Summary

jx-registry has a feature to ensure AWS ECR repository policy is set. However, the policy does not update or is not being set consistently.

Expected behavior

When ECR repository policy does not exist or it differs from the policy supplied to the invocation of jx-registry, the policy is always added or updated respectively.

Actual behavior

ECR repository policy is only added or updated either when the repository did not previously exist, the repository did not have a lifecycle policy or when CREATE_ECR_LIFECYCLE_POLICY is disabled.

Comment

Notably, the actions related to, settings of or state of the lifecycle policy affects actions related to the repository policy.