Changes for ECR module

maddevsio · Aug 23, 2024 · 4092608 · 4092608
1 parent 9f1815a
commit 4092608
Show file tree

Hide file tree

Showing 8 changed files with 98 additions and 105 deletions.
diff --git a/terraform/modules/aws-ecr/main.tf b/terraform/modules/aws-ecr/main.tf
@@ -1,35 +1,40 @@
 
 resource "aws_ecr_repository" "this" {
- count = var.create_ecr_repository ? 1 : 0
- name = var.name
- image_tag_mutability = var.image_tag_mutability
+ for_each = var.repositories
+
+ name = each.key
+ image_tag_mutability = each.value.image_tag_mutability
  image_scanning_configuration {
- scan_on_push = var.scan_on_push
+ scan_on_push  = each.value.scan_on_push
  }
 
  tags = var.tags
 }
 
 resource "aws_ecr_lifecycle_policy" "this" {
- count = var.create_ecr_repository ? 1 : 0
- repository = aws_ecr_repository.this[0].name
- policy = <<POLICY
- {
- "rules": [
- {
- "rulePriority": 1,
- "description": "Expire untagged images older than 14 days",
- "selection": {
- "tagStatus": "untagged",
- "countType": "sinceImagePushed",
- "countUnit": "days",
- "countNumber": 14
+ for_each = { for k, v in var.repositories : k => v if length(v.lifecycle_policies) > 0 }
+
+ repository = aws_ecr_repository.this[each.key].name
+
+ policy = jsonencode({
+ rules = [
+ for policy in each.value.lifecycle_policies : merge({
+ rulePriority = index(each.value.lifecycle_policies, policy) + 1
+ description = policy.description
+ selection = merge({
+ tagStatus = policy.tag_status
+ countType = "sinceImagePushed"
+ countUnit = policy.count_unit
+ countNumber = policy.count_number
  },
- "action": {
- "type": "expire"
+ # Conditionally add tagPrefixList only if tag_status is "tagged"
+ policy.tag_status == "tagged" ? {
+ tagPrefixList = "${policy.tagPrefixLists}"
+ } : {})
+ action = {
+ type = "expire"
  }
- }
+ })
  ]
- }
- POLICY
+ })
 }
diff --git a/terraform/modules/aws-ecr/outputs.tf b/terraform/modules/aws-ecr/outputs.tf
@@ -1,9 +1,9 @@
 output "ecr_repository_url" {
- value = var.create_ecr_repository ? aws_ecr_repository.this[0].repository_url : ""
+ value = { for repository in aws_ecr_repository.this : repository.name => repository.repository_url }
  description = "The URL of the ECR repository, or empty if not created."
 }
 
 output "ecr_repository_arn" {
- value = var.create_ecr_repository ? aws_ecr_repository.this[0].arn : ""
+ value = { for repository in aws_ecr_repository.this : repository.name => repository.arn }
  description = "The ARN of the ECR repository, or empty if not created."
 }
diff --git a/terraform/modules/aws-ecr/variables.tf b/terraform/modules/aws-ecr/variables.tf
@@ -1,25 +1,15 @@
-variable "name" {
- description = "The name of the ECR repository"
- type = string
- default = "maddevs"
-}
-
-variable "image_tag_mutability" {
- description = "The tag mutability setting for the repository"
- type = string
- default = "MUTABLE"
-}
-
-variable "scan_on_push" {
- description = "Enable image scanning on push"
- type = bool
- default = true
-}
-
-variable "create_ecr_repository" {
- description = "Enable or not create ECR repository"
- type = bool
- default = false
+variable "repositories" {
+ type = map(object({
+ image_tag_mutability = string
+ scan_on_push = bool
+ lifecycle_policies = list(object({
+ tag_status = string
+ count_unit = string
+ tagPrefixLists = list(string)
+ count_number = number
+ description = string
+ }))
+ }))
 }
 
 variable "tags" {

diff --git a/terragrunt/ACCOUNT_ID/us-east-1/demo/aws-ecr/terragrunt.hcl b/terragrunt/ACCOUNT_ID/us-east-1/demo/aws-ecr/terragrunt.hcl
diff --git a/...s-east-1/demo/aws-ecr/.terraform.lock.hcl → ...1/demo/common/aws-ecr/.terraform.lock.hcl b/...s-east-1/demo/aws-ecr/.terraform.lock.hcl → ...1/demo/common/aws-ecr/.terraform.lock.hcl
diff --git a/terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-ecr/terragrunt.hcl b/terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-ecr/terragrunt.hcl
@@ -0,0 +1,56 @@
+include "root" {
+ path = find_in_parent_folders()
+ expose = true
+}
+
+include "env" {
+ path = find_in_parent_folders("env.hcl")
+ expose = true
+}
+
+generate "providers_versions" {
+ path = "versions.tf"
+ if_exists = "overwrite"
+ contents = <<EOF
+terraform {
+ required_version = ">= 1.8.3"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = "${include.root.locals.tf_providers.aws}"
+ }
+ }
+}
+EOF
+}
+
+terraform {
+ source = "${get_path_to_repo_root()}/terraform//modules/aws-ecr"
+}
+
+inputs = {
+ repositories = {
+ "${include.env.locals.name}" = {
+ image_tag_mutability = "MUTABLE"
+ scan_on_push = true
+
+ lifecycle_policies = [
+ {
+ tag_status = "tagged"
+ count_unit = "days"
+ count_number = 7
+ tagPrefixLists = ["${include.env.locals.name}"]
+ description = "Keep image for 24 hours"
+ },
+ {
+ tag_status = "untagged"
+ count_unit = "days"
+ count_number = 1
+ tagPrefixLists = []
+ description = "Keep image for 7 days"
+ }
+ ]
+ }
+ }
+}
diff --git a/terragrunt/ACCOUNT_ID/us-east-1/demo/k8s-addons/.terraform.lock.hcl b/terragrunt/ACCOUNT_ID/us-east-1/demo/k8s-addons/.terraform.lock.hcl
diff --git a/terragrunt/ACCOUNT_ID/us-east-1/demo/k8s-addons/terragrunt.hcl b/terragrunt/ACCOUNT_ID/us-east-1/demo/k8s-addons/terragrunt.hcl
@@ -52,7 +52,7 @@ dependency "aws-r53" {
 }
 
 dependencies {
- paths = ["../karpenter", "../aws-ecr"]
+ paths = ["../karpenter"]
 }
 
 generate "providers_versions" {