Skip to content

Commit

Permalink
fix: Add new variable to control whether a repository policy is attac…
Browse files Browse the repository at this point in the history 
…hed to the repository (#8)
  • Loading branch information
@bryantbiggs
bryantbiggs authored Jun 26, 2022
1 parent 8189395 commit 4706acf
Show file tree
Hide file tree
Showing 5 changed files with 10 additions and 2 deletions.
2 changes: 1 addition & 1 deletion .pre-commit-config.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.72.1
rev: v1.72.2
hooks:
- id: terraform_fmt
- id: terraform_wrapper_module_for_each
Expand Down
1 change: 1 addition & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -215,6 +215,7 @@ No modules.

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_attach_repository_policy"></a> [attach\_repository\_policy](#input\_attach\_repository\_policy) | Determines whether a repository policy will be attached to the repository | `bool` | `true` | no |
| <a name="input_create"></a> [create](#input\_create) | Determines whether resources will be created (affects all resources) | `bool` | `true` | no |
| <a name="input_create_lifecycle_policy"></a> [create\_lifecycle\_policy](#input\_create\_lifecycle\_policy) | Determines whether a lifecycle policy will be created | `bool` | `true` | no |
| <a name="input_create_registry_policy"></a> [create\_registry\_policy](#input\_create\_registry\_policy) | Determines whether a registry policy will be created | `bool` | `false` | no |
Expand Down
2 changes: 1 addition & 1 deletion main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ resource "aws_ecr_repository" "this" {
################################################################################

resource "aws_ecr_repository_policy" "this" {
count = local.create_private_repository && var.create_repository_policy ? 1 : 0
count = local.create_private_repository && var.attach_repository_policy ? 1 : 0

repository = aws_ecr_repository.this[0].name
policy = var.create_repository_policy ? data.aws_iam_policy_document.repository[0].json : var.repository_policy
Expand Down
6 changes: 6 additions & 0 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,12 @@ variable "repository_policy" {
# Repository Policy
################################################################################

variable "attach_repository_policy" {
description = "Determines whether a repository policy will be attached to the repository"
type = bool
default = true
}

variable "create_repository_policy" {
description = "Determines whether a repository policy will be created"
type = bool
Expand Down
1 change: 1 addition & 0 deletions wrappers/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ module "wrapper" {
repository_kms_key = try(each.value.repository_kms_key, var.defaults.repository_kms_key, null)
repository_image_scan_on_push = try(each.value.repository_image_scan_on_push, var.defaults.repository_image_scan_on_push, true)
repository_policy = try(each.value.repository_policy, var.defaults.repository_policy, null)
attach_repository_policy = try(each.value.attach_repository_policy, var.defaults.attach_repository_policy, true)
create_repository_policy = try(each.value.create_repository_policy, var.defaults.create_repository_policy, true)
repository_read_access_arns = try(each.value.repository_read_access_arns, var.defaults.repository_read_access_arns, [])
repository_read_write_access_arns = try(each.value.repository_read_write_access_arns, var.defaults.repository_read_write_access_arns, [])
Expand Down

0 comments on commit 4706acf

Please sign in to comment.