From c81bdd234055d0fa2732d38af83a67be2ea6706c Mon Sep 17 00:00:00 2001 From: vikas chaudhary Date: Sat, 9 Mar 2024 10:52:41 +0530 Subject: [PATCH 1/3] feat: Add support for multiple scan filters per scan type in registry scan rules --- README.md | 21 ++++++++++++++++----- examples/complete/main.tf | 19 +++++++++++++++---- main.tf | 10 +++++++--- 3 files changed, 38 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 7f2c1e2..cddc325 100644 --- a/README.md +++ b/README.md @@ -129,12 +129,23 @@ module "ecr_registry" { registry_scan_rules = [ { scan_frequency = "SCAN_ON_PUSH" - filter = "*" - filter_type = "WILDCARD" - }, { + filters = [ + { + filter = "example1" + filter_type = "WILDCARD" + }, + { filter = "example2" + filter_type = "WILDCARD" + } + ] + }, { scan_frequency = "CONTINUOUS_SCAN" - filter = "example" - filter_type = "WILDCARD" + filters = [ + { + filter = "example" + filter_type = "WILDCARD" + } + ] } ] diff --git a/examples/complete/main.tf b/examples/complete/main.tf index baf5b84..f66e845 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -137,12 +137,23 @@ module "ecr_registry" { registry_scan_rules = [ { scan_frequency = "SCAN_ON_PUSH" - filter = "*" - filter_type = "WILDCARD" + filters = [ + { + filter = "example1" + filter_type = "WILDCARD" + }, + { filter = "example2" + filter_type = "WILDCARD" + } + ] }, { scan_frequency = "CONTINUOUS_SCAN" - filter = "example" - filter_type = "WILDCARD" + filters = [ + { + filter = "example" + filter_type = "WILDCARD" + } + ] } ] diff --git a/main.tf b/main.tf index 3dc21cd..f5b35b4 100644 --- a/main.tf +++ b/main.tf @@ -287,9 +287,13 @@ resource "aws_ecr_registry_scanning_configuration" "this" { content { scan_frequency = rule.value.scan_frequency - repository_filter { - filter = rule.value.filter - filter_type = try(rule.value.filter_type, "WILDCARD") + dynamic "repository_filter" { + for_each = rule.value.filters + + content { + filter = repository_filter.value.filter + filter_type = try(repository_filter.value.filter_type, "WILDCARD") + } } } } From f884c900546d97fded657c002eba46421616fa5e Mon Sep 17 00:00:00 2001 From: vikas chaudhary Date: Fri, 15 Mar 2024 18:55:36 +0530 Subject: [PATCH 2/3] refactor repository_filter var name and raise MSV of Terraform and AWS provider to 1.0 and 5.0 respectively --- README.md | 10 +++++----- examples/complete/main.tf | 4 ++-- main.tf | 2 +- versions.tf | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index cddc325..387462e 100644 --- a/README.md +++ b/README.md @@ -129,7 +129,7 @@ module "ecr_registry" { registry_scan_rules = [ { scan_frequency = "SCAN_ON_PUSH" - filters = [ + filter = [ { filter = "example1" filter_type = "WILDCARD" @@ -140,7 +140,7 @@ module "ecr_registry" { ] }, { scan_frequency = "CONTINUOUS_SCAN" - filters = [ + filter = [ { filter = "example" filter_type = "WILDCARD" @@ -192,14 +192,14 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 4.22 | +| [terraform](#requirement\_terraform) | >= 1.0 | +| [aws](#requirement\_aws) | >= 5.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.22 | +| [aws](#provider\_aws) | >= 5.0 | ## Modules diff --git a/examples/complete/main.tf b/examples/complete/main.tf index f66e845..c080ea6 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -137,7 +137,7 @@ module "ecr_registry" { registry_scan_rules = [ { scan_frequency = "SCAN_ON_PUSH" - filters = [ + filter = [ { filter = "example1" filter_type = "WILDCARD" @@ -148,7 +148,7 @@ module "ecr_registry" { ] }, { scan_frequency = "CONTINUOUS_SCAN" - filters = [ + filter = [ { filter = "example" filter_type = "WILDCARD" diff --git a/main.tf b/main.tf index f5b35b4..776ff7a 100644 --- a/main.tf +++ b/main.tf @@ -288,7 +288,7 @@ resource "aws_ecr_registry_scanning_configuration" "this" { scan_frequency = rule.value.scan_frequency dynamic "repository_filter" { - for_each = rule.value.filters + for_each = rule.value.filter content { filter = repository_filter.value.filter diff --git a/versions.tf b/versions.tf index 947f98d..ddfcb0e 100644 --- a/versions.tf +++ b/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.22" + version = ">= 5.0" } } } From 6a79d9c3d9b239b805f3a726b885dcb701f3d097 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Fri, 15 Mar 2024 10:33:32 -0400 Subject: [PATCH 3/3] chore: Fix example version --- .pre-commit-config.yaml | 2 +- examples/complete/README.md | 6 +++--- examples/complete/versions.tf | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7c0a310..998beca 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.88.0 + rev: v1.88.2 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each diff --git a/examples/complete/README.md b/examples/complete/README.md index e6a4c52..c414175 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -27,14 +27,14 @@ Note that this example may create resources which will incur monetary charges on | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 4.22 | +| [terraform](#requirement\_terraform) | >= 1.0 | +| [aws](#requirement\_aws) | >= 5.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.22 | +| [aws](#provider\_aws) | >= 5.0 | ## Modules diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 947f98d..ddfcb0e 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.22" + version = ">= 5.0" } } }