From 68c1a1bd391691af87acc36c2d75129d852ebcf6 Mon Sep 17 00:00:00 2001 From: Ezbon Jacob Date: Fri, 13 Aug 2021 17:21:45 -0400 Subject: [PATCH 1/2] feat: expose ecr scan variables --- modules/docker-build/README.md | 6 ++++-- modules/docker-build/main.tf | 6 +++++- modules/docker-build/variables.tf | 13 +++++++++++++ 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index b2c33207..5122a709 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -47,8 +47,8 @@ module "docker_image" { | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.35 | -| [docker](#provider\_docker) | >= 2.8.0 | +| [aws](#provider\_aws) | 3.54.0 | +| [docker](#provider\_docker) | 2.15.0 | ## Modules @@ -72,6 +72,8 @@ No modules. | [docker\_file\_path](#input\_docker\_file\_path) | Path to Dockerfile in source package | `string` | `"Dockerfile"` | no | | [ecr\_repo](#input\_ecr\_repo) | Name of ECR repository to use or to create | `string` | `null` | no | | [image\_tag](#input\_image\_tag) | Image tag to use. If not specified current timestamp in format 'YYYYMMDDhhmmss' will be used. This can lead to unnecessary rebuilds. | `string` | `null` | no | +| [image\_tag\_mutability](#input\_image\_tag\_mutability) | The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"MUTABLE"` | no | +| [scan\_on\_push](#input\_scan\_on\_push) | Indicates whether images are scanned after being pushed to the repository | `bool` | `false` | no | | [source\_path](#input\_source\_path) | Path to folder containing application code | `string` | `null` | no | ## Outputs diff --git a/modules/docker-build/main.tf b/modules/docker-build/main.tf index c2aad58c..2741cfca 100644 --- a/modules/docker-build/main.tf +++ b/modules/docker-build/main.tf @@ -31,5 +31,9 @@ resource "docker_registry_image" "this" { resource "aws_ecr_repository" "this" { count = var.create_ecr_repo ? 1 : 0 - name = var.ecr_repo + name = var.ecr_repo + image_tag_mutability = var.image_tag_mutability + image_scanning_configuration { + scan_on_push = var.scan_on_push + } } diff --git a/modules/docker-build/variables.tf b/modules/docker-build/variables.tf index 5e3f4677..6c6e341d 100644 --- a/modules/docker-build/variables.tf +++ b/modules/docker-build/variables.tf @@ -27,3 +27,16 @@ variable "docker_file_path" { type = string default = "Dockerfile" } + + +variable "image_tag_mutability" { + description = "The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE`" + type = string + default = "MUTABLE" +} + +variable "scan_on_push" { + description = "Indicates whether images are scanned after being pushed to the repository" + type = bool + default = false +} From 01d1e84719d96af995563b00fe404a2148b0fc97 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Sat, 14 Aug 2021 14:28:12 +0200 Subject: [PATCH 2/2] Fixed README and added tags to ecr_repository --- modules/docker-build/README.md | 5 +++-- modules/docker-build/main.tf | 3 +++ modules/docker-build/variables.tf | 6 ++++++ 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/modules/docker-build/README.md b/modules/docker-build/README.md index 5122a709..0c82cea2 100644 --- a/modules/docker-build/README.md +++ b/modules/docker-build/README.md @@ -47,8 +47,8 @@ module "docker_image" { | Name | Version | |------|---------| -| [aws](#provider\_aws) | 3.54.0 | -| [docker](#provider\_docker) | 2.15.0 | +| [aws](#provider\_aws) | >= 3.35 | +| [docker](#provider\_docker) | >= 2.8.0 | ## Modules @@ -71,6 +71,7 @@ No modules. | [create\_ecr\_repo](#input\_create\_ecr\_repo) | Controls whether ECR repository for Lambda image should be created | `bool` | `false` | no | | [docker\_file\_path](#input\_docker\_file\_path) | Path to Dockerfile in source package | `string` | `"Dockerfile"` | no | | [ecr\_repo](#input\_ecr\_repo) | Name of ECR repository to use or to create | `string` | `null` | no | +| [ecr\_repo\_tags](#input\_ecr\_repo\_tags) | A map of tags to assign to ECR repository | `map(string)` | `{}` | no | | [image\_tag](#input\_image\_tag) | Image tag to use. If not specified current timestamp in format 'YYYYMMDDhhmmss' will be used. This can lead to unnecessary rebuilds. | `string` | `null` | no | | [image\_tag\_mutability](#input\_image\_tag\_mutability) | The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"MUTABLE"` | no | | [scan\_on\_push](#input\_scan\_on\_push) | Indicates whether images are scanned after being pushed to the repository | `bool` | `false` | no | diff --git a/modules/docker-build/main.tf b/modules/docker-build/main.tf index 2741cfca..f33ca1ae 100644 --- a/modules/docker-build/main.tf +++ b/modules/docker-build/main.tf @@ -33,7 +33,10 @@ resource "aws_ecr_repository" "this" { name = var.ecr_repo image_tag_mutability = var.image_tag_mutability + image_scanning_configuration { scan_on_push = var.scan_on_push } + + tags = var.ecr_repo_tags } diff --git a/modules/docker-build/variables.tf b/modules/docker-build/variables.tf index 6c6e341d..e1321279 100644 --- a/modules/docker-build/variables.tf +++ b/modules/docker-build/variables.tf @@ -40,3 +40,9 @@ variable "scan_on_push" { type = bool default = false } + +variable "ecr_repo_tags" { + description = "A map of tags to assign to ECR repository" + type = map(string) + default = {} +}