aws-sdk-ecr 1.114.0 → 1.116.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3171fa4b7d24178567303283a26737e3c8b7af7c2d377bd7d231522b362928db
-  data.tar.gz: 79d05e55ba52f7890af22845d56f3a8f8deba4ba558448f1f42627c6759779e6
+  metadata.gz: '0809f9e8c2125196c9597ca960f2fc54f40ff124e4405e691fb055a3dc49d248'
+  data.tar.gz: 1a1f6a027d2bb6b9a2af70301139a2974ba3a680949fc89c496021442a55633f
 SHA512:
-  metadata.gz: 508f9e95d9d2a19f493eb1abac5a15d35ccf76014d9e6b561149d4fd4c0ab4f35f839f89da6395d97fd119dbb48f33e74aec6b83ca7c93c3448a967026d13611
-  data.tar.gz: 4aa9e0a7f1d030a01bce7b564624e430b9baa94165cda5aec7328871639b14003a9025b61247061e01692c007234137f85b4ece306fa556e82465e5fa7dd5a47
+  metadata.gz: 9f105427f6082a237f27b12c512b20cc5d536e54a03f9e1b35611e81195ba00dc497ac59c2e3a68a37114f979a04bd09c77976c2b54bb9dbcccefdc1dc4267f0
+  data.tar.gz: a24a3a0d91ba4aeee84ebdf873ef91cc0b2857c69d5950c037216cd7ad59e4d047400a0a44957f7d723190bdc1de6633a33680305c4727debc6a690a22d72f65

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.116.0 (2025-12-18)
+------------------
+
+* Feature - Adds support for ECR Create On Push
+
+1.115.0 (2025-11-21)
+------------------
+
+* Feature - Add support for ECR managed signing
+
 1.114.0 (2025-11-19)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.114.0
+1.116.0

data/lib/aws-sdk-ecr/client.rb

@@ -1128,8 +1128,9 @@ module Aws::ECR
     #
     # @option params [required, Array<String>] :applied_for
     #   A list of enumerable strings representing the Amazon ECR repository
-    #   creation scenarios that this template will apply towards. The two
-    #   supported scenarios are `PULL_THROUGH_CACHE` and `REPLICATION`
+    #   creation scenarios that this template will apply towards. The
+    #   supported scenarios are `PULL_THROUGH_CACHE`, `REPLICATION`, and
+    #   `CREATE_ON_PUSH`
     #
     # @option params [String] :custom_role_arn
     #   The ARN of the role to be assumed by Amazon ECR. This role must be in
@@ -1152,6 +1153,7 @@ module Aws::ECR
     #     applied_for: [
     #       "REPLICATION", 
     #       "PULL_THROUGH_CACHE", 
+    #       "CREATE_ON_PUSH", 
     #     ], 
     #     description: "Repos for testing images", 
     #     encryption_configuration: {
@@ -1176,6 +1178,7 @@ module Aws::ECR
     #       applied_for: [
     #         "REPLICATION", 
     #         "PULL_THROUGH_CACHE", 
+    #         "CREATE_ON_PUSH", 
     #       ], 
     #       created_at: Time.parse("2023-12-16T17:29:02-07:00"), 
     #       description: "Repos for testing images", 
@@ -1220,7 +1223,7 @@ module Aws::ECR
     #     ],
     #     repository_policy: "RepositoryPolicyText",
     #     lifecycle_policy: "LifecyclePolicyTextForRepositoryCreationTemplate",
-    #     applied_for: ["REPLICATION"], # required, accepts REPLICATION, PULL_THROUGH_CACHE
+    #     applied_for: ["REPLICATION"], # required, accepts REPLICATION, PULL_THROUGH_CACHE, CREATE_ON_PUSH
     #     custom_role_arn: "CustomRoleArn",
     #   })
     #
@@ -1241,7 +1244,7 @@ module Aws::ECR
     #   resp.repository_creation_template.repository_policy #=> String
     #   resp.repository_creation_template.lifecycle_policy #=> String
     #   resp.repository_creation_template.applied_for #=> Array
-    #   resp.repository_creation_template.applied_for[0] #=> String, one of "REPLICATION", "PULL_THROUGH_CACHE"
+    #   resp.repository_creation_template.applied_for[0] #=> String, one of "REPLICATION", "PULL_THROUGH_CACHE", "CREATE_ON_PUSH"
     #   resp.repository_creation_template.custom_role_arn #=> String
     #   resp.repository_creation_template.created_at #=> Time
     #   resp.repository_creation_template.updated_at #=> Time
@@ -1494,7 +1497,7 @@ module Aws::ECR
     #   resp.repository_creation_template.repository_policy #=> String
     #   resp.repository_creation_template.lifecycle_policy #=> String
     #   resp.repository_creation_template.applied_for #=> Array
-    #   resp.repository_creation_template.applied_for[0] #=> String, one of "REPLICATION", "PULL_THROUGH_CACHE"
+    #   resp.repository_creation_template.applied_for[0] #=> String, one of "REPLICATION", "PULL_THROUGH_CACHE", "CREATE_ON_PUSH"
     #   resp.repository_creation_template.custom_role_arn #=> String
     #   resp.repository_creation_template.created_at #=> Time
     #   resp.repository_creation_template.updated_at #=> Time
@@ -1564,6 +1567,45 @@ module Aws::ECR
       req.send_request(options)
     end
 
+    # Deletes the registry's signing configuration. Images pushed after
+    # deletion of the signing configuration will no longer be automatically
+    # signed.
+    #
+    # For more information, see [Managed signing][1] in the *Amazon Elastic
+    # Container Registry User Guide*.
+    #
+    # <note markdown="1"> Deleting the signing configuration does not affect existing image
+    # signatures.
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/managed-signing.html
+    #
+    # @return [Types::DeleteSigningConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DeleteSigningConfigurationResponse#registry_id #registry_id} => String
+    #   * {Types::DeleteSigningConfigurationResponse#signing_configuration #signing_configuration} => Types::SigningConfiguration
+    #
+    # @example Response structure
+    #
+    #   resp.registry_id #=> String
+    #   resp.signing_configuration.rules #=> Array
+    #   resp.signing_configuration.rules[0].signing_profile_arn #=> String
+    #   resp.signing_configuration.rules[0].repository_filters #=> Array
+    #   resp.signing_configuration.rules[0].repository_filters[0].filter #=> String
+    #   resp.signing_configuration.rules[0].repository_filters[0].filter_type #=> String, one of "WILDCARD_MATCH"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/DeleteSigningConfiguration AWS API Documentation
+    #
+    # @overload delete_signing_configuration(params = {})
+    # @param [Hash] params ({})
+    def delete_signing_configuration(params = {}, options = {})
+      req = build_request(:delete_signing_configuration, params)
+      req.send_request(options)
+    end
+
     # Removes a principal from the pull time update exclusion list for a
     # registry. Once removed, Amazon ECR will resume updating the pull time
     # if the specified principal pulls an image.
@@ -1817,6 +1859,67 @@ module Aws::ECR
       req.send_request(options)
     end
 
+    # Returns the signing status for a specified image. If the image matched
+    # signing rules that reference different signing profiles, a status is
+    # returned for each profile.
+    #
+    # For more information, see [Managed signing][1] in the *Amazon Elastic
+    # Container Registry User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/managed-signing.html
+    #
+    # @option params [required, String] :repository_name
+    #   The name of the repository that contains the image.
+    #
+    # @option params [required, Types::ImageIdentifier] :image_id
+    #   An object containing identifying information for an image.
+    #
+    # @option params [String] :registry_id
+    #   The Amazon Web Services account ID associated with the registry that
+    #   contains the repository. If you do not specify a registry, the default
+    #   registry is assumed.
+    #
+    # @return [Types::DescribeImageSigningStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeImageSigningStatusResponse#repository_name #repository_name} => String
+    #   * {Types::DescribeImageSigningStatusResponse#image_id #image_id} => Types::ImageIdentifier
+    #   * {Types::DescribeImageSigningStatusResponse#registry_id #registry_id} => String
+    #   * {Types::DescribeImageSigningStatusResponse#signing_statuses #signing_statuses} => Array&lt;Types::ImageSigningStatus&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_image_signing_status({
+    #     repository_name: "RepositoryName", # required
+    #     image_id: { # required
+    #       image_digest: "ImageDigest",
+    #       image_tag: "ImageTag",
+    #     },
+    #     registry_id: "RegistryId",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.repository_name #=> String
+    #   resp.image_id.image_digest #=> String
+    #   resp.image_id.image_tag #=> String
+    #   resp.registry_id #=> String
+    #   resp.signing_statuses #=> Array
+    #   resp.signing_statuses[0].signing_profile_arn #=> String
+    #   resp.signing_statuses[0].failure_code #=> String
+    #   resp.signing_statuses[0].failure_reason #=> String
+    #   resp.signing_statuses[0].status #=> String, one of "IN_PROGRESS", "COMPLETE", "FAILED"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/DescribeImageSigningStatus AWS API Documentation
+    #
+    # @overload describe_image_signing_status(params = {})
+    # @param [Hash] params ({})
+    def describe_image_signing_status(params = {}, options = {})
+      req = build_request(:describe_image_signing_status, params)
+      req.send_request(options)
+    end
+
     # Returns metadata about the images in a repository.
     #
     # <note markdown="1"> Starting with Docker version 1.9, the Docker client compresses image
@@ -2203,6 +2306,7 @@ module Aws::ECR
     #         applied_for: [
     #           "PULL_THROUGH_CACHE", 
     #           "REPLICATION", 
+    #           "CREATE_ON_PUSH", 
     #         ], 
     #         created_at: Time.parse("2023-12-16T17:29:02-07:00"), 
     #         encryption_configuration: {
@@ -2253,7 +2357,7 @@ module Aws::ECR
     #   resp.repository_creation_templates[0].repository_policy #=> String
     #   resp.repository_creation_templates[0].lifecycle_policy #=> String
     #   resp.repository_creation_templates[0].applied_for #=> Array
-    #   resp.repository_creation_templates[0].applied_for[0] #=> String, one of "REPLICATION", "PULL_THROUGH_CACHE"
+    #   resp.repository_creation_templates[0].applied_for[0] #=> String, one of "REPLICATION", "PULL_THROUGH_CACHE", "CREATE_ON_PUSH"
     #   resp.repository_creation_templates[0].custom_role_arn #=> String
     #   resp.repository_creation_templates[0].created_at #=> Time
     #   resp.repository_creation_templates[0].updated_at #=> Time
@@ -2663,6 +2767,39 @@ module Aws::ECR
       req.send_request(options)
     end
 
+    # Retrieves the registry's signing configuration, which defines rules
+    # for automatically signing images using Amazon Web Services Signer.
+    #
+    # For more information, see [Managed signing][1] in the *Amazon Elastic
+    # Container Registry User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/managed-signing.html
+    #
+    # @return [Types::GetSigningConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetSigningConfigurationResponse#registry_id #registry_id} => String
+    #   * {Types::GetSigningConfigurationResponse#signing_configuration #signing_configuration} => Types::SigningConfiguration
+    #
+    # @example Response structure
+    #
+    #   resp.registry_id #=> String
+    #   resp.signing_configuration.rules #=> Array
+    #   resp.signing_configuration.rules[0].signing_profile_arn #=> String
+    #   resp.signing_configuration.rules[0].repository_filters #=> Array
+    #   resp.signing_configuration.rules[0].repository_filters[0].filter #=> String
+    #   resp.signing_configuration.rules[0].repository_filters[0].filter_type #=> String, one of "WILDCARD_MATCH"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/GetSigningConfiguration AWS API Documentation
+    #
+    # @overload get_signing_configuration(params = {})
+    # @param [Hash] params ({})
+    def get_signing_configuration(params = {}, options = {})
+      req = build_request(:get_signing_configuration, params)
+      req.send_request(options)
+    end
+
     # Notifies Amazon ECR that you intend to upload an image layer.
     #
     # When an image is pushed, the InitiateLayerUpload API is called once
@@ -3574,6 +3711,65 @@ module Aws::ECR
       req.send_request(options)
     end
 
+    # Creates or updates the registry's signing configuration, which
+    # defines rules for automatically signing images with Amazon Web
+    # Services Signer.
+    #
+    # For more information, see [Managed signing][1] in the *Amazon Elastic
+    # Container Registry User Guide*.
+    #
+    # <note markdown="1"> To successfully generate a signature, the IAM principal pushing images
+    # must have permission to sign payloads with the Amazon Web Services
+    # Signer signing profile referenced in the signing configuration.
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/managed-signing.html
+    #
+    # @option params [required, Types::SigningConfiguration] :signing_configuration
+    #   The signing configuration to assign to the registry.
+    #
+    # @return [Types::PutSigningConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::PutSigningConfigurationResponse#signing_configuration #signing_configuration} => Types::SigningConfiguration
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_signing_configuration({
+    #     signing_configuration: { # required
+    #       rules: [ # required
+    #         {
+    #           signing_profile_arn: "SigningProfileArn", # required
+    #           repository_filters: [
+    #             {
+    #               filter: "SigningRepositoryFilterValue", # required
+    #               filter_type: "WILDCARD_MATCH", # required, accepts WILDCARD_MATCH
+    #             },
+    #           ],
+    #         },
+    #       ],
+    #     },
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.signing_configuration.rules #=> Array
+    #   resp.signing_configuration.rules[0].signing_profile_arn #=> String
+    #   resp.signing_configuration.rules[0].repository_filters #=> Array
+    #   resp.signing_configuration.rules[0].repository_filters[0].filter #=> String
+    #   resp.signing_configuration.rules[0].repository_filters[0].filter_type #=> String, one of "WILDCARD_MATCH"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/PutSigningConfiguration AWS API Documentation
+    #
+    # @overload put_signing_configuration(params = {})
+    # @param [Hash] params ({})
+    def put_signing_configuration(params = {}, options = {})
+      req = build_request(:put_signing_configuration, params)
+      req.send_request(options)
+    end
+
     # Adds an IAM principal to the pull time update exclusion list for a
     # registry. Amazon ECR will not record the pull time if an excluded
     # principal pulls an image.
@@ -4069,7 +4265,8 @@ module Aws::ECR
     # @option params [Array<String>] :applied_for
     #   Updates the list of enumerable strings representing the Amazon ECR
     #   repository creation scenarios that this template will apply towards.
-    #   The two supported scenarios are `PULL_THROUGH_CACHE` and `REPLICATION`
+    #   The supported scenarios are `PULL_THROUGH_CACHE`, `REPLICATION`, and
+    #   `CREATE_ON_PUSH`
     #
     # @option params [String] :custom_role_arn
     #   The ARN of the role to be assumed by Amazon ECR. This role must be in
@@ -4151,7 +4348,7 @@ module Aws::ECR
     #     ],
     #     repository_policy: "RepositoryPolicyText",
     #     lifecycle_policy: "LifecyclePolicyTextForRepositoryCreationTemplate",
-    #     applied_for: ["REPLICATION"], # accepts REPLICATION, PULL_THROUGH_CACHE
+    #     applied_for: ["REPLICATION"], # accepts REPLICATION, PULL_THROUGH_CACHE, CREATE_ON_PUSH
     #     custom_role_arn: "CustomRoleArn",
     #   })
     #
@@ -4172,7 +4369,7 @@ module Aws::ECR
     #   resp.repository_creation_template.repository_policy #=> String
     #   resp.repository_creation_template.lifecycle_policy #=> String
     #   resp.repository_creation_template.applied_for #=> Array
-    #   resp.repository_creation_template.applied_for[0] #=> String, one of "REPLICATION", "PULL_THROUGH_CACHE"
+    #   resp.repository_creation_template.applied_for[0] #=> String, one of "REPLICATION", "PULL_THROUGH_CACHE", "CREATE_ON_PUSH"
     #   resp.repository_creation_template.custom_role_arn #=> String
     #   resp.repository_creation_template.created_at #=> Time
     #   resp.repository_creation_template.updated_at #=> Time
@@ -4326,7 +4523,7 @@ module Aws::ECR
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-ecr'
-      context[:gem_version] = '1.114.0'
+      context[:gem_version] = '1.116.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-ecr/client_api.rb

@@ -73,12 +73,16 @@ module Aws::ECR
     DeleteRepositoryPolicyResponse = Shapes::StructureShape.new(name: 'DeleteRepositoryPolicyResponse')
     DeleteRepositoryRequest = Shapes::StructureShape.new(name: 'DeleteRepositoryRequest')
     DeleteRepositoryResponse = Shapes::StructureShape.new(name: 'DeleteRepositoryResponse')
+    DeleteSigningConfigurationRequest = Shapes::StructureShape.new(name: 'DeleteSigningConfigurationRequest')
+    DeleteSigningConfigurationResponse = Shapes::StructureShape.new(name: 'DeleteSigningConfigurationResponse')
     DeregisterPullTimeUpdateExclusionRequest = Shapes::StructureShape.new(name: 'DeregisterPullTimeUpdateExclusionRequest')
     DeregisterPullTimeUpdateExclusionResponse = Shapes::StructureShape.new(name: 'DeregisterPullTimeUpdateExclusionResponse')
     DescribeImageReplicationStatusRequest = Shapes::StructureShape.new(name: 'DescribeImageReplicationStatusRequest')
     DescribeImageReplicationStatusResponse = Shapes::StructureShape.new(name: 'DescribeImageReplicationStatusResponse')
     DescribeImageScanFindingsRequest = Shapes::StructureShape.new(name: 'DescribeImageScanFindingsRequest')
     DescribeImageScanFindingsResponse = Shapes::StructureShape.new(name: 'DescribeImageScanFindingsResponse')
+    DescribeImageSigningStatusRequest = Shapes::StructureShape.new(name: 'DescribeImageSigningStatusRequest')
+    DescribeImageSigningStatusResponse = Shapes::StructureShape.new(name: 'DescribeImageSigningStatusResponse')
     DescribeImagesFilter = Shapes::StructureShape.new(name: 'DescribeImagesFilter')
     DescribeImagesRequest = Shapes::StructureShape.new(name: 'DescribeImagesRequest')
     DescribeImagesResponse = Shapes::StructureShape.new(name: 'DescribeImagesResponse')
@@ -130,6 +134,8 @@ module Aws::ECR
     GetRegistryScanningConfigurationResponse = Shapes::StructureShape.new(name: 'GetRegistryScanningConfigurationResponse')
     GetRepositoryPolicyRequest = Shapes::StructureShape.new(name: 'GetRepositoryPolicyRequest')
     GetRepositoryPolicyResponse = Shapes::StructureShape.new(name: 'GetRepositoryPolicyResponse')
+    GetSigningConfigurationRequest = Shapes::StructureShape.new(name: 'GetSigningConfigurationRequest')
+    GetSigningConfigurationResponse = Shapes::StructureShape.new(name: 'GetSigningConfigurationResponse')
     Image = Shapes::StructureShape.new(name: 'Image')
     ImageActionType = Shapes::StringShape.new(name: 'ImageActionType')
     ImageAlreadyExistsException = Shapes::StructureShape.new(name: 'ImageAlreadyExistsException')
@@ -158,6 +164,8 @@ module Aws::ECR
     ImageScanFindingsSummary = Shapes::StructureShape.new(name: 'ImageScanFindingsSummary')
     ImageScanStatus = Shapes::StructureShape.new(name: 'ImageScanStatus')
     ImageScanningConfiguration = Shapes::StructureShape.new(name: 'ImageScanningConfiguration')
+    ImageSigningStatus = Shapes::StructureShape.new(name: 'ImageSigningStatus')
+    ImageSigningStatusList = Shapes::ListShape.new(name: 'ImageSigningStatusList')
     ImageSizeInBytes = Shapes::IntegerShape.new(name: 'ImageSizeInBytes')
     ImageStatus = Shapes::StringShape.new(name: 'ImageStatus')
     ImageStatusFilter = Shapes::StringShape.new(name: 'ImageStatusFilter')
@@ -264,6 +272,8 @@ module Aws::ECR
     PutRegistryScanningConfigurationResponse = Shapes::StructureShape.new(name: 'PutRegistryScanningConfigurationResponse')
     PutReplicationConfigurationRequest = Shapes::StructureShape.new(name: 'PutReplicationConfigurationRequest')
     PutReplicationConfigurationResponse = Shapes::StructureShape.new(name: 'PutReplicationConfigurationResponse')
+    PutSigningConfigurationRequest = Shapes::StructureShape.new(name: 'PutSigningConfigurationRequest')
+    PutSigningConfigurationResponse = Shapes::StructureShape.new(name: 'PutSigningConfigurationResponse')
     RCTAppliedFor = Shapes::StringShape.new(name: 'RCTAppliedFor')
     RCTAppliedForList = Shapes::ListShape.new(name: 'RCTAppliedForList')
     Reason = Shapes::StringShape.new(name: 'Reason')
@@ -339,6 +349,18 @@ module Aws::ECR
     SetRepositoryPolicyResponse = Shapes::StructureShape.new(name: 'SetRepositoryPolicyResponse')
     Severity = Shapes::StringShape.new(name: 'Severity')
     SeverityCount = Shapes::IntegerShape.new(name: 'SeverityCount')
+    SigningConfiguration = Shapes::StructureShape.new(name: 'SigningConfiguration')
+    SigningConfigurationNotFoundException = Shapes::StructureShape.new(name: 'SigningConfigurationNotFoundException')
+    SigningProfileArn = Shapes::StringShape.new(name: 'SigningProfileArn')
+    SigningRepositoryFilter = Shapes::StructureShape.new(name: 'SigningRepositoryFilter')
+    SigningRepositoryFilterList = Shapes::ListShape.new(name: 'SigningRepositoryFilterList')
+    SigningRepositoryFilterType = Shapes::StringShape.new(name: 'SigningRepositoryFilterType')
+    SigningRepositoryFilterValue = Shapes::StringShape.new(name: 'SigningRepositoryFilterValue')
+    SigningRule = Shapes::StructureShape.new(name: 'SigningRule')
+    SigningRuleList = Shapes::ListShape.new(name: 'SigningRuleList')
+    SigningStatus = Shapes::StringShape.new(name: 'SigningStatus')
+    SigningStatusFailureCode = Shapes::StringShape.new(name: 'SigningStatusFailureCode')
+    SigningStatusFailureReason = Shapes::StringShape.new(name: 'SigningStatusFailureReason')
     Source = Shapes::StringShape.new(name: 'Source')
     SourceLayerHash = Shapes::StringShape.new(name: 'SourceLayerHash')
     StartImageScanRequest = Shapes::StructureShape.new(name: 'StartImageScanRequest')
@@ -599,6 +621,12 @@ module Aws::ECR
     DeleteRepositoryResponse.add_member(:repository, Shapes::ShapeRef.new(shape: Repository, location_name: "repository"))
     DeleteRepositoryResponse.struct_class = Types::DeleteRepositoryResponse
 
+    DeleteSigningConfigurationRequest.struct_class = Types::DeleteSigningConfigurationRequest
+
+    DeleteSigningConfigurationResponse.add_member(:registry_id, Shapes::ShapeRef.new(shape: RegistryId, location_name: "registryId"))
+    DeleteSigningConfigurationResponse.add_member(:signing_configuration, Shapes::ShapeRef.new(shape: SigningConfiguration, location_name: "signingConfiguration"))
+    DeleteSigningConfigurationResponse.struct_class = Types::DeleteSigningConfigurationResponse
+
     DeregisterPullTimeUpdateExclusionRequest.add_member(:principal_arn, Shapes::ShapeRef.new(shape: PrincipalArn, required: true, location_name: "principalArn"))
     DeregisterPullTimeUpdateExclusionRequest.struct_class = Types::DeregisterPullTimeUpdateExclusionRequest
 
@@ -630,6 +658,17 @@ module Aws::ECR
     DescribeImageScanFindingsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "nextToken"))
     DescribeImageScanFindingsResponse.struct_class = Types::DescribeImageScanFindingsResponse
 
+    DescribeImageSigningStatusRequest.add_member(:repository_name, Shapes::ShapeRef.new(shape: RepositoryName, required: true, location_name: "repositoryName"))
+    DescribeImageSigningStatusRequest.add_member(:image_id, Shapes::ShapeRef.new(shape: ImageIdentifier, required: true, location_name: "imageId"))
+    DescribeImageSigningStatusRequest.add_member(:registry_id, Shapes::ShapeRef.new(shape: RegistryId, location_name: "registryId"))
+    DescribeImageSigningStatusRequest.struct_class = Types::DescribeImageSigningStatusRequest
+
+    DescribeImageSigningStatusResponse.add_member(:repository_name, Shapes::ShapeRef.new(shape: RepositoryName, location_name: "repositoryName"))
+    DescribeImageSigningStatusResponse.add_member(:image_id, Shapes::ShapeRef.new(shape: ImageIdentifier, location_name: "imageId"))
+    DescribeImageSigningStatusResponse.add_member(:registry_id, Shapes::ShapeRef.new(shape: RegistryId, location_name: "registryId"))
+    DescribeImageSigningStatusResponse.add_member(:signing_statuses, Shapes::ShapeRef.new(shape: ImageSigningStatusList, location_name: "signingStatuses"))
+    DescribeImageSigningStatusResponse.struct_class = Types::DescribeImageSigningStatusResponse
+
     DescribeImagesFilter.add_member(:tag_status, Shapes::ShapeRef.new(shape: TagStatus, location_name: "tagStatus"))
     DescribeImagesFilter.add_member(:image_status, Shapes::ShapeRef.new(shape: ImageStatusFilter, location_name: "imageStatus"))
     DescribeImagesFilter.struct_class = Types::DescribeImagesFilter
@@ -795,6 +834,12 @@ module Aws::ECR
     GetRepositoryPolicyResponse.add_member(:policy_text, Shapes::ShapeRef.new(shape: RepositoryPolicyText, location_name: "policyText"))
     GetRepositoryPolicyResponse.struct_class = Types::GetRepositoryPolicyResponse
 
+    GetSigningConfigurationRequest.struct_class = Types::GetSigningConfigurationRequest
+
+    GetSigningConfigurationResponse.add_member(:registry_id, Shapes::ShapeRef.new(shape: RegistryId, location_name: "registryId"))
+    GetSigningConfigurationResponse.add_member(:signing_configuration, Shapes::ShapeRef.new(shape: SigningConfiguration, location_name: "signingConfiguration"))
+    GetSigningConfigurationResponse.struct_class = Types::GetSigningConfigurationResponse
+
     Image.add_member(:registry_id, Shapes::ShapeRef.new(shape: RegistryId, location_name: "registryId"))
     Image.add_member(:repository_name, Shapes::ShapeRef.new(shape: RepositoryName, location_name: "repositoryName"))
     Image.add_member(:image_id, Shapes::ShapeRef.new(shape: ImageIdentifier, location_name: "imageId"))
@@ -894,6 +939,14 @@ module Aws::ECR
     ImageScanningConfiguration.add_member(:scan_on_push, Shapes::ShapeRef.new(shape: ScanOnPushFlag, location_name: "scanOnPush"))
     ImageScanningConfiguration.struct_class = Types::ImageScanningConfiguration
 
+    ImageSigningStatus.add_member(:signing_profile_arn, Shapes::ShapeRef.new(shape: SigningProfileArn, location_name: "signingProfileArn"))
+    ImageSigningStatus.add_member(:failure_code, Shapes::ShapeRef.new(shape: SigningStatusFailureCode, location_name: "failureCode"))
+    ImageSigningStatus.add_member(:failure_reason, Shapes::ShapeRef.new(shape: SigningStatusFailureReason, location_name: "failureReason"))
+    ImageSigningStatus.add_member(:status, Shapes::ShapeRef.new(shape: SigningStatus, location_name: "status"))
+    ImageSigningStatus.struct_class = Types::ImageSigningStatus
+
+    ImageSigningStatusList.member = Shapes::ShapeRef.new(shape: ImageSigningStatus)
+
     ImageStorageClassUpdateNotSupportedException.add_member(:message, Shapes::ShapeRef.new(shape: ExceptionMessage, location_name: "message"))
     ImageStorageClassUpdateNotSupportedException.struct_class = Types::ImageStorageClassUpdateNotSupportedException
 
@@ -1155,6 +1208,12 @@ module Aws::ECR
     PutReplicationConfigurationResponse.add_member(:replication_configuration, Shapes::ShapeRef.new(shape: ReplicationConfiguration, location_name: "replicationConfiguration"))
     PutReplicationConfigurationResponse.struct_class = Types::PutReplicationConfigurationResponse
 
+    PutSigningConfigurationRequest.add_member(:signing_configuration, Shapes::ShapeRef.new(shape: SigningConfiguration, required: true, location_name: "signingConfiguration"))
+    PutSigningConfigurationRequest.struct_class = Types::PutSigningConfigurationRequest
+
+    PutSigningConfigurationResponse.add_member(:signing_configuration, Shapes::ShapeRef.new(shape: SigningConfiguration, location_name: "signingConfiguration"))
+    PutSigningConfigurationResponse.struct_class = Types::PutSigningConfigurationResponse
+
     RCTAppliedForList.member = Shapes::ShapeRef.new(shape: RCTAppliedFor)
 
     Recommendation.add_member(:url, Shapes::ShapeRef.new(shape: Url, location_name: "url"))
@@ -1313,6 +1372,24 @@ module Aws::ECR
     SetRepositoryPolicyResponse.add_member(:policy_text, Shapes::ShapeRef.new(shape: RepositoryPolicyText, location_name: "policyText"))
     SetRepositoryPolicyResponse.struct_class = Types::SetRepositoryPolicyResponse
 
+    SigningConfiguration.add_member(:rules, Shapes::ShapeRef.new(shape: SigningRuleList, required: true, location_name: "rules"))
+    SigningConfiguration.struct_class = Types::SigningConfiguration
+
+    SigningConfigurationNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: ExceptionMessage, location_name: "message"))
+    SigningConfigurationNotFoundException.struct_class = Types::SigningConfigurationNotFoundException
+
+    SigningRepositoryFilter.add_member(:filter, Shapes::ShapeRef.new(shape: SigningRepositoryFilterValue, required: true, location_name: "filter"))
+    SigningRepositoryFilter.add_member(:filter_type, Shapes::ShapeRef.new(shape: SigningRepositoryFilterType, required: true, location_name: "filterType"))
+    SigningRepositoryFilter.struct_class = Types::SigningRepositoryFilter
+
+    SigningRepositoryFilterList.member = Shapes::ShapeRef.new(shape: SigningRepositoryFilter)
+
+    SigningRule.add_member(:signing_profile_arn, Shapes::ShapeRef.new(shape: SigningProfileArn, required: true, location_name: "signingProfileArn"))
+    SigningRule.add_member(:repository_filters, Shapes::ShapeRef.new(shape: SigningRepositoryFilterList, location_name: "repositoryFilters"))
+    SigningRule.struct_class = Types::SigningRule
+
+    SigningRuleList.member = Shapes::ShapeRef.new(shape: SigningRule)
+
     StartImageScanRequest.add_member(:registry_id, Shapes::ShapeRef.new(shape: RegistryId, location_name: "registryId"))
     StartImageScanRequest.add_member(:repository_name, Shapes::ShapeRef.new(shape: RepositoryName, required: true, location_name: "repositoryName"))
     StartImageScanRequest.add_member(:image_id, Shapes::ShapeRef.new(shape: ImageIdentifier, required: true, location_name: "imageId"))
@@ -1688,6 +1765,17 @@ module Aws::ECR
         o.errors << Shapes::ShapeRef.new(shape: RepositoryPolicyNotFoundException)
       end)
 
+      api.add_operation(:delete_signing_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DeleteSigningConfiguration"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: DeleteSigningConfigurationRequest)
+        o.output = Shapes::ShapeRef.new(shape: DeleteSigningConfigurationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: SigningConfigurationNotFoundException)
+      end)
+
       api.add_operation(:deregister_pull_time_update_exclusion, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DeregisterPullTimeUpdateExclusion"
         o.http_method = "POST"
@@ -1734,6 +1822,19 @@ module Aws::ECR
         )
       end)
 
+      api.add_operation(:describe_image_signing_status, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DescribeImageSigningStatus"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: DescribeImageSigningStatusRequest)
+        o.output = Shapes::ShapeRef.new(shape: DescribeImageSigningStatusResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ServerException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: ImageNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: RepositoryNotFoundException)
+      end)
+
       api.add_operation(:describe_images, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DescribeImages"
         o.http_method = "POST"
@@ -1917,6 +2018,18 @@ module Aws::ECR
         o.errors << Shapes::ShapeRef.new(shape: RepositoryPolicyNotFoundException)
       end)
 
+      api.add_operation(:get_signing_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetSigningConfiguration"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: GetSigningConfigurationRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetSigningConfigurationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ServerException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: SigningConfigurationNotFoundException)
+      end)
+
       api.add_operation(:initiate_layer_upload, Seahorse::Model::Operation.new.tap do |o|
         o.name = "InitiateLayerUpload"
         o.http_method = "POST"
@@ -2080,6 +2193,17 @@ module Aws::ECR
         o.errors << Shapes::ShapeRef.new(shape: ValidationException)
       end)
 
+      api.add_operation(:put_signing_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "PutSigningConfiguration"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: PutSigningConfigurationRequest)
+        o.output = Shapes::ShapeRef.new(shape: PutSigningConfigurationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ServerException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+      end)
+
       api.add_operation(:register_pull_time_update_exclusion, Seahorse::Model::Operation.new.tap do |o|
         o.name = "RegisterPullTimeUpdateExclusion"
         o.http_method = "POST"

data/lib/aws-sdk-ecr/errors.rb

@@ -61,6 +61,7 @@ module Aws::ECR
   # * {ScanNotFoundException}
   # * {SecretNotFoundException}
   # * {ServerException}
+  # * {SigningConfigurationNotFoundException}
   # * {TemplateAlreadyExistsException}
   # * {TemplateNotFoundException}
   # * {TooManyTagsException}
@@ -614,6 +615,21 @@ module Aws::ECR
       end
     end
 
+    class SigningConfigurationNotFoundException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::ECR::Types::SigningConfigurationNotFoundException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
     class TemplateAlreadyExistsException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-ecr/types.rb

@@ -555,8 +555,9 @@ module Aws::ECR
     #
     # @!attribute [rw] applied_for
     #   A list of enumerable strings representing the Amazon ECR repository
-    #   creation scenarios that this template will apply towards. The two
-    #   supported scenarios are `PULL_THROUGH_CACHE` and `REPLICATION`
+    #   creation scenarios that this template will apply towards. The
+    #   supported scenarios are `PULL_THROUGH_CACHE`, `REPLICATION`, and
+    #   `CREATE_ON_PUSH`
     #   @return [Array<String>]
     #
     # @!attribute [rw] custom_role_arn
@@ -1009,6 +1010,29 @@ module Aws::ECR
       include Aws::Structure
     end
 
+    # @api private
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/DeleteSigningConfigurationRequest AWS API Documentation
+    #
+    class DeleteSigningConfigurationRequest < Aws::EmptyStructure; end
+
+    # @!attribute [rw] registry_id
+    #   The Amazon Web Services account ID associated with the registry.
+    #   @return [String]
+    #
+    # @!attribute [rw] signing_configuration
+    #   The registry's deleted signing configuration.
+    #   @return [Types::SigningConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/DeleteSigningConfigurationResponse AWS API Documentation
+    #
+    class DeleteSigningConfigurationResponse < Struct.new(
+      :registry_id,
+      :signing_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] principal_arn
     #   The ARN of the IAM principal to remove from the pull time update
     #   exclusion list.
@@ -1175,6 +1199,58 @@ module Aws::ECR
       include Aws::Structure
     end
 
+    # @!attribute [rw] repository_name
+    #   The name of the repository that contains the image.
+    #   @return [String]
+    #
+    # @!attribute [rw] image_id
+    #   An object containing identifying information for an image.
+    #   @return [Types::ImageIdentifier]
+    #
+    # @!attribute [rw] registry_id
+    #   The Amazon Web Services account ID associated with the registry that
+    #   contains the repository. If you do not specify a registry, the
+    #   default registry is assumed.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/DescribeImageSigningStatusRequest AWS API Documentation
+    #
+    class DescribeImageSigningStatusRequest < Struct.new(
+      :repository_name,
+      :image_id,
+      :registry_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] repository_name
+    #   The name of the repository.
+    #   @return [String]
+    #
+    # @!attribute [rw] image_id
+    #   An object with identifying information for the image.
+    #   @return [Types::ImageIdentifier]
+    #
+    # @!attribute [rw] registry_id
+    #   The Amazon Web Services account ID associated with the registry.
+    #   @return [String]
+    #
+    # @!attribute [rw] signing_statuses
+    #   A list of signing statuses for the specified image. Each status
+    #   corresponds to a signing profile.
+    #   @return [Array<Types::ImageSigningStatus>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/DescribeImageSigningStatusResponse AWS API Documentation
+    #
+    class DescribeImageSigningStatusResponse < Struct.new(
+      :repository_name,
+      :image_id,
+      :registry_id,
+      :signing_statuses)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # An object representing a filter on a DescribeImages operation.
     #
     # @!attribute [rw] tag_status
@@ -2101,6 +2177,29 @@ module Aws::ECR
       include Aws::Structure
     end
 
+    # @api private
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/GetSigningConfigurationRequest AWS API Documentation
+    #
+    class GetSigningConfigurationRequest < Aws::EmptyStructure; end
+
+    # @!attribute [rw] registry_id
+    #   The Amazon Web Services account ID associated with the registry.
+    #   @return [String]
+    #
+    # @!attribute [rw] signing_configuration
+    #   The registry's signing configuration.
+    #   @return [Types::SigningConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/GetSigningConfigurationResponse AWS API Documentation
+    #
+    class GetSigningConfigurationResponse < Struct.new(
+      :registry_id,
+      :signing_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # An object representing an Amazon ECR image.
     #
     # @!attribute [rw] registry_id
@@ -2553,6 +2652,45 @@ module Aws::ECR
       include Aws::Structure
     end
 
+    # The signing status for an image. Each status corresponds to a signing
+    # profile.
+    #
+    # @!attribute [rw] signing_profile_arn
+    #   The ARN of the Amazon Web Services Signer signing profile used to
+    #   sign the image.
+    #   @return [String]
+    #
+    # @!attribute [rw] failure_code
+    #   The failure code, which is only present if `status` is `FAILED`.
+    #   @return [String]
+    #
+    # @!attribute [rw] failure_reason
+    #   A description of why signing the image failed. This field is only
+    #   present if `status` is `FAILED`.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The image's signing status. Possible values are:
+    #
+    #   * `IN_PROGRESS` - Signing is currently in progress.
+    #
+    #   * `COMPLETE` - The signature was successfully generated.
+    #
+    #   * `FAILED` - Signing failed. See `failureCode` and `failureReason`
+    #     for details.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/ImageSigningStatus AWS API Documentation
+    #
+    class ImageSigningStatus < Struct.new(
+      :signing_profile_arn,
+      :failure_code,
+      :failure_reason,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The requested image storage class update is not supported.
     #
     # @!attribute [rw] message
@@ -3794,6 +3932,30 @@ module Aws::ECR
       include Aws::Structure
     end
 
+    # @!attribute [rw] signing_configuration
+    #   The signing configuration to assign to the registry.
+    #   @return [Types::SigningConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/PutSigningConfigurationRequest AWS API Documentation
+    #
+    class PutSigningConfigurationRequest < Struct.new(
+      :signing_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] signing_configuration
+    #   The registry's updated signing configuration.
+    #   @return [Types::SigningConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/PutSigningConfigurationResponse AWS API Documentation
+    #
+    class PutSigningConfigurationResponse < Struct.new(
+      :signing_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Details about the recommended course of action to remediate the
     # finding.
     #
@@ -4120,8 +4282,9 @@ module Aws::ECR
     #
     # @!attribute [rw] applied_for
     #   A list of enumerable Strings representing the repository creation
-    #   scenarios that this template will apply towards. The two supported
-    #   scenarios are PULL\_THROUGH\_CACHE and REPLICATION
+    #   scenarios that this template will apply towards. The supported
+    #   scenarios are PULL\_THROUGH\_CACHE, REPLICATION, and
+    #   CREATE\_ON\_PUSH
     #   @return [Array<String>]
     #
     # @!attribute [rw] custom_role_arn
@@ -4481,6 +4644,103 @@ module Aws::ECR
       include Aws::Structure
     end
 
+    # The signing configuration for a registry, which specifies rules for
+    # automatically signing images when pushed.
+    #
+    # @!attribute [rw] rules
+    #   A list of signing rules. Each rule defines a signing profile and
+    #   optional repository filters that determine which images are
+    #   automatically signed. Maximum of 10 rules.
+    #   @return [Array<Types::SigningRule>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/SigningConfiguration AWS API Documentation
+    #
+    class SigningConfiguration < Struct.new(
+      :rules)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The specified signing configuration was not found. This occurs when
+    # attempting to retrieve or delete a signing configuration that does not
+    # exist.
+    #
+    # @!attribute [rw] message
+    #   The error message associated with the exception.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/SigningConfigurationNotFoundException AWS API Documentation
+    #
+    class SigningConfigurationNotFoundException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A repository filter used to determine which repositories have their
+    # images automatically signed on push. Each filter consists of a filter
+    # type and filter value.
+    #
+    # @!attribute [rw] filter
+    #   The filter value used to match repository names. When using
+    #   `WILDCARD_MATCH`, the `*` character matches any sequence of
+    #   characters.
+    #
+    #   Examples:
+    #
+    #   * `myapp/*` - Matches all repositories starting with `myapp/`
+    #
+    #   * `*/production` - Matches all repositories ending with
+    #     `/production`
+    #
+    #   * `*prod*` - Matches all repositories containing `prod`
+    #   @return [String]
+    #
+    # @!attribute [rw] filter_type
+    #   The type of filter to apply. Currently, only `WILDCARD_MATCH` is
+    #   supported, which uses wildcard patterns to match repository names.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/SigningRepositoryFilter AWS API Documentation
+    #
+    class SigningRepositoryFilter < Struct.new(
+      :filter,
+      :filter_type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A signing rule that specifies a signing profile and optional
+    # repository filters. When an image is pushed to a matching repository,
+    # a signing job is created using the specified profile.
+    #
+    # @!attribute [rw] signing_profile_arn
+    #   The ARN of the Amazon Web Services Signer signing profile to use for
+    #   signing images that match this rule. For more information about
+    #   signing profiles, see [Signing profiles][1] in the *Amazon Web
+    #   Services Signer Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/signer/latest/developerguide/signing-profiles.html
+    #   @return [String]
+    #
+    # @!attribute [rw] repository_filters
+    #   A list of repository filters that determine which repositories have
+    #   their images signed on push. If no filters are specified, all images
+    #   pushed to the registry are signed using the rule's signing profile.
+    #   Maximum of 100 filters per rule.
+    #   @return [Array<Types::SigningRepositoryFilter>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/SigningRule AWS API Documentation
+    #
+    class SigningRule < Struct.new(
+      :signing_profile_arn,
+      :repository_filters)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] registry_id
     #   The Amazon Web Services account ID associated with the registry that
     #   contains the repository in which to start an image scan request. If
@@ -5012,8 +5272,8 @@ module Aws::ECR
     # @!attribute [rw] applied_for
     #   Updates the list of enumerable strings representing the Amazon ECR
     #   repository creation scenarios that this template will apply towards.
-    #   The two supported scenarios are `PULL_THROUGH_CACHE` and
-    #   `REPLICATION`
+    #   The supported scenarios are `PULL_THROUGH_CACHE`, `REPLICATION`, and
+    #   `CREATE_ON_PUSH`
     #   @return [Array<String>]
     #
     # @!attribute [rw] custom_role_arn

data/lib/aws-sdk-ecr.rb

@@ -55,7 +55,7 @@ module Aws::ECR
   autoload :EndpointProvider, 'aws-sdk-ecr/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-ecr/endpoints'
 
-  GEM_VERSION = '1.114.0'
+  GEM_VERSION = '1.116.0'
 
 end
 

data/sig/client.rbs

@@ -238,7 +238,7 @@ module Aws
                                                  ],
                                                  ?repository_policy: ::String,
                                                  ?lifecycle_policy: ::String,
-                                                 applied_for: Array[("REPLICATION" | "PULL_THROUGH_CACHE")],
+                                                 applied_for: Array[("REPLICATION" | "PULL_THROUGH_CACHE" | "CREATE_ON_PUSH")],
                                                  ?custom_role_arn: ::String
                                                ) -> _CreateRepositoryCreationTemplateResponseSuccess
                                              | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _CreateRepositoryCreationTemplateResponseSuccess
@@ -320,6 +320,16 @@ module Aws
                                     ) -> _DeleteRepositoryPolicyResponseSuccess
                                   | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _DeleteRepositoryPolicyResponseSuccess
 
+      interface _DeleteSigningConfigurationResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::DeleteSigningConfigurationResponse]
+        def registry_id: () -> ::String
+        def signing_configuration: () -> Types::SigningConfiguration
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/ECR/Client.html#delete_signing_configuration-instance_method
+      def delete_signing_configuration: (
+                                        ) -> _DeleteSigningConfigurationResponseSuccess
+                                      | (?Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _DeleteSigningConfigurationResponseSuccess
+
       interface _DeregisterPullTimeUpdateExclusionResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::DeregisterPullTimeUpdateExclusionResponse]
         def principal_arn: () -> ::String
@@ -369,6 +379,24 @@ module Aws
                                         ) -> _DescribeImageScanFindingsResponseSuccess
                                       | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _DescribeImageScanFindingsResponseSuccess
 
+      interface _DescribeImageSigningStatusResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::DescribeImageSigningStatusResponse]
+        def repository_name: () -> ::String
+        def image_id: () -> Types::ImageIdentifier
+        def registry_id: () -> ::String
+        def signing_statuses: () -> ::Array[Types::ImageSigningStatus]
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/ECR/Client.html#describe_image_signing_status-instance_method
+      def describe_image_signing_status: (
+                                           repository_name: ::String,
+                                           image_id: {
+                                             image_digest: ::String?,
+                                             image_tag: ::String?
+                                           },
+                                           ?registry_id: ::String
+                                         ) -> _DescribeImageSigningStatusResponseSuccess
+                                       | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _DescribeImageSigningStatusResponseSuccess
+
       interface _DescribeImagesResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::DescribeImagesResponse]
         def image_details: () -> ::Array[Types::ImageDetail]
@@ -554,6 +582,16 @@ module Aws
                                  ) -> _GetRepositoryPolicyResponseSuccess
                                | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetRepositoryPolicyResponseSuccess
 
+      interface _GetSigningConfigurationResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::GetSigningConfigurationResponse]
+        def registry_id: () -> ::String
+        def signing_configuration: () -> Types::SigningConfiguration
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/ECR/Client.html#get_signing_configuration-instance_method
+      def get_signing_configuration: (
+                                     ) -> _GetSigningConfigurationResponseSuccess
+                                   | (?Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetSigningConfigurationResponseSuccess
+
       interface _InitiateLayerUploadResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::InitiateLayerUploadResponse]
         def upload_id: () -> ::String
@@ -764,6 +802,28 @@ module Aws
                                          ) -> _PutReplicationConfigurationResponseSuccess
                                        | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _PutReplicationConfigurationResponseSuccess
 
+      interface _PutSigningConfigurationResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::PutSigningConfigurationResponse]
+        def signing_configuration: () -> Types::SigningConfiguration
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/ECR/Client.html#put_signing_configuration-instance_method
+      def put_signing_configuration: (
+                                       signing_configuration: {
+                                         rules: Array[
+                                           {
+                                             signing_profile_arn: ::String,
+                                             repository_filters: Array[
+                                               {
+                                                 filter: ::String,
+                                                 filter_type: ("WILDCARD_MATCH")
+                                               },
+                                             ]?
+                                           },
+                                         ]
+                                       }
+                                     ) -> _PutSigningConfigurationResponseSuccess
+                                   | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _PutSigningConfigurationResponseSuccess
+
       interface _RegisterPullTimeUpdateExclusionResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::RegisterPullTimeUpdateExclusionResponse]
         def principal_arn: () -> ::String
@@ -913,7 +973,7 @@ module Aws
                                                  ],
                                                  ?repository_policy: ::String,
                                                  ?lifecycle_policy: ::String,
-                                                 ?applied_for: Array[("REPLICATION" | "PULL_THROUGH_CACHE")],
+                                                 ?applied_for: Array[("REPLICATION" | "PULL_THROUGH_CACHE" | "CREATE_ON_PUSH")],
                                                  ?custom_role_arn: ::String
                                                ) -> _UpdateRepositoryCreationTemplateResponseSuccess
                                              | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _UpdateRepositoryCreationTemplateResponseSuccess

data/sig/errors.rbs

@@ -118,6 +118,9 @@ module Aws
       class ServerException < ::Aws::Errors::ServiceError
         def message: () -> ::String
       end
+      class SigningConfigurationNotFoundException < ::Aws::Errors::ServiceError
+        def message: () -> ::String
+      end
       class TemplateAlreadyExistsException < ::Aws::Errors::ServiceError
         def message: () -> ::String
       end

data/sig/types.rbs

@@ -139,7 +139,7 @@ module Aws::ECR
       attr_accessor image_tag_mutability_exclusion_filters: ::Array[Types::ImageTagMutabilityExclusionFilter]
       attr_accessor repository_policy: ::String
       attr_accessor lifecycle_policy: ::String
-      attr_accessor applied_for: ::Array[("REPLICATION" | "PULL_THROUGH_CACHE")]
+      attr_accessor applied_for: ::Array[("REPLICATION" | "PULL_THROUGH_CACHE" | "CREATE_ON_PUSH")]
       attr_accessor custom_role_arn: ::String
       SENSITIVE: []
     end
@@ -265,6 +265,15 @@ module Aws::ECR
       SENSITIVE: []
     end
 
+    class DeleteSigningConfigurationRequest < Aws::EmptyStructure
+    end
+
+    class DeleteSigningConfigurationResponse
+      attr_accessor registry_id: ::String
+      attr_accessor signing_configuration: Types::SigningConfiguration
+      SENSITIVE: []
+    end
+
     class DeregisterPullTimeUpdateExclusionRequest
       attr_accessor principal_arn: ::String
       SENSITIVE: []
@@ -308,6 +317,21 @@ module Aws::ECR
       SENSITIVE: []
     end
 
+    class DescribeImageSigningStatusRequest
+      attr_accessor repository_name: ::String
+      attr_accessor image_id: Types::ImageIdentifier
+      attr_accessor registry_id: ::String
+      SENSITIVE: []
+    end
+
+    class DescribeImageSigningStatusResponse
+      attr_accessor repository_name: ::String
+      attr_accessor image_id: Types::ImageIdentifier
+      attr_accessor registry_id: ::String
+      attr_accessor signing_statuses: ::Array[Types::ImageSigningStatus]
+      SENSITIVE: []
+    end
+
     class DescribeImagesFilter
       attr_accessor tag_status: ("TAGGED" | "UNTAGGED" | "ANY")
       attr_accessor image_status: ("ACTIVE" | "ARCHIVED" | "ACTIVATING" | "ANY")
@@ -529,6 +553,15 @@ module Aws::ECR
       SENSITIVE: []
     end
 
+    class GetSigningConfigurationRequest < Aws::EmptyStructure
+    end
+
+    class GetSigningConfigurationResponse
+      attr_accessor registry_id: ::String
+      attr_accessor signing_configuration: Types::SigningConfiguration
+      SENSITIVE: []
+    end
+
     class Image
       attr_accessor registry_id: ::String
       attr_accessor repository_name: ::String
@@ -644,6 +677,14 @@ module Aws::ECR
       SENSITIVE: []
     end
 
+    class ImageSigningStatus
+      attr_accessor signing_profile_arn: ::String
+      attr_accessor failure_code: ::String
+      attr_accessor failure_reason: ::String
+      attr_accessor status: ("IN_PROGRESS" | "COMPLETE" | "FAILED")
+      SENSITIVE: []
+    end
+
     class ImageStorageClassUpdateNotSupportedException
       attr_accessor message: ::String
       SENSITIVE: []
@@ -989,6 +1030,16 @@ module Aws::ECR
       SENSITIVE: []
     end
 
+    class PutSigningConfigurationRequest
+      attr_accessor signing_configuration: Types::SigningConfiguration
+      SENSITIVE: []
+    end
+
+    class PutSigningConfigurationResponse
+      attr_accessor signing_configuration: Types::SigningConfiguration
+      SENSITIVE: []
+    end
+
     class Recommendation
       attr_accessor url: ::String
       attr_accessor text: ::String
@@ -1077,7 +1128,7 @@ module Aws::ECR
       attr_accessor image_tag_mutability_exclusion_filters: ::Array[Types::ImageTagMutabilityExclusionFilter]
       attr_accessor repository_policy: ::String
       attr_accessor lifecycle_policy: ::String
-      attr_accessor applied_for: ::Array[("REPLICATION" | "PULL_THROUGH_CACHE")]
+      attr_accessor applied_for: ::Array[("REPLICATION" | "PULL_THROUGH_CACHE" | "CREATE_ON_PUSH")]
       attr_accessor custom_role_arn: ::String
       attr_accessor created_at: ::Time
       attr_accessor updated_at: ::Time
@@ -1175,6 +1226,28 @@ module Aws::ECR
       SENSITIVE: []
     end
 
+    class SigningConfiguration
+      attr_accessor rules: ::Array[Types::SigningRule]
+      SENSITIVE: []
+    end
+
+    class SigningConfigurationNotFoundException
+      attr_accessor message: ::String
+      SENSITIVE: []
+    end
+
+    class SigningRepositoryFilter
+      attr_accessor filter: ::String
+      attr_accessor filter_type: ("WILDCARD_MATCH")
+      SENSITIVE: []
+    end
+
+    class SigningRule
+      attr_accessor signing_profile_arn: ::String
+      attr_accessor repository_filters: ::Array[Types::SigningRepositoryFilter]
+      SENSITIVE: []
+    end
+
     class StartImageScanRequest
       attr_accessor registry_id: ::String
       attr_accessor repository_name: ::String
@@ -1328,7 +1401,7 @@ module Aws::ECR
       attr_accessor image_tag_mutability_exclusion_filters: ::Array[Types::ImageTagMutabilityExclusionFilter]
       attr_accessor repository_policy: ::String
       attr_accessor lifecycle_policy: ::String
-      attr_accessor applied_for: ::Array[("REPLICATION" | "PULL_THROUGH_CACHE")]
+      attr_accessor applied_for: ::Array[("REPLICATION" | "PULL_THROUGH_CACHE" | "CREATE_ON_PUSH")]
       attr_accessor custom_role_arn: ::String
       SENSITIVE: []
     end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-ecr
 version: !ruby/object:Gem::Version
-  version: 1.114.0
+  version: 1.116.0
 platform: ruby
 authors:
 - Amazon Web Services
@@ -18,7 +18,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.234.0
+        version: 3.239.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -28,7 +28,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.234.0
+        version: 3.239.1
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement