Skip to content

Commit

Permalink
Merge pull request #13 from geekcell/feat/add-kms-functionality
Browse files Browse the repository at this point in the history
feat: Add KMS functionality
  • Loading branch information
ckappen authored Jul 2, 2024
2 parents dcff901 + f9adb38 commit a37fc01
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 13 deletions.
10 changes: 6 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -55,8 +55,10 @@ benefits of a lifecycle policy, all with just a few simple commands. Try it out

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_encryption_type"></a> [encryption\_type](#input\_encryption\_type) | The encryption type to use for the repository. | `string` | `"AES256"` | no |
| <a name="input_force_delete"></a> [force\_delete](#input\_force\_delete) | Delete the repository even if it contains images. | `bool` | `false` | no |
| <a name="input_image_tag_mutability"></a> [image\_tag\_mutability](#input\_image\_tag\_mutability) | The tag mutability setting for the repository. | `string` | `"MUTABLE"` | no |
| <a name="input_kms_key"></a> [kms\_key](#input\_kms\_key) | The ARN of the KMS key to use for encryption. | `string` | `null` | no |
| <a name="input_lifecycle_rules"></a> [lifecycle\_rules](#input\_lifecycle\_rules) | Lifecycle policy rules for expiring images. | <pre>list(object({<br> description = optional(string)<br> tag_status = optional(string)<br> tag_prefix_list = optional(list(string))<br> count_type = string<br> count_unit = optional(string)<br> count_number = number<br> }))</pre> | <pre>[<br> {<br> "count_number": 30,<br> "count_type": "imageCountMoreThan",<br> "description": "Keep the last 30 tagged images",<br> "tag_prefix_list": [<br> "sha"<br> ],<br> "tag_status": "tagged"<br> },<br> {<br> "count_number": 10,<br> "count_type": "sinceImagePushed",<br> "count_unit": "days",<br> "description": "Expire untagged images older than 10 days",<br> "tag_status": "untagged"<br> }<br>]</pre> | no |
| <a name="input_name"></a> [name](#input\_name) | Name of the ECR repository. | `string` | n/a | yes |
| <a name="input_policy"></a> [policy](#input\_policy) | Repository policy document in JSON format. | `string` | `null` | no |
Expand All @@ -80,16 +82,16 @@ benefits of a lifecycle policy, all with just a few simple commands. Try it out

## Resources

- resource.aws_ecr_lifecycle_policy.main (main.tf#38)
- resource.aws_ecr_lifecycle_policy.main (main.tf#43)
- resource.aws_ecr_repository.main (main.tf#19)
- resource.aws_ecr_repository_policy.main (main.tf#31)
- data source.jq_query.main (main.tf#47)
- resource.aws_ecr_repository_policy.main (main.tf#36)
- data source.jq_query.main (main.tf#52)

# Examples
### Full
```hcl
module "basic_example" {
source = "../../"
source = "../.."
name = var.name
}
Expand Down
2 changes: 1 addition & 1 deletion examples/basic-example/main.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
module "basic_example" {
source = "../../"
source = "../.."

name = var.name
}
5 changes: 5 additions & 0 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,11 @@ resource "aws_ecr_repository" "main" {
image_tag_mutability = var.image_tag_mutability
force_delete = var.force_delete

encryption_configuration {
encryption_type = var.encryption_type
kms_key = var.kms_key
}

image_scanning_configuration {
scan_on_push = var.scan_on_push
}
Expand Down
28 changes: 20 additions & 8 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -11,26 +11,26 @@ variable "tags" {
}

## REPOSITORY
variable "encryption_type" {
description = "The encryption type to use for the repository."
default = "AES256"
type = string
}

variable "image_tag_mutability" {
description = "The tag mutability setting for the repository."
default = "MUTABLE"
type = string
}

variable "scan_on_push" {
description = "Indicates whether images are scanned after being pushed to the repository."
default = true
type = bool
}

variable "force_delete" {
description = "Delete the repository even if it contains images."
default = false
type = bool
}

variable "policy" {
description = "Repository policy document in JSON format."
variable "kms_key" {
description = "The ARN of the KMS key to use for encryption."
default = null
type = string
}
Expand Down Expand Up @@ -62,3 +62,15 @@ variable "lifecycle_rules" {
count_number = number
}))
}

variable "policy" {
description = "Repository policy document in JSON format."
default = null
type = string
}

variable "scan_on_push" {
description = "Indicates whether images are scanned after being pushed to the repository."
default = true
type = bool
}

0 comments on commit a37fc01

Please # to comment.