From 9d22cfc9365f3d32434a6e32deb64aac182f6713 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sun, 26 Jun 2022 12:59:04 -0400 Subject: [PATCH 1/2] fix: Add new variable to control whether a repository policy is attached to the repository --- .pre-commit-config.yaml | 2 +- README.md | 1 + main.tf | 2 +- variables.tf | 6 ++++++ 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index d74819b..56fc918 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.72.1 + rev: v1.72.2 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each diff --git a/README.md b/README.md index d505840..a32cd53 100644 --- a/README.md +++ b/README.md @@ -215,6 +215,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [attach\_repository\_policy](#input\_attach\_repository\_policy) | Determines whether a repository policy will be attached to the repository | `bool` | `true` | no | | [create](#input\_create) | Determines whether resources will be created (affects all resources) | `bool` | `true` | no | | [create\_lifecycle\_policy](#input\_create\_lifecycle\_policy) | Determines whether a lifecycle policy will be created | `bool` | `true` | no | | [create\_registry\_policy](#input\_create\_registry\_policy) | Determines whether a registry policy will be created | `bool` | `false` | no | diff --git a/main.tf b/main.tf index 995f90b..45e9a77 100644 --- a/main.tf +++ b/main.tf @@ -109,7 +109,7 @@ resource "aws_ecr_repository" "this" { ################################################################################ resource "aws_ecr_repository_policy" "this" { - count = local.create_private_repository && var.create_repository_policy ? 1 : 0 + count = local.create_private_repository && var.attach_repository_policy ? 1 : 0 repository = aws_ecr_repository.this[0].name policy = var.create_repository_policy ? data.aws_iam_policy_document.repository[0].json : var.repository_policy diff --git a/variables.tf b/variables.tf index d0a1207..8cb1424 100644 --- a/variables.tf +++ b/variables.tf @@ -66,6 +66,12 @@ variable "repository_policy" { # Repository Policy ################################################################################ +variable "attach_repository_policy" { + description = "Determines whether a repository policy will be attached to the repository" + type = bool + default = true +} + variable "create_repository_policy" { description = "Determines whether a repository policy will be created" type = bool From 32d536dd48a38029c965990e499dda6cdc112b5c Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sun, 26 Jun 2022 13:06:02 -0400 Subject: [PATCH 2/2] fix: Update wrappers --- wrappers/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/wrappers/main.tf b/wrappers/main.tf index 167c38b..261efaf 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -13,6 +13,7 @@ module "wrapper" { repository_kms_key = try(each.value.repository_kms_key, var.defaults.repository_kms_key, null) repository_image_scan_on_push = try(each.value.repository_image_scan_on_push, var.defaults.repository_image_scan_on_push, true) repository_policy = try(each.value.repository_policy, var.defaults.repository_policy, null) + attach_repository_policy = try(each.value.attach_repository_policy, var.defaults.attach_repository_policy, true) create_repository_policy = try(each.value.create_repository_policy, var.defaults.create_repository_policy, true) repository_read_access_arns = try(each.value.repository_read_access_arns, var.defaults.repository_read_access_arns, []) repository_read_write_access_arns = try(each.value.repository_read_write_access_arns, var.defaults.repository_read_write_access_arns, [])