From 8a397a7246c7faf29e3625ce1dadacaa4a2d5589 Mon Sep 17 00:00:00 2001 From: David Mattia <8922077+dmattia@users.noreply.github.com> Date: Thu, 2 Jul 2020 22:39:14 -0500 Subject: [PATCH] Allow disabling lifecycle hooks (#53) * Allow disabling lifecycle hooks * Updated README.md Co-authored-by: dmattia Co-authored-by: PePe Amengual Co-authored-by: actions-bot <58130806+actions-bot@users.noreply.github.com> --- README.md | 62 +++++++++++++++++++++++++++++------------------ docs/terraform.md | 60 ++++++++++++++++++++++++++++----------------- main.tf | 2 +- variables.tf | 7 ++++++ 4 files changed, 85 insertions(+), 46 deletions(-) diff --git a/README.md b/README.md index 71f3350..f1311ce 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ [![Cloud Posse][logo]](https://cpco.io/homepage) -# terraform-aws-ecr [![Codefresh Build Status](https://g.codefresh.io/api/badges/pipeline/cloudposse/terraform-modules%2Fterraform-aws-ecr?type=cf-1)](https://g.codefresh.io/public/accounts/cloudposse/pipelines/5d182cb1ac440444a6c0082b) [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-ecr.svg)](https://github.com/cloudposse/terraform-aws-ecr/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) +# terraform-aws-ecr [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-ecr.svg)](https://github.com/cloudposse/terraform-aws-ecr/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) Terraform module to provision an [`AWS ECR Docker Container registry`](https://aws.amazon.com/ecr/). @@ -137,36 +137,52 @@ Available targets: lint Lint terraform code ``` +## Requirements + +| Name | Version | +|------|---------| +| terraform | ~> 0.12.0 | +| aws | ~> 2.34 | +| local | ~> 1.2 | +| template | ~> 2.0 | + +## Providers + +| Name | Version | +|------|---------| +| aws | ~> 2.34 | + ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| attributes | Additional attributes (e.g. `policy` or `role`) | list(string) | `` | no | -| delimiter | Delimiter to be used between `name`, `namespace`, `stage`, etc. | string | `-` | no | -| enabled | Set to false to prevent the module from creating any resources | bool | `true` | no | -| image_names | List of Docker local image names, used as repository names for AWS ECR | list(string) | `` | no | -| image_tag_mutability | The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE` | string | `MUTABLE` | no | -| max_image_count | How many Docker Image versions AWS ECR will store | string | `500` | no | -| name | The Name of the application or solution (e.g. `bastion` or `portal`) | string | - | yes | -| namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no | -| principals_full_access | Principal ARNs to provide with full access to the ECR | list(string) | `` | no | -| principals_readonly_access | Principal ARNs to provide with readonly access to the ECR | list(string) | `` | no | -| regex_replace_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`. By default only letters, digits, dash, slash, and underscore are allowed, all other chars are removed | string | `/[^a-z/A-Z_0-9-]/` | no | -| scan_images_on_push | Indicates whether images are scanned after being pushed to the repository (true) or not (false) | bool | `false` | no | -| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no | -| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')`) | map(string) | `` | no | -| use_fullname | Set 'true' to use `namespace-stage-name` for ecr repository name, else `name` | bool | `true` | no | +|------|-------------|------|---------|:--------:| +| attributes | Additional attributes (e.g. `policy` or `role`) | `list(string)` | `[]` | no | +| delimiter | Delimiter to be used between `name`, `namespace`, `stage`, etc. | `string` | `"-"` | no | +| enable\_lifecycle\_policy | Set to false to prevent the module from adding any lifecycle policies to any repositories | `bool` | `true` | no | +| enabled | Set to false to prevent the module from creating any resources | `bool` | `true` | no | +| image\_names | List of Docker local image names, used as repository names for AWS ECR | `list(string)` | `[]` | no | +| image\_tag\_mutability | The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"MUTABLE"` | no | +| max\_image\_count | How many Docker Image versions AWS ECR will store | `number` | `500` | no | +| name | The Name of the application or solution (e.g. `bastion` or `portal`) | `string` | n/a | yes | +| namespace | Namespace (e.g. `eg` or `cp`) | `string` | `""` | no | +| principals\_full\_access | Principal ARNs to provide with full access to the ECR | `list(string)` | `[]` | no | +| principals\_readonly\_access | Principal ARNs to provide with readonly access to the ECR | `list(string)` | `[]` | no | +| regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`. By default only letters, digits, dash, slash, and underscore are allowed, all other chars are removed | `string` | `"/[^a-z/A-Z_0-9-]/"` | no | +| scan\_images\_on\_push | Indicates whether images are scanned after being pushed to the repository (true) or not (false) | `bool` | `false` | no | +| stage | Stage (e.g. `prod`, `dev`, `staging`) | `string` | `""` | no | +| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')`) | `map(string)` | `{}` | no | +| use\_fullname | Set 'true' to use `namespace-stage-name` for ecr repository name, else `name` | `bool` | `true` | no | ## Outputs | Name | Description | |------|-------------| -| registry_id | Registry ID | -| repository_arn | ARN of first repository created | -| repository_arn_map | Map of repository names to repository ARNs | -| repository_name | Name of first repository created | -| repository_url | URL of first repository created | -| repository_url_map | Map of repository names to repository URLs | +| registry\_id | Registry ID | +| repository\_arn | ARN of first repository created | +| repository\_arn\_map | Map of repository names to repository ARNs | +| repository\_name | Name of first repository created | +| repository\_url | URL of first repository created | +| repository\_url\_map | Map of repository names to repository URLs | diff --git a/docs/terraform.md b/docs/terraform.md index 073be8c..3bbc68d 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -1,31 +1,47 @@ +## Requirements + +| Name | Version | +|------|---------| +| terraform | ~> 0.12.0 | +| aws | ~> 2.34 | +| local | ~> 1.2 | +| template | ~> 2.0 | + +## Providers + +| Name | Version | +|------|---------| +| aws | ~> 2.34 | + ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| attributes | Additional attributes (e.g. `policy` or `role`) | list(string) | `` | no | -| delimiter | Delimiter to be used between `name`, `namespace`, `stage`, etc. | string | `-` | no | -| enabled | Set to false to prevent the module from creating any resources | bool | `true` | no | -| image_names | List of Docker local image names, used as repository names for AWS ECR | list(string) | `` | no | -| image_tag_mutability | The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE` | string | `MUTABLE` | no | -| max_image_count | How many Docker Image versions AWS ECR will store | string | `500` | no | -| name | The Name of the application or solution (e.g. `bastion` or `portal`) | string | - | yes | -| namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no | -| principals_full_access | Principal ARNs to provide with full access to the ECR | list(string) | `` | no | -| principals_readonly_access | Principal ARNs to provide with readonly access to the ECR | list(string) | `` | no | -| regex_replace_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`. By default only letters, digits, dash, slash, and underscore are allowed, all other chars are removed | string | `/[^a-z/A-Z_0-9-]/` | no | -| scan_images_on_push | Indicates whether images are scanned after being pushed to the repository (true) or not (false) | bool | `false` | no | -| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no | -| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')`) | map(string) | `` | no | -| use_fullname | Set 'true' to use `namespace-stage-name` for ecr repository name, else `name` | bool | `true` | no | +|------|-------------|------|---------|:--------:| +| attributes | Additional attributes (e.g. `policy` or `role`) | `list(string)` | `[]` | no | +| delimiter | Delimiter to be used between `name`, `namespace`, `stage`, etc. | `string` | `"-"` | no | +| enable\_lifecycle\_policy | Set to false to prevent the module from adding any lifecycle policies to any repositories | `bool` | `true` | no | +| enabled | Set to false to prevent the module from creating any resources | `bool` | `true` | no | +| image\_names | List of Docker local image names, used as repository names for AWS ECR | `list(string)` | `[]` | no | +| image\_tag\_mutability | The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"MUTABLE"` | no | +| max\_image\_count | How many Docker Image versions AWS ECR will store | `number` | `500` | no | +| name | The Name of the application or solution (e.g. `bastion` or `portal`) | `string` | n/a | yes | +| namespace | Namespace (e.g. `eg` or `cp`) | `string` | `""` | no | +| principals\_full\_access | Principal ARNs to provide with full access to the ECR | `list(string)` | `[]` | no | +| principals\_readonly\_access | Principal ARNs to provide with readonly access to the ECR | `list(string)` | `[]` | no | +| regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`. By default only letters, digits, dash, slash, and underscore are allowed, all other chars are removed | `string` | `"/[^a-z/A-Z_0-9-]/"` | no | +| scan\_images\_on\_push | Indicates whether images are scanned after being pushed to the repository (true) or not (false) | `bool` | `false` | no | +| stage | Stage (e.g. `prod`, `dev`, `staging`) | `string` | `""` | no | +| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')`) | `map(string)` | `{}` | no | +| use\_fullname | Set 'true' to use `namespace-stage-name` for ecr repository name, else `name` | `bool` | `true` | no | ## Outputs | Name | Description | |------|-------------| -| registry_id | Registry ID | -| repository_arn | ARN of first repository created | -| repository_arn_map | Map of repository names to repository ARNs | -| repository_name | Name of first repository created | -| repository_url | URL of first repository created | -| repository_url_map | Map of repository names to repository URLs | +| registry\_id | Registry ID | +| repository\_arn | ARN of first repository created | +| repository\_arn\_map | Map of repository names to repository ARNs | +| repository\_name | Name of first repository created | +| repository\_url | URL of first repository created | +| repository\_url\_map | Map of repository names to repository URLs | diff --git a/main.tf b/main.tf index 647afe6..986b0b6 100755 --- a/main.tf +++ b/main.tf @@ -34,7 +34,7 @@ resource "aws_ecr_repository" "name" { } resource "aws_ecr_lifecycle_policy" "name" { - for_each = toset(var.enabled ? local.image_names : []) + for_each = toset(var.enabled && var.enable_lifecycle_policy ? local.image_names : []) repository = aws_ecr_repository.name[each.value].name policy = <