From 312d6dfdb42e6833bd6b1423895816bf8ef08a3b Mon Sep 17 00:00:00 2001 From: Arnau Colominas Date: Thu, 23 Dec 2021 21:33:37 +0100 Subject: [PATCH 1/3] Added scan_on_push option and mutability to registry --- README.md | 16 ++++++------ examples/python-hello-world-scan/main.tf | 25 +++++++++++++++++++ .../python-hello-world-scan/src/Dockerfile | 8 ++++++ examples/python-hello-world-scan/src/main.py | 10 ++++++++ main.tf | 7 +++++- variables.tf | 13 +++++++++- 6 files changed, 70 insertions(+), 9 deletions(-) create mode 100644 examples/python-hello-world-scan/main.tf create mode 100644 examples/python-hello-world-scan/src/Dockerfile create mode 100644 examples/python-hello-world-scan/src/main.py diff --git a/README.md b/README.md index 942461c..799c960 100644 --- a/README.md +++ b/README.md @@ -20,13 +20,15 @@ See [examples](examples). ## Inputs -| Name | Description | Type | Default | Required | -| ----------- | -------------------------------------------------- | :----: | :--------: | :------: | -| hash_script | Path to script to generate hash of source contents | string | `""` | no | -| image_name | Name of Docker image | string | n/a | yes | -| push_script | Path to script to build and push Docker image | string | `""` | no | -| source_path | Path to Docker image source | string | n/a | yes | -| tag | Tag to use for deployed Docker image | string | `"latest"` | no | +| Name | Description | Type | Default | Required | +| ---------------- | -------------------------------------------------- | :----: | :--------: | :------: | +| hash_script | Path to script to generate hash of source contents | string | `""` | no | +| image_name | Name of Docker image | string | n/a | yes | +| image_scan | The tag mutability setting for the repository | string | "false" | no | +| image_mutability | Enable images scanning after being pushed | string | "MUTABLE" | no | +| push_script | Path to script to build and push Docker image | string | `""` | no | +| source_path | Path to Docker image source | string | n/a | yes | +| tag | Tag to use for deployed Docker image | string | `"latest"` | no | ## Outputs diff --git a/examples/python-hello-world-scan/main.tf b/examples/python-hello-world-scan/main.tf new file mode 100644 index 0000000..8dc4c42 --- /dev/null +++ b/examples/python-hello-world-scan/main.tf @@ -0,0 +1,25 @@ +terraform { + required_version = ">=1" + + required_providers { + aws = { + source = "hashicorp/aws" + } + } + + backend "local" { + path = "terraform.tfstate" + } +} + +provider "aws" { + region = "us-west-1" +} + +module "python-hello-world" { + source = "../../" + image_name = "python-hello-world" + source_path = "${path.module}/src" + + image_scan = "true" +} diff --git a/examples/python-hello-world-scan/src/Dockerfile b/examples/python-hello-world-scan/src/Dockerfile new file mode 100644 index 0000000..65f5b17 --- /dev/null +++ b/examples/python-hello-world-scan/src/Dockerfile @@ -0,0 +1,8 @@ +FROM python:3.7-alpine + +RUN mkdir /src +ADD main.py /src/main.py + +WORKDIR /src + +ENTRYPOINT ["python", "main.py"] diff --git a/examples/python-hello-world-scan/src/main.py b/examples/python-hello-world-scan/src/main.py new file mode 100644 index 0000000..bace31f --- /dev/null +++ b/examples/python-hello-world-scan/src/main.py @@ -0,0 +1,10 @@ +import logging + + +# Setup logging in order for CloudWatch Logs to work properly +logging.basicConfig(level=logging.INFO) +logger = logging.getLogger() + + +if __name__ == "__main__": + logger.info("Hello world") diff --git a/main.tf b/main.tf index 737d438..52564d5 100644 --- a/main.tf +++ b/main.tf @@ -4,6 +4,12 @@ terraform { resource "aws_ecr_repository" "repo" { name = var.image_name + + image_tag_mutability = var.image_mutability + + image_scanning_configuration { + scan_on_push = var.image_scan + } } resource "aws_ecr_lifecycle_policy" "repo-policy" { @@ -42,4 +48,3 @@ resource "aws_ecr_lifecycle_policy" "repo-policy" { EOF } - diff --git a/variables.tf b/variables.tf index 48acd6b..ac8bd5f 100644 --- a/variables.tf +++ b/variables.tf @@ -3,6 +3,18 @@ variable "image_name" { type = string } +variable "image_scan" { + description = "Enable images scanning after being pushed to the repository" + type = string + default = "false" +} + +variable "image_mutability" { + description = "The tag mutability setting for the repository" + type = string + default = "MUTABLE" +} + variable "source_path" { description = "Path to Docker image source" type = string @@ -25,4 +37,3 @@ variable "push_script" { type = string default = "" } - From c2b8ef2086dfe4bf40ca75f9bc27af9ed7ca8950 Mon Sep 17 00:00:00 2001 From: Arnau Colominas Date: Thu, 23 Dec 2021 21:48:56 +0100 Subject: [PATCH 2/3] fix readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 799c960..651193e 100644 --- a/README.md +++ b/README.md @@ -24,8 +24,8 @@ See [examples](examples). | ---------------- | -------------------------------------------------- | :----: | :--------: | :------: | | hash_script | Path to script to generate hash of source contents | string | `""` | no | | image_name | Name of Docker image | string | n/a | yes | -| image_scan | The tag mutability setting for the repository | string | "false" | no | -| image_mutability | Enable images scanning after being pushed | string | "MUTABLE" | no | +| image_scan | Enable images scanning after being pushed | string | "false" | no | +| image_mutability | The tag mutability setting for the repository | string | "MUTABLE" | no | | push_script | Path to script to build and push Docker image | string | `""` | no | | source_path | Path to Docker image source | string | n/a | yes | | tag | Tag to use for deployed Docker image | string | `"latest"` | no | From b6bb714eb64f2c508f7272ce5b9451a937d2b650 Mon Sep 17 00:00:00 2001 From: Arnau Colominas Date: Fri, 24 Dec 2021 12:01:57 +0100 Subject: [PATCH 3/3] Add tags option --- README.md | 1 + examples/python-hello-world-scan/main.tf | 5 +++++ main.tf | 7 +++++++ variables.tf | 6 ++++++ 4 files changed, 19 insertions(+) diff --git a/README.md b/README.md index 651193e..a2b23ac 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,7 @@ See [examples](examples). | push_script | Path to script to build and push Docker image | string | `""` | no | | source_path | Path to Docker image source | string | n/a | yes | | tag | Tag to use for deployed Docker image | string | `"latest"` | no | +| tags | Tags to attach to created resources | map | `""` | no | ## Outputs diff --git a/examples/python-hello-world-scan/main.tf b/examples/python-hello-world-scan/main.tf index 8dc4c42..2cc074c 100644 --- a/examples/python-hello-world-scan/main.tf +++ b/examples/python-hello-world-scan/main.tf @@ -22,4 +22,9 @@ module "python-hello-world" { source_path = "${path.module}/src" image_scan = "true" + + tags = { + "Environment" = "Test", + "Cost Center" = "A" + } } diff --git a/main.tf b/main.tf index 52564d5..be5e25e 100644 --- a/main.tf +++ b/main.tf @@ -10,6 +10,13 @@ resource "aws_ecr_repository" "repo" { image_scanning_configuration { scan_on_push = var.image_scan } + + tags = merge( + var.tags, + tomap({ + "Technology Name" = "Elastic Container Registry" + }) + ) } resource "aws_ecr_lifecycle_policy" "repo-policy" { diff --git a/variables.tf b/variables.tf index ac8bd5f..12a8f29 100644 --- a/variables.tf +++ b/variables.tf @@ -26,6 +26,12 @@ variable "tag" { default = "latest" } +variable "tags" { + description = "Tags to attach to created resources" + type = map(any) + default = {} +} + variable "hash_script" { description = "Path to script to generate hash of source contents" type = string