`
`658`		- throw new Error(`Repository arn should be in the format 'arn:<PARTITION>:ecr:<REGION>:<ACCOUNT>:repository/<NAME>', got ${repositoryArn}.`);
	`660`	+ throw new UnscopedValidationError(`Repository arn should be in the format 'arn:<PARTITION>:ecr:<REGION>:<ACCOUNT>:repository/<NAME>', got ${repositoryArn}.`);
`659`	`661`	`}`
`660`	`662`	`}`
`661`	`663`	`}`
`@@ -707,7 +709,7 @@ export class Repository extends RepositoryBase {`
`707`	`709`	`}`
`708`	`710`
`709`	`711`	`if (errors.length > 0) {`
`710`		- throw new Error(`Invalid ECR repository name (value: ${repositoryName})${EOL}${errors.join(EOL)}`);
	`712`	+ throw new UnscopedValidationError(`Invalid ECR repository name (value: ${repositoryName})${EOL}${errors.join(EOL)}`);
`711`	`713`	`}`
`712`	`714`	`}`
`713`	`715`
`@@ -754,10 +756,10 @@ export class Repository extends RepositoryBase {`
`754`	`756`	`});`
`755`	`757`
`756`	`758`	`if (props.emptyOnDelete && props.removalPolicy !== RemovalPolicy.DESTROY) {`
`757`		`- throw new Error('Cannot use \'emptyOnDelete\' property on a repository without setting removal policy to \'DESTROY\'.');`
	`759`	`+ throw new ValidationError('Cannot use \'emptyOnDelete\' property on a repository without setting removal policy to \'DESTROY\'.', this);`
`758`	`760`	`} else if (props.emptyOnDelete == undefined && props.autoDeleteImages) {`
`759`	`761`	`if (props.removalPolicy !== RemovalPolicy.DESTROY) {`
`760`		`- throw new Error('Cannot use \'autoDeleteImages\' property on a repository without setting removal policy to \'DESTROY\'.');`
	`762`	`+ throw new ValidationError('Cannot use \'autoDeleteImages\' property on a repository without setting removal policy to \'DESTROY\'.', this);`
`761`	`763`	`}`
`762`	`764`	`this.enableAutoDeleteImages();`
`763`	`765`	`}`
`@@ -801,28 +803,28 @@ export class Repository extends RepositoryBase {`
`801`	`803`	`&& (rule.tagPrefixList === undefined \|\| rule.tagPrefixList.length === 0)`
`802`	`804`	`&& (rule.tagPatternList === undefined \|\| rule.tagPatternList.length === 0)`
`803`	`805`	`) {`
`804`		`- throw new Error('TagStatus.Tagged requires the specification of a tagPrefixList or a tagPatternList');`
	`806`	`+ throw new ValidationError('TagStatus.Tagged requires the specification of a tagPrefixList or a tagPatternList', this);`
`805`	`807`	`}`
`806`	`808`	`if (rule.tagStatus !== TagStatus.TAGGED && (rule.tagPrefixList !== undefined \|\| rule.tagPatternList !== undefined)) {`
`807`		`- throw new Error('tagPrefixList and tagPatternList can only be specified when tagStatus is set to Tagged');`
	`809`	`+ throw new ValidationError('tagPrefixList and tagPatternList can only be specified when tagStatus is set to Tagged', this);`
`808`	`810`	`}`
`809`	`811`	`if (rule.tagPrefixList !== undefined && rule.tagPatternList !== undefined) {`
`810`		`- throw new Error('Both tagPrefixList and tagPatternList cannot be specified together in a rule');`
	`812`	`+ throw new ValidationError('Both tagPrefixList and tagPatternList cannot be specified together in a rule', this);`
`811`	`813`	`}`
`812`	`814`	`if (rule.tagPatternList !== undefined) {`
`813`	`815`	`rule.tagPatternList.forEach((pattern) => {`
`814`	`816`	`const splitPatternLength = pattern.split('*').length;`
`815`	`817`	`if (splitPatternLength > 5) {`
`816`		- throw new Error(`A tag pattern cannot contain more than four wildcard characters (*), pattern: ${pattern}, counts: ${splitPatternLength - 1}`);
	`818`	+ throw new ValidationError(`A tag pattern cannot contain more than four wildcard characters (*), pattern: ${pattern}, counts: ${splitPatternLength - 1}`, this);
`817`	`819`	`}`
`818`	`820`	`});`
`819`	`821`	`}`
`820`	`822`	`if ((rule.maxImageAge !== undefined) === (rule.maxImageCount !== undefined)) {`
`821`		- throw new Error(`Life cycle rule must contain exactly one of 'maxImageAge' and 'maxImageCount', got: ${JSON.stringify(rule)}`);
	`823`	+ throw new ValidationError(`Life cycle rule must contain exactly one of 'maxImageAge' and 'maxImageCount', got: ${JSON.stringify(rule)}`, this);
`822`	`824`	`}`
`823`	`825`
`824`	`826`	`if (rule.tagStatus === TagStatus.ANY && this.lifecycleRules.filter(r => r.tagStatus === TagStatus.ANY).length > 0) {`
`825`		`- throw new Error('Life cycle can only have one TagStatus.Any rule');`
	`827`	`+ throw new ValidationError('Life cycle can only have one TagStatus.Any rule', this);`
`826`	`828`	`}`
`827`	`829`
`828`	`830`	`this.lifecycleRules.push({ ...rule });`
`@@ -862,7 +864,7 @@ export class Repository extends RepositoryBase {`
`862`	`864`	`const anyRules = this.lifecycleRules.filter(r => r.tagStatus === TagStatus.ANY);`
`863`	`865`	`if (anyRules.length > 0 && anyRules[0].rulePriority !== undefined && autoPrioritizedRules.length > 0) {`
`864`	`866`	`// Supporting this is too complex for very little value. We just prohibit it.`
`865`		`- throw new Error("Cannot combine prioritized TagStatus.Any rule with unprioritized rules. Remove rulePriority from the 'Any' rule.");`
	`867`	`+ throw new ValidationError("Cannot combine prioritized TagStatus.Any rule with unprioritized rules. Remove rulePriority from the 'Any' rule.", this);`
`866`	`868`	`}`
`867`	`869`
`868`	`870`	`const prios = prioritizedRules.map(r => r.rulePriority!);`
`@@ -891,7 +893,7 @@ export class Repository extends RepositoryBase {`
`891`	`893`
`892`	`894`	`// if encryption key is set, encryption must be set to KMS.`
`893`	`895`	`if (encryptionType !== RepositoryEncryption.KMS && props.encryptionKey) {`
`894`		- throw new Error(`encryptionKey is specified, so 'encryption' must be set to KMS (value: ${encryptionType.value})`);
	`896`	+ throw new ValidationError(`encryptionKey is specified, so 'encryption' must be set to KMS (value: ${encryptionType.value})`, this);
`895`	`897`	`}`
`896`	`898`
`897`	`899`	`if (encryptionType === RepositoryEncryption.AES_256) {`
`@@ -905,7 +907,7 @@ export class Repository extends RepositoryBase {`
`905`	`907`	`};`
`906`	`908`	`}`
`907`	`909`
`908`		- throw new Error(`Unexpected 'encryptionType': ${encryptionType}`);
	`910`	+ throw new ValidationError(`Unexpected 'encryptionType': ${encryptionType}`, this);
`909`	`911`	`}`
`910`	`912`
`911`	`913`	`private enableAutoDeleteImages() {`
`@@ -958,7 +960,7 @@ function validateAnyRuleLast(rules: LifecycleRule[]) {`
`958`	`960`	`if (anyRules.length === 1) {`
`959`	`961`	`const maxPrio = Math.max(...rules.map(r => r.rulePriority!));`
`960`	`962`	`if (anyRules[0].rulePriority !== maxPrio) {`
`961`		- throw new Error(`TagStatus.Any rule must have highest priority, has ${anyRules[0].rulePriority} which is smaller than ${maxPrio}`);
	`963`	+ throw new UnscopedValidationError(`TagStatus.Any rule must have highest priority, has ${anyRules[0].rulePriority} which is smaller than ${maxPrio}`);
`962`	`964`	`}`
`963`	`965`	`}`
`964`	`966`	`}`