From cbba4fd31f5a7a04b3d57666c409996bf5eb2bdd Mon Sep 17 00:00:00 2001
From: Vikas Chaudhary <vikas.chaudhary94@protonmail.com>
Date: Fri, 15 Mar 2024 20:05:50 +0530
Subject: [PATCH] feat!: Allow multiple scan filters per scan type in registry;
 Raise MSV of Terraform and AWS provider to 1.0 and 5.0 respectively (#29)

* feat: Add support for multiple scan filters per scan type in registry scan rules

* refactor repository_filter var name and raise MSV of Terraform and AWS provider to 1.0 and 5.0 respectively

* chore: Fix example version

---------

Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
---
 .pre-commit-config.yaml       |  2 +-
 README.md                     | 27 +++++++++++++++++++--------
 examples/complete/README.md   |  6 +++---
 examples/complete/main.tf     | 19 +++++++++++++++----
 examples/complete/versions.tf |  4 ++--
 main.tf                       | 10 +++++++---
 versions.tf                   |  4 ++--
 7 files changed, 49 insertions(+), 23 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 7c0a310..998beca 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.88.0
+    rev: v1.88.2
     hooks:
       - id: terraform_fmt
       - id: terraform_wrapper_module_for_each
diff --git a/README.md b/README.md
index 7f2c1e2..387462e 100644
--- a/README.md
+++ b/README.md
@@ -129,12 +129,23 @@ module "ecr_registry" {
   registry_scan_rules = [
     {
       scan_frequency = "SCAN_ON_PUSH"
-      filter         = "*"
-      filter_type    = "WILDCARD"
-      }, {
+      filter = [
+        {
+          filter      = "example1"
+          filter_type = "WILDCARD"
+        },
+        { filter      = "example2"
+          filter_type = "WILDCARD"
+        }
+      ]
+    }, {
       scan_frequency = "CONTINUOUS_SCAN"
-      filter         = "example"
-      filter_type    = "WILDCARD"
+      filter = [
+        {
+          filter      = "example"
+          filter_type = "WILDCARD"
+        }
+      ]
     }
   ]
 
@@ -181,14 +192,14 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.22 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.22 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
 
 ## Modules
 
diff --git a/examples/complete/README.md b/examples/complete/README.md
index e6a4c52..c414175 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -27,14 +27,14 @@ Note that this example may create resources which will incur monetary charges on
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.22 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.22 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
 
 ## Modules
 
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index baf5b84..c080ea6 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -137,12 +137,23 @@ module "ecr_registry" {
   registry_scan_rules = [
     {
       scan_frequency = "SCAN_ON_PUSH"
-      filter         = "*"
-      filter_type    = "WILDCARD"
+      filter = [
+        {
+          filter      = "example1"
+          filter_type = "WILDCARD"
+        },
+        { filter      = "example2"
+          filter_type = "WILDCARD"
+        }
+      ]
       }, {
       scan_frequency = "CONTINUOUS_SCAN"
-      filter         = "example"
-      filter_type    = "WILDCARD"
+      filter = [
+        {
+          filter      = "example"
+          filter_type = "WILDCARD"
+        }
+      ]
     }
   ]
 
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
index 947f98d..ddfcb0e 100644
--- a/examples/complete/versions.tf
+++ b/examples/complete/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 0.13.1"
+  required_version = ">= 1.0"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.22"
+      version = ">= 5.0"
     }
   }
 }
diff --git a/main.tf b/main.tf
index 3dc21cd..776ff7a 100644
--- a/main.tf
+++ b/main.tf
@@ -287,9 +287,13 @@ resource "aws_ecr_registry_scanning_configuration" "this" {
     content {
       scan_frequency = rule.value.scan_frequency
 
-      repository_filter {
-        filter      = rule.value.filter
-        filter_type = try(rule.value.filter_type, "WILDCARD")
+      dynamic "repository_filter" {
+        for_each = rule.value.filter
+
+        content {
+          filter      = repository_filter.value.filter
+          filter_type = try(repository_filter.value.filter_type, "WILDCARD")
+        }
       }
     }
   }
diff --git a/versions.tf b/versions.tf
index 947f98d..ddfcb0e 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 0.13.1"
+  required_version = ">= 1.0"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.22"
+      version = ">= 5.0"
     }
   }
 }