feat!: Allow multiple scan filters per scan type in registry; Raise M…

…SV of Terraform and AWS provider to 1.0 and 5.0 respectively (#29) * feat: Add support for multiple scan filters per scan type in registry scan rules * refactor repository_filter var name and raise MSV of Terraform and AWS provider to 1.0 and 5.0 respectively * chore: Fix example version --------- Co-authored-by: Bryant Biggs <[email protected]>
terraform-aws-modules · Mar 15, 2024 · cbba4fd · cbba4fd
1 parent c15cb78
commit cbba4fd
Show file tree

Hide file tree

Showing 7 changed files with 49 additions and 23 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.88.0
+    rev: v1.88.2
     hooks:
       - id: terraform_fmt
       - id: terraform_wrapper_module_for_each

diff --git a/README.md b/README.md
@@ -129,12 +129,23 @@ module "ecr_registry" {
   registry_scan_rules = [
     {
       scan_frequency = "SCAN_ON_PUSH"
-      filter         = "*"
-      filter_type    = "WILDCARD"
-      }, {
+      filter = [
+        {
+          filter      = "example1"
+          filter_type = "WILDCARD"
+        },
+        { filter      = "example2"
+          filter_type = "WILDCARD"
+        }
+      ]
+    }, {
       scan_frequency = "CONTINUOUS_SCAN"
-      filter         = "example"
-      filter_type    = "WILDCARD"
+      filter = [
+        {
+          filter      = "example"
+          filter_type = "WILDCARD"
+        }
+      ]
     }
   ]
 
@@ -181,14 +192,14 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.22 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.22 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
 
 ## Modules
 

diff --git a/examples/complete/README.md b/examples/complete/README.md
@@ -27,14 +27,14 @@ Note that this example may create resources which will incur monetary charges on
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.22 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.22 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
 
 ## Modules
 

diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -137,12 +137,23 @@ module "ecr_registry" {
   registry_scan_rules = [
     {
       scan_frequency = "SCAN_ON_PUSH"
-      filter         = "*"
-      filter_type    = "WILDCARD"
+      filter = [
+        {
+          filter      = "example1"
+          filter_type = "WILDCARD"
+        },
+        { filter      = "example2"
+          filter_type = "WILDCARD"
+        }
+      ]
       }, {
       scan_frequency = "CONTINUOUS_SCAN"
-      filter         = "example"
-      filter_type    = "WILDCARD"
+      filter = [
+        {
+          filter      = "example"
+          filter_type = "WILDCARD"
+        }
+      ]
     }
   ]
 

diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 0.13.1"
+  required_version = ">= 1.0"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.22"
+      version = ">= 5.0"
     }
   }
 }
diff --git a/main.tf b/main.tf
@@ -287,9 +287,13 @@ resource "aws_ecr_registry_scanning_configuration" "this" {
     content {
       scan_frequency = rule.value.scan_frequency
 
-      repository_filter {
-        filter      = rule.value.filter
-        filter_type = try(rule.value.filter_type, "WILDCARD")
+      dynamic "repository_filter" {
+        for_each = rule.value.filter
+
+        content {
+          filter      = repository_filter.value.filter
+          filter_type = try(repository_filter.value.filter_type, "WILDCARD")
+        }
       }
     }
   }

diff --git a/versions.tf b/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 0.13.1"
+  required_version = ">= 1.0"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.22"
+      version = ">= 5.0"
     }
   }
 }