Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding encryption_type to allow using kms without passing key id and adding ecr:ListImages for argocd-image-updater #21

Merged
merged 2 commits into from
Dec 11, 2024
Merged

Adding encryption_type to allow using kms without passing key id and adding ecr:ListImages for argocd-image-updater #21

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8621e19
Adding encryption_type to allow using kms without passing key id and …
adenot Dec 11, 2024
f11a3b6
terraform-docs: automated update action
adenot Dec 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ The following resources will be created:

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| encryption\_type | Encryption type, KMS or AES256. When kms\_key\_arn is passed, encryption\_type is always KMS | `string` | `"KMS"` | no |
| image\_tag\_mutability | The tag mutability setting for the repository. Must be one of: MUTABLE or IMMUTABLE. Defaults to MUTABLE. | `string` | `"MUTABLE"` | no |
| kms\_key\_arn | KMS Key ARN to use a CMK instead of default key | `string` | `""` | no |
| lifecycle\_policy | JSON formatted string ECR repository lifecycle policy. | `string` | `""` | no |
Expand Down
8 changes: 7 additions & 1 deletion _variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,12 @@ variable "trust_accounts" {
description = "Accounts to trust and allow ECR fetch"
}

variable "encryption_type" {
type = string
description = "Encryption type, KMS or AES256. When kms_key_arn is passed, encryption_type is always KMS"
default = "KMS"
}

variable "kms_key_arn" {
type = string
description = "KMS Key ARN to use a CMK instead of default key"
Expand Down Expand Up @@ -35,4 +41,4 @@ variable "tags" {
description = "Map of tags that will be added to created resources. By default resources will be tagged with name and environment."
type = map(string)
default = {}
}
}
3 changes: 2 additions & 1 deletion ecr-policies.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,8 @@ data "aws_iam_policy_document" "default" {
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability",
"ecr:DescribeImageScanFindings"
"ecr:DescribeImageScanFindings",
"ecr:ListImages"
]
}
}
Expand Down
2 changes: 1 addition & 1 deletion ecr-repositories.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ resource "aws_ecr_repository" "default" {
image_tag_mutability = var.image_tag_mutability

encryption_configuration {
encryption_type = var.kms_key_arn != "" ? "KMS" : "AES256"
encryption_type = var.kms_key_arn != "" ? "KMS" : var.encryption_type
kms_key = var.kms_key_arn
}

Expand Down