@bitblit/ratchet-aws 6.0.146-alpha → 6.0.148-alpha

package/src/dynamodb/impl/dynamo-runtime-parameter-provider.spec.ts

@@ -0,0 +1,65 @@
+import { DynamoRuntimeParameterProvider } from './dynamo-runtime-parameter-provider.js';
+import { DynamoRatchet } from '../dynamo-ratchet.js';
+import { StoredRuntimeParameter } from '../../runtime-parameter/stored-runtime-parameter.js';
+
+import { RuntimeParameterRatchet } from '../../runtime-parameter/runtime-parameter-ratchet.js';
+import { PutCommandOutput } from '@aws-sdk/lib-dynamodb';
+import { Logger } from '@bitblit/ratchet-common/logger/logger';
+import { PromiseRatchet } from '@bitblit/ratchet-common/lang/promise-ratchet';
+import { LoggerLevelName } from '@bitblit/ratchet-common/logger/logger-level-name';
+import { beforeEach, describe, expect, test } from 'vitest';
+import { mock, MockProxy } from 'vitest-mock-extended';
+
+let mockDynamoRatchet: MockProxy<DynamoRatchet>;
+const testEntry: StoredRuntimeParameter = { groupId: 'test', paramKey: 'test', paramValue: '15', ttlSeconds: 0.5 };
+const testEntry2: StoredRuntimeParameter = { groupId: 'test', paramKey: 'test1', paramValue: '20', ttlSeconds: 0.5 };
+
+describe('#runtimeParameterRatchet', function () {
+  beforeEach(() => {
+    mockDynamoRatchet = mock<DynamoRatchet>();
+  });
+
+  test('fetch and cache a runtime parameter', async () => {
+    Logger.setLevel(LoggerLevelName.silly);
+    const tableName: string = 'default-table';
+    mockDynamoRatchet.simpleGet.mockResolvedValue(testEntry);
+    mockDynamoRatchet.simplePut.mockResolvedValue({} as PutCommandOutput);
+    const drpp: DynamoRuntimeParameterProvider = new DynamoRuntimeParameterProvider(mockDynamoRatchet, tableName);
+    const rpr: RuntimeParameterRatchet = new RuntimeParameterRatchet(drpp);
+
+    const stored: StoredRuntimeParameter = await rpr.storeParameter('test', 'test1', 15, 0.5);
+    Logger.info('Stored : %j', stored);
+
+    const cache1: number = await rpr.fetchParameter<number>('test', 'test1');
+    const cache1a: number = await rpr.fetchParameter<number>('test', 'test1');
+    const cache1b: number = await rpr.fetchParameter<number>('test', 'test1');
+    expect(cache1).toEqual(15);
+    expect(cache1a).toEqual(15);
+    expect(cache1b).toEqual(15);
+
+    await PromiseRatchet.wait(1000);
+
+    const cache2: number = await rpr.fetchParameter<number>('test', 'test1');
+    expect(cache2).toEqual(15);
+
+    mockDynamoRatchet.simpleGet.mockResolvedValue(null);
+    const cacheMiss: number = await rpr.fetchParameter<number>('test', 'test-miss');
+    expect(cacheMiss).toBeNull();
+
+    const cacheDefault: number = await rpr.fetchParameter<number>('test', 'test-miss', 27);
+    expect(cacheDefault).toEqual(27);
+  }, 30_000);
+
+  test('reads underlying entries', async () => {
+    Logger.setLevel(LoggerLevelName.silly);
+    const tableName: string = 'default-table';
+    mockDynamoRatchet.fullyExecuteQuery.mockResolvedValue([testEntry, testEntry2]);
+    const drpp: DynamoRuntimeParameterProvider = new DynamoRuntimeParameterProvider(mockDynamoRatchet, tableName);
+    const rpr: RuntimeParameterRatchet = new RuntimeParameterRatchet(drpp);
+
+    const vals: StoredRuntimeParameter[] = await rpr.readUnderlyingEntries('test');
+
+    expect(vals).not.toBeFalsy();
+    expect(vals.length).toEqual(2);
+  }, 30_000);
+});

package/src/dynamodb/impl/dynamo-runtime-parameter-provider.ts

@@ -0,0 +1,44 @@
+import { PutCommandOutput, QueryCommandInput } from '@aws-sdk/lib-dynamodb';
+import { RuntimeParameterProvider } from '../../runtime-parameter/runtime-parameter-provider.js';
+import { StoredRuntimeParameter } from '../../runtime-parameter/stored-runtime-parameter.js';
+import { DynamoRatchet } from '../dynamo-ratchet.js';
+import { RequireRatchet } from '@bitblit/ratchet-common/lang/require-ratchet';
+import { Logger } from '@bitblit/ratchet-common/logger/logger';
+
+export class DynamoRuntimeParameterProvider implements RuntimeParameterProvider {
+  constructor(
+    private dynamo: DynamoRatchet,
+    private tableName: string,
+  ) {
+    RequireRatchet.notNullOrUndefined(this.dynamo);
+    RequireRatchet.notNullOrUndefined(this.tableName);
+  }
+
+  public async readParameter(groupId: string, paramKey: string): Promise<StoredRuntimeParameter> {
+    Logger.silly('Reading %s / %s from underlying db', groupId, paramKey);
+    const req: any = {
+      groupId: groupId,
+      paramKey: paramKey,
+    };
+    const rval: StoredRuntimeParameter = await this.dynamo.simpleGet<StoredRuntimeParameter>(this.tableName, req);
+    return rval;
+  }
+
+  public async readAllParametersForGroup(groupId: string): Promise<StoredRuntimeParameter[]> {
+    const qry: QueryCommandInput = {
+      TableName: this.tableName,
+      KeyConditionExpression: 'groupId = :groupId',
+      ExpressionAttributeValues: {
+        ':groupId': groupId,
+      },
+    };
+
+    const all: StoredRuntimeParameter[] = await this.dynamo.fullyExecuteQuery<StoredRuntimeParameter>(qry);
+    return all;
+  }
+
+  public async writeParameter(toStore: StoredRuntimeParameter): Promise<boolean> {
+    const rval: PutCommandOutput = await this.dynamo.simplePut(this.tableName, toStore);
+    return !!rval;
+  }
+}

package/src/ec2/ec2-ratchet.spec.ts

@@ -0,0 +1,45 @@
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+import { Logger } from '@bitblit/ratchet-common/logger/logger';
+import { Ec2Ratchet } from './ec2-ratchet.js';
+import { SendSSHPublicKeyResponse } from '@aws-sdk/client-ec2-instance-connect';
+import { Instance } from '@aws-sdk/client-ec2';
+import { describe, expect, test } from 'vitest';
+
+describe('#EC2Ratchet', function () {
+  test.skip('should send a public key', async () => {
+    const ratchet: Ec2Ratchet = new Ec2Ratchet();
+    const instId: string = 'i-replace_me';
+    const pubKey: string = fs.readFileSync(path.join(os.homedir(), '.ssh/id_rsa.pub')).toString();
+
+    const res: SendSSHPublicKeyResponse = await ratchet.sendPublicKeyToEc2Instance(instId, pubKey);
+
+    Logger.info('Got : %j', res);
+    expect(res).toBeTruthy();
+  });
+
+  test.skip('should list instances', async () => {
+    const ratchet: Ec2Ratchet = new Ec2Ratchet();
+
+    const res: Instance[] = await ratchet.listAllInstances();
+
+    Logger.info('Got : %j', res);
+    expect(res).toBeTruthy();
+    expect(res.length).toBeGreaterThan(1);
+  });
+
+  test.skip('should start and stop an instance', async () => {
+    const ratchet: Ec2Ratchet = new Ec2Ratchet();
+
+    const instId: string = 'i-replace_me';
+
+    Logger.info('First start');
+    await ratchet.launchInstance(instId, 1000 * 60);
+
+    Logger.info('Next stop');
+    await ratchet.stopInstance(instId, 1000 * 60);
+
+    Logger.info('Complete');
+  });
+});

package/src/ec2/ec2-ratchet.ts

@@ -0,0 +1,169 @@
+import {
+  DescribeInstancesCommand,
+  DescribeInstancesCommandInput,
+  DescribeInstancesCommandOutput,
+  EC2Client,
+  Instance,
+  StartInstancesCommand,
+  StartInstancesCommandInput,
+  StopInstancesCommand,
+  StopInstancesCommandInput,
+} from '@aws-sdk/client-ec2';
+import {
+  EC2InstanceConnectClient,
+  SendSSHPublicKeyCommand,
+  SendSSHPublicKeyCommandInput,
+  SendSSHPublicKeyCommandOutput,
+} from '@aws-sdk/client-ec2-instance-connect';
+import { Logger } from '@bitblit/ratchet-common/logger/logger';
+import { PromiseRatchet } from '@bitblit/ratchet-common/lang/promise-ratchet';
+import { DurationRatchet } from '@bitblit/ratchet-common/lang/duration-ratchet';
+
+/**
+ * Service to simplify interacting with EC2 instances
+ *
+ * NOTE!  If you are going to describe instances, you MUST use resource: '*' in your
+ * IAM priv - any other value will fail.  See
+ * https://forums.aws.amazon.com/thread.jspa?threadID=142312 and
+ * https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-policies-for-amazon-ec2.html
+ *
+ *
+ * Really should combine start and stop below
+ */
+export class Ec2Ratchet {
+  private ec2: EC2Client;
+  private ec2InstanceConnect: EC2InstanceConnectClient;
+
+  constructor(
+    private region: string = 'us-east-1',
+    private availabilityZone: string = 'us-east-1a',
+  ) {
+    this.ec2 = new EC2Client({ region: region });
+    this.ec2InstanceConnect = new EC2InstanceConnectClient({ region: region });
+  }
+  public get eC2Client(): EC2Client {
+    return this.ec2;
+  }
+
+  public get eC2InstanceConnectClient(): EC2InstanceConnectClient {
+    return this.ec2InstanceConnect;
+  }
+
+  public async stopInstance(instanceId: string, maxWaitForShutdownMS: number = 0): Promise<boolean> {
+    let rval: boolean = true;
+
+    try {
+      const stopParams: StopInstancesCommandInput = {
+        InstanceIds: [instanceId],
+        DryRun: false,
+      };
+
+      Logger.info('About to stop instances : %j', stopParams);
+      await this.ec2.send(new StopInstancesCommand(stopParams));
+      Logger.info('Stop instance command sent, waiting on shutdown');
+      let status: Instance = await this.describeInstance(instanceId);
+
+      if (maxWaitForShutdownMS > 0) {
+        const start: number = new Date().getTime();
+        while (!!status && status.State.Code !== 16 && new Date().getTime() - start < maxWaitForShutdownMS) {
+          Logger.debug(
+            'Instance status is %j - waiting for 5 seconds (up to %s)',
+            status.State,
+            DurationRatchet.formatMsDuration(maxWaitForShutdownMS),
+          );
+          await PromiseRatchet.wait(5000);
+          status = await this.describeInstance(instanceId);
+        }
+      }
+    } catch (err) {
+      Logger.error('Failed to stop instance %s : %s', instanceId, err, err);
+      rval = false;
+    }
+    return rval;
+  }
+
+  public async launchInstance(instanceId: string, maxWaitForStartupMS: number = 0): Promise<boolean> {
+    let rval: boolean = true;
+
+    try {
+      const startParams: StartInstancesCommandInput = {
+        InstanceIds: [instanceId],
+        DryRun: false,
+      };
+
+      // const result: StartInstancesResult =
+      Logger.info('About to start instance : %j', startParams);
+      await this.ec2.send(new StartInstancesCommand(startParams));
+      Logger.info('Start instance command sent, waiting on startup');
+      let status: Instance = await this.describeInstance(instanceId);
+
+      if (maxWaitForStartupMS > 0) {
+        const start: number = new Date().getTime();
+        while (!!status && status.State.Code !== 16 && new Date().getTime() - start < maxWaitForStartupMS) {
+          Logger.debug(
+            'Instance status is %j - waiting for 5 seconds (up to %s)',
+            status.State,
+            DurationRatchet.formatMsDuration(maxWaitForStartupMS),
+          );
+          await PromiseRatchet.wait(5000);
+          status = await this.describeInstance(instanceId);
+        }
+      }
+
+      if (!!status && !!status.PublicIpAddress) {
+        Logger.info('Instance address is %s', status.PublicIpAddress);
+        Logger.info('SSH command : ssh -i path_to_pem_file ec2-user@%s', status.PublicIpAddress);
+      }
+    } catch (err) {
+      Logger.error('Failed to start instance %s : %s', instanceId, err, err);
+      rval = false;
+    }
+    return rval;
+  }
+
+  public async describeInstance(instanceId: string): Promise<Instance> {
+    const res: Instance[] = await this.listAllInstances([instanceId]);
+    return res.length === 1 ? res[0] : null;
+  }
+
+  public async listAllInstances(instanceIds: string[] = []): Promise<Instance[]> {
+    let rval: Instance[] = [];
+
+    const req: DescribeInstancesCommandInput = {
+      NextToken: null,
+    };
+
+    if (instanceIds && instanceIds.length > 0) {
+      req.InstanceIds = instanceIds;
+    }
+
+    do {
+      Logger.debug('Pulling instances... (%j)', req);
+      const res: DescribeInstancesCommandOutput = await this.ec2.send(new DescribeInstancesCommand(req));
+      res.Reservations.forEach((r) => {
+        rval = rval.concat(r.Instances);
+      });
+      req.NextToken = res.NextToken;
+    } while (req.NextToken);
+
+    Logger.debug('Finished pulling instances (found %d)', rval.length);
+    return rval;
+  }
+
+  public async sendPublicKeyToEc2Instance(
+    instanceId: string,
+    publicKeyString: string,
+    instanceOsUser?: string,
+  ): Promise<SendSSHPublicKeyCommandOutput> {
+    const userName: string = instanceOsUser || 'ec2-user';
+    const req: SendSSHPublicKeyCommandInput = {
+      InstanceId: instanceId,
+      AvailabilityZone: this.availabilityZone,
+      InstanceOSUser: userName,
+      SSHPublicKey: publicKeyString,
+    };
+
+    const rval: SendSSHPublicKeyCommandOutput = await this.ec2InstanceConnect.send(new SendSSHPublicKeyCommand(req));
+    return rval;
+  }
+}

package/src/ecr/ecr-unused-image-cleaner-options.ts

@@ -0,0 +1,9 @@
+import { UsedImageFinder } from './used-image-finder.js';
+
+export interface EcrUnusedImageCleanerOptions {
+  usedImageFinders: UsedImageFinder[]; // List of objects that will find in-use images that should not be removed
+
+  dryRun?: boolean;
+  repositoriesToPurge?: string[]; // If set, only process these repos
+  minimumAgeInDays?: number; // If set, don't remove anything younger than this
+}

package/src/ecr/ecr-unused-image-cleaner-output.ts

@@ -0,0 +1,8 @@
+import { EcrUnusedImageCleanerRepositoryOutput } from './ecr-unused-image-cleaner-repository-output.js';
+import { EcrUnusedImageCleanerOptions } from './ecr-unused-image-cleaner-options.js';
+
+export interface EcrUnusedImageCleanerOutput {
+  registryId: string;
+  repositories: EcrUnusedImageCleanerRepositoryOutput[];
+  options: EcrUnusedImageCleanerOptions;
+}

package/src/ecr/ecr-unused-image-cleaner-repository-output.ts

@@ -0,0 +1,10 @@
+import { ImageDetail, Repository } from '@aws-sdk/client-ecr';
+import { RetainedImageDescriptor } from './retained-image-descriptor.js';
+
+export interface EcrUnusedImageCleanerRepositoryOutput {
+  repository: Repository;
+  purged: ImageDetail[];
+  retained: RetainedImageDescriptor[];
+
+  totalBytesRecovered: number;
+}

package/src/ecr/ecr-unused-image-cleaner.spec.ts

@@ -0,0 +1,40 @@
+import { Logger } from '@bitblit/ratchet-common/logger/logger';
+import { EcrUnusedImageCleaner } from './ecr-unused-image-cleaner.js';
+import { ECRClient } from '@aws-sdk/client-ecr';
+import { AwsCredentialsRatchet } from '../iam/aws-credentials-ratchet.js';
+import { LambdaUsedImageFinder } from './used-image-finders/lambda-used-image-finder.js';
+import { LambdaClient } from '@aws-sdk/client-lambda';
+import { AwsBatchUsedImageFinder } from './used-image-finders/aws-batch-used-image-finder.js';
+import { BatchClient } from '@aws-sdk/client-batch';
+import { EcrUnusedImageCleanerOutput } from './ecr-unused-image-cleaner-output.js';
+import { describe, expect, test } from 'vitest';
+
+//import { mockClient } from 'aws-sdk-client-mock';
+//import { ECRClient } from "@aws-sdk/client-ecr";
+
+//let mockEcr;
+
+describe('#ecrUnusedImageCleaner', function () {
+  /*
+  mockEcr = mockClient(ECRClient);
+
+  beforeEach(() => {
+    mockEcr.reset();
+  });
+
+   */
+
+  test.skip('should run the cleaner', async () => {
+    Logger.info('Testing cleaner');
+    AwsCredentialsRatchet.applySetProfileEnvironmentalVariable('your-profile-here');
+    const cleaner: EcrUnusedImageCleaner = new EcrUnusedImageCleaner(new ECRClient({ region: 'us-east-1' }));
+    const output: EcrUnusedImageCleanerOutput = await cleaner.performCleaning({
+      dryRun: true,
+      usedImageFinders: [
+        new LambdaUsedImageFinder(new LambdaClient({ region: 'us-east-1' })),
+        new AwsBatchUsedImageFinder(new BatchClient({ region: 'us-east-1' })),
+      ],
+    });
+    expect(output).not.toBeNull();
+  }, 300_000_000);
+});

package/src/ecr/ecr-unused-image-cleaner.ts

@@ -0,0 +1,183 @@
+import {
+  BatchDeleteImageCommand,
+  BatchDeleteImageCommandInput,
+  BatchDeleteImageCommandOutput,
+  DescribeImagesCommand,
+  DescribeImagesCommandInput,
+  DescribeImagesResponse,
+  DescribeRegistryCommand,
+  DescribeRegistryResponse,
+  DescribeRepositoriesCommand,
+  DescribeRepositoriesCommandInput,
+  DescribeRepositoriesResponse,
+  ECRClient,
+  ImageDetail,
+  Repository,
+} from '@aws-sdk/client-ecr';
+import { RequireRatchet } from '@bitblit/ratchet-common/lang/require-ratchet';
+import { Logger } from '@bitblit/ratchet-common/logger/logger';
+import { StringRatchet } from '@bitblit/ratchet-common/lang/string-ratchet';
+import { EcrUnusedImageCleanerOptions } from './ecr-unused-image-cleaner-options.js';
+import { UsedImageFinder } from './used-image-finder.js';
+import { EcrUnusedImageCleanerRepositoryOutput } from './ecr-unused-image-cleaner-repository-output.js';
+import { RetainedImageDescriptor } from './retained-image-descriptor.js';
+import { RetainedImageReason } from './retained-image-reason.js';
+import { EcrUnusedImageCleanerOutput } from './ecr-unused-image-cleaner-output.js';
+
+export class EcrUnusedImageCleaner {
+  // Do not delete images that are not at least this many days old.
+  private static readonly ECR_IMAGE_MINIMUM_AGE_DAYS: number = 60;
+
+  // Do not delete images if it would bring the total image count below this number.
+  private static readonly ECR_REPOSITORY_MINIMUM_IMAGE_COUNT: number = 600;
+
+  constructor(private ecr: ECRClient) {
+    RequireRatchet.notNullOrUndefined(ecr, 'ecr');
+  }
+
+  public async findAllUsedImages(finders: UsedImageFinder[]): Promise<string[]> {
+    const rval: Set<string> = new Set<string>();
+    for (const fnd of finders) {
+      //for (let i = 0; i < finders.length; i++) {
+      const next: string[] = await fnd.findUsedImageUris();
+      next.forEach((s) => rval.add(s));
+    }
+    return Array.from(rval);
+  }
+
+  public async performCleaning(opts: EcrUnusedImageCleanerOptions): Promise<EcrUnusedImageCleanerOutput> {
+    Logger.info('Starting cleaning with options : %j', opts);
+
+    Logger.info('Finding in-use images');
+    const usedImagesUris: string[] = await this.findAllUsedImages(opts.usedImageFinders || []);
+    const usedImageTags: string[] = usedImagesUris.map((s) => s.substring(s.lastIndexOf(':') + 1));
+    Logger.info('Found %d images in use: %j', usedImageTags.length, usedImageTags);
+
+    const regId: string = await this.fetchRegistryId();
+    Logger.info('Processing registry %s', regId);
+    const repos: Repository[] = await this.fetchAllRepositoryDescriptors(regId);
+    Logger.info('Found repos : %j', repos);
+
+    const cleaned: EcrUnusedImageCleanerRepositoryOutput[] = [];
+    for (let i = 0; i < repos.length; i++) {
+      Logger.info('Processing repo %d of %d', i, repos.length);
+      try {
+        const next = await this.cleanRepository(repos[i], usedImageTags, opts);
+        cleaned.push(next);
+      } catch (err) {
+        Logger.error('Failed to process repo : %j : %s', repos[i], err, err);
+      }
+    }
+
+    const rval: EcrUnusedImageCleanerOutput = {
+      registryId: regId,
+      repositories: cleaned,
+      options: opts,
+    };
+    return rval;
+  }
+
+  public async cleanRepository(
+    repo: Repository,
+    usedImageTags: string[],
+    opts: EcrUnusedImageCleanerOptions,
+  ): Promise<EcrUnusedImageCleanerRepositoryOutput> {
+    Logger.info('Cleaning repository: %j', repo);
+
+    const images: ImageDetail[] = await this.fetchAllImageDescriptors(repo);
+    Logger.info('Found images: %d : %j', images.length, images);
+
+    const toPurge: ImageDetail[] = [];
+    const toKeep: RetainedImageDescriptor[] = [];
+    images.forEach((i) => {
+      const matches: boolean[] = usedImageTags.map((tag) => i.imageTags.includes(tag));
+      const anyMatch: boolean = matches.find((s) => s);
+      if (anyMatch) {
+        toKeep.push({ image: i, reason: RetainedImageReason.InUse });
+      } else {
+        toPurge.push(i);
+      }
+    });
+
+    Logger.info('Found %d to purge and %d to keep', toPurge.length, toKeep.length);
+
+    const totalBytes: number = toPurge.map((p) => p.imageSizeInBytes).reduce((a, i) => a + i, 0);
+    Logger.info('Found %s total bytes to purge : %d', StringRatchet.formatBytes(totalBytes), totalBytes);
+
+    const purgeCmd: BatchDeleteImageCommandInput = {
+      registryId: repo.registryId,
+      repositoryName: repo.repositoryName,
+      imageIds: toPurge.map((p) => {
+        return { imageDigest: p.imageDigest, imageTag: p.imageTags[0] };
+      }),
+    };
+
+    Logger.info('Purge command : %j', purgeCmd);
+
+    if (opts.dryRun) {
+      Logger.info('Dry run specd, stopping');
+    } else {
+      if (purgeCmd.imageIds.length > 0) {
+        Logger.info('Purging unused images');
+        const output: BatchDeleteImageCommandOutput = await this.ecr.send(new BatchDeleteImageCommand(purgeCmd));
+        Logger.info('Response was : %j', output);
+      } else {
+        Logger.info('Skipping - nothing to purge in this repo');
+      }
+    }
+
+    const rval: EcrUnusedImageCleanerRepositoryOutput = {
+      repository: repo,
+      purged: toPurge,
+      retained: toKeep,
+
+      totalBytesRecovered: totalBytes,
+    };
+    return rval;
+  }
+
+  public async fetchAllImageDescriptors(repo: Repository): Promise<ImageDetail[]> {
+    RequireRatchet.notNullOrUndefined(repo, 'repo');
+    let rval: ImageDetail[] = [];
+    const cmd: DescribeImagesCommandInput = {
+      registryId: repo.registryId,
+      repositoryName: repo.repositoryName,
+    };
+    let resp: DescribeImagesResponse = null;
+
+    do {
+      resp = await this.ecr.send(new DescribeImagesCommand(cmd));
+      rval = rval.concat(resp.imageDetails);
+      cmd.nextToken = resp.nextToken;
+    } while (StringRatchet.trimToNull(cmd.nextToken));
+
+    return rval;
+  }
+
+  public async fetchAllRepositoryDescriptors(registryId: string): Promise<Repository[]> {
+    let rval: Repository[] = [];
+    const cmd: DescribeRepositoriesCommandInput = {
+      registryId: registryId,
+    };
+    let resp: DescribeRepositoriesResponse = null;
+
+    do {
+      resp = await this.ecr.send(new DescribeRepositoriesCommand(cmd));
+      rval = rval.concat(resp.repositories);
+      cmd.nextToken = resp.nextToken;
+    } while (StringRatchet.trimToNull(cmd.nextToken));
+
+    return rval;
+  }
+
+  public async fetchAllRepositoryNames(registryId: string): Promise<string[]> {
+    const resps: Repository[] = await this.fetchAllRepositoryDescriptors(registryId);
+    const rval: string[] = resps.map((r) => r.repositoryName);
+    return rval;
+  }
+
+  private async fetchRegistryId(): Promise<string> {
+    const response: DescribeRegistryResponse = await this.ecr.send(new DescribeRegistryCommand({}));
+    return response.registryId;
+  }
+}

package/src/ecr/retained-image-descriptor.ts

@@ -0,0 +1,7 @@
+import { ImageDetail } from '@aws-sdk/client-ecr';
+import { RetainedImageReason } from './retained-image-reason.js';
+
+export interface RetainedImageDescriptor {
+  image: ImageDetail;
+  reason: RetainedImageReason;
+}

package/src/ecr/retained-image-reason.ts

@@ -0,0 +1,4 @@
+export enum RetainedImageReason {
+  InUse = 'InUse',
+  MinimumAge = 'MinimumAge',
+}

package/src/ecr/used-image-finder.ts

@@ -0,0 +1,6 @@
+/**
+ * Classes implementing this interface are able to find image ids that are currently in use
+ */
+export interface UsedImageFinder {
+  findUsedImageUris(): Promise<string[]>;
+}

package/src/ecr/used-image-finders/aws-batch-used-image-finder.ts

@@ -0,0 +1,40 @@
+import { UsedImageFinder } from '../used-image-finder.js';
+
+import { RequireRatchet } from '@bitblit/ratchet-common/lang/require-ratchet';
+import { Logger } from '@bitblit/ratchet-common/logger/logger';
+import { StringRatchet } from '@bitblit/ratchet-common/lang/string-ratchet';
+import {
+  BatchClient,
+  DescribeJobDefinitionsCommand,
+  DescribeJobDefinitionsCommandInput,
+  DescribeJobDefinitionsCommandOutput,
+  JobDefinition,
+} from '@aws-sdk/client-batch';
+
+export class AwsBatchUsedImageFinder implements UsedImageFinder {
+  constructor(private batch: BatchClient) {
+    RequireRatchet.notNullOrUndefined(batch, 'batch');
+  }
+  public async findUsedImageUris(): Promise<string[]> {
+    const jobs: JobDefinition[] = await this.listAllJobDefinitions(false);
+    Logger.info('Found %d jobs', jobs.length);
+    const tmp: string[] = jobs.map((j) => j.containerProperties.image).filter((s) => StringRatchet.trimToNull(s));
+    const rval: string[] = Array.from(new Set<string>(tmp)); // remove dups
+    return rval;
+  }
+
+  public async listAllJobDefinitions(includeInactive?: boolean): Promise<JobDefinition[]> {
+    let rval: JobDefinition[] = [];
+    const request: DescribeJobDefinitionsCommandInput = {
+      nextToken: null,
+      status: includeInactive ? undefined : 'ACTIVE',
+    };
+    do {
+      const tmp: DescribeJobDefinitionsCommandOutput = await this.batch.send(new DescribeJobDefinitionsCommand(request));
+      rval = rval.concat(tmp.jobDefinitions);
+      request.nextToken = tmp.nextToken;
+    } while (request.nextToken);
+
+    return rval;
+  }
+}