diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index b30a2d4..a538416 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,6 +1,2 @@ -.github/* @clouddrove/approvers - -* @clouddrove/clouddrovians @clouddrove/approvers - -.github/mergify.yml @clouddrove/admins -.github/CODEOWNERS @clouddrove/admins +# These owners will be the default owners for everything in the repo. +* @anmolnagpal @clouddrove-ci @clouddrove/terraform-azure-admins \ No newline at end of file diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml index f51070a..f0d9f2a 100644 --- a/.github/workflows/automerge.yml +++ b/.github/workflows/automerge.yml @@ -8,5 +8,5 @@ jobs: secrets: GITHUB: ${{ secrets.GITHUB }} with: - tfcheck: 'basic-example / Check code format' + tfcheck: 'complete-example / Check code format' ... diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9e713a5..0814ab6 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,21 +1,38 @@ -repos: - - repo: https://github.com/gruntwork-io/pre-commit - rev: v0.1.12 # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases +repos: + - repo: https://github.com/antonbabenko/pre-commit-terraform + rev: v1.96.1 hooks: - - id: terraform-fmt - - id: shellcheck - - id: tflint - - - repo: git://github.com/pre-commit/pre-commit-hooks - rev: v4.0.1 # Use the ref you want to point at + - id: terraform_fmt + entry: hooks/terraform_fmt.sh + language: system # Changed from 'script' to 'system' + #- id: terraform_validate + - id: terraform_docs + entry: hooks/terraform_docs.sh + language: system + additional_dependencies: ['terraform-docs/terraform-docs'] + args: + - '--args=--lockfile=false' + - id: terraform_tflint + language: system + require_serial: true + entry: hooks/terraform_tflint.sh + additional_dependencies: ['terraform-linters/tflint'] + args: + - '--args=--only=terraform_deprecated_interpolation' + - '--args=--only=terraform_deprecated_index' + - '--args=--only=terraform_unused_declarations' + - '--args=--only=terraform_comment_syntax' + - '--args=--only=terraform_documented_outputs' + - '--args=--only=terraform_documented_variables' + - '--args=--only=terraform_typed_variables' + - '--args=--only=terraform_module_pinned_source' + # - '--args=--only=terraform_naming_convention' + - '--args=--only=terraform_required_version' + - '--args=--only=terraform_required_providers' + - '--args=--only=terraform_standard_module_structure' + - '--args=--only=terraform_workspace_remote' + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v5.0.0 hooks: - - id: end-of-file-fixer - - id: trailing-whitespace - - id: mixed-line-ending - - id: check-byte-order-marker - - id: check-executables-have-shebangs - id: check-merge-conflict - - id: debug-statements - - id: check-yaml - - id: check-added-large-files diff --git a/examples/basic/example.tf b/examples/basic/example.tf index 607ba17..55cef03 100644 --- a/examples/basic/example.tf +++ b/examples/basic/example.tf @@ -1,14 +1,12 @@ provider "azurerm" { features {} - subscription_id = "01111111111110-11-11-11-11" - skip_provider_registration = "true" + subscription_id = "000001-11111-1223-XXX-XXXXXXXXXXXX" } provider "azurerm" { features {} - alias = "peer" - subscription_id = "01111111111110-11-11-11-11" - skip_provider_registration = "true" + alias = "peer" + subscription_id = "000001-11111-1223-XXX-XXXXXXXXXXXX" } locals { diff --git a/examples/basic/output.tf b/examples/basic/outputs.tf similarity index 100% rename from examples/basic/output.tf rename to examples/basic/outputs.tf diff --git a/examples/basic/versions.tf b/examples/basic/versions.tf index f3fa032..53efd9f 100644 --- a/examples/basic/versions.tf +++ b/examples/basic/versions.tf @@ -7,7 +7,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.112.0" + version = ">=4.0.0" } } } \ No newline at end of file diff --git a/examples/complete/example.tf b/examples/complete/example.tf index 26287c0..e056576 100644 --- a/examples/complete/example.tf +++ b/examples/complete/example.tf @@ -1,14 +1,12 @@ provider "azurerm" { features {} - subscription_id = "01111111111110-11-11-11-11" - skip_provider_registration = "true" + subscription_id = "000001-11111-1223-XXX-XXXXXXXXXXXX" } provider "azurerm" { features {} - alias = "peer" - subscription_id = "01111111111110-11-11-11-11" - skip_provider_registration = "true" + alias = "peer" + subscription_id = "000001-11111-1223-XXX-XXXXXXXXXXXX" } @@ -78,11 +76,12 @@ module "subnet" { ##----------------------------------------------------------------------------- module "log-analytics" { source = "clouddrove/log-analytics/azure" - version = "1.0.1" + version = "1.1.0" name = local.name environment = local.environment create_log_analytics_workspace = true log_analytics_workspace_sku = "PerGB2018" + log_analytics_workspace_id = module.log-analytics.workspace_id resource_group_name = module.resource_group.resource_group_name log_analytics_workspace_location = module.resource_group.resource_group_location } diff --git a/examples/complete/output.tf b/examples/complete/outputs.tf similarity index 100% rename from examples/complete/output.tf rename to examples/complete/outputs.tf diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 18fc9ba..09a49af 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -7,7 +7,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.112.0" + version = ">=4.0.0" } } } diff --git a/examples/with_existing_dns_zone_in_diff_rg/example.tf b/examples/with_existing_dns_zone_in_diff_rg/example.tf index e21758a..4ec8681 100644 --- a/examples/with_existing_dns_zone_in_diff_rg/example.tf +++ b/examples/with_existing_dns_zone_in_diff_rg/example.tf @@ -1,14 +1,12 @@ provider "azurerm" { features {} - subscription_id = "01111111111110-11-11-11-11" - skip_provider_registration = "true" + subscription_id = "000001-11111-1223-XXX-XXXXXXXXXXXX" } provider "azurerm" { features {} - alias = "peer" - subscription_id = "01111111111110-11-11-11-11" - skip_provider_registration = "true" + alias = "peer" + subscription_id = "000001-11111-1223-XXX-XXXXXXXXXXXX" } locals { @@ -77,11 +75,12 @@ module "subnet" { ##----------------------------------------------------------------------------- module "log-analytics" { source = "clouddrove/log-analytics/azure" - version = "1.0.1" + version = "1.1.0" name = local.name environment = local.environment create_log_analytics_workspace = true log_analytics_workspace_sku = "PerGB2018" + log_analytics_workspace_id = module.log-analytics.workspace_id resource_group_name = module.resource_group.resource_group_name log_analytics_workspace_location = module.resource_group.resource_group_location } @@ -106,9 +105,11 @@ module "container-registry" { environment = local.environment resource_group_name = module.resource_group.resource_group_name location = module.resource_group.resource_group_location + container_registry_config = { - name = "cdacr1234" # Name of Container Registry - sku = "Premium" + name = "cdacr1234" # Name of Container Registry + sku = "Premium" + retention_policy_in_days = 5 } log_analytics_workspace_id = module.log-analytics.workspace_id ##----------------------------------------------------------------------------- diff --git a/examples/with_existing_dns_zone_in_diff_rg/output.tf b/examples/with_existing_dns_zone_in_diff_rg/outputs.tf similarity index 100% rename from examples/with_existing_dns_zone_in_diff_rg/output.tf rename to examples/with_existing_dns_zone_in_diff_rg/outputs.tf diff --git a/examples/with_existing_dns_zone_in_diff_rg/versions.tf b/examples/with_existing_dns_zone_in_diff_rg/versions.tf index 18fc9ba..09a49af 100644 --- a/examples/with_existing_dns_zone_in_diff_rg/versions.tf +++ b/examples/with_existing_dns_zone_in_diff_rg/versions.tf @@ -7,7 +7,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.112.0" + version = ">=4.0.0" } } } diff --git a/examples/with_existing_dns_zone_in_diff_subs/example.tf b/examples/with_existing_dns_zone_in_diff_subs/example.tf index 0a3f366..75aa596 100644 --- a/examples/with_existing_dns_zone_in_diff_subs/example.tf +++ b/examples/with_existing_dns_zone_in_diff_subs/example.tf @@ -1,14 +1,12 @@ provider "azurerm" { features {} - subscription_id = "01111111111110-11-11-11-11" - skip_provider_registration = "true" + subscription_id = "000001-11111-1223-XXX-XXXXXXXXXXXX" } provider "azurerm" { features {} - alias = "peer" - subscription_id = "01111111111110-11-11-11-11" - skip_provider_registration = "true" + alias = "peer" + subscription_id = "000001-11111-1223-XXX-XXXXXXXXXXXX" } locals { name = "app" @@ -75,11 +73,12 @@ module "subnet" { ##----------------------------------------------------------------------------- module "log-analytics" { source = "clouddrove/log-analytics/azure" - version = "1.0.1" + version = "1.1.0" name = local.name environment = local.environment create_log_analytics_workspace = true log_analytics_workspace_sku = "PerGB2018" + log_analytics_workspace_id = module.log-analytics.workspace_id resource_group_name = module.resource_group.resource_group_name log_analytics_workspace_location = module.resource_group.resource_group_location } diff --git a/examples/with_existing_dns_zone_in_diff_subs/output.tf b/examples/with_existing_dns_zone_in_diff_subs/outputs.tf similarity index 100% rename from examples/with_existing_dns_zone_in_diff_subs/output.tf rename to examples/with_existing_dns_zone_in_diff_subs/outputs.tf diff --git a/examples/with_existing_dns_zone_in_diff_subs/versions.tf b/examples/with_existing_dns_zone_in_diff_subs/versions.tf index f3fa032..53efd9f 100644 --- a/examples/with_existing_dns_zone_in_diff_subs/versions.tf +++ b/examples/with_existing_dns_zone_in_diff_subs/versions.tf @@ -7,7 +7,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.112.0" + version = ">=4.0.0" } } } \ No newline at end of file diff --git a/main.tf b/main.tf index 2a8528c..dd38d62 100644 --- a/main.tf +++ b/main.tf @@ -52,30 +52,11 @@ resource "azurerm_container_registry" "main" { } } - dynamic "virtual_network" { - for_each = network_rule_set.value.virtual_network - content { - action = "Allow" - subnet_id = virtual_network.value.subnet_id - } - } - } - } - - dynamic "retention_policy" { - for_each = var.retention_policy != null && var.container_registry_config.sku == "Premium" ? [var.retention_policy] : [] - content { - days = lookup(retention_policy.value, "days", 7) - enabled = lookup(retention_policy.value, "enabled", true) } } - dynamic "trust_policy" { - for_each = var.enable_content_trust ? [1] : [] - content { - enabled = var.enable_content_trust - } - } + trust_policy_enabled = var.container_registry_config.sku == "Premium" ? var.enable_content_trust : false + retention_policy_in_days = var.retention_policy_in_days != null && var.container_registry_config.sku == "Premium" ? var.retention_policy_in_days : null identity { type = var.identity_ids != null || var.encryption ? "SystemAssigned, UserAssigned" : "SystemAssigned" @@ -85,7 +66,6 @@ resource "azurerm_container_registry" "main" { dynamic "encryption" { for_each = var.encryption && var.container_registry_config.sku == "Premium" ? ["encryption"] : [] content { - enabled = true key_vault_key_id = azurerm_key_vault_key.kvkey[0].id identity_client_id = azurerm_user_assigned_identity.identity[0].client_id } diff --git a/output.tf b/outputs.tf similarity index 100% rename from output.tf rename to outputs.tf diff --git a/variables.tf b/variables.tf index 9a174e1..dbfe58d 100644 --- a/variables.tf +++ b/variables.tf @@ -87,15 +87,10 @@ variable "network_rule_set" { description = "Manage network rules for Azure Container Registries" } -variable "retention_policy" { - type = object({ - days = optional(number) - enabled = optional(bool) - }) - default = { - days = 10 - enabled = true - } + +variable "retention_policy_in_days" { + type = number + default = 5 description = "Set a retention policy for untagged manifests" } @@ -114,6 +109,7 @@ variable "identity_ids" { variable "encryption" { type = bool default = false + description = "Flag to enable encryption in acr." } variable "scope_map" { @@ -139,7 +135,7 @@ variable "container_registry_webhooks" { variable "key_vault_id" { type = string default = null - description = "" + description = "Keyvault id in which encryption key will be created." } variable "enable_rotation_policy" { @@ -151,6 +147,7 @@ variable "enable_rotation_policy" { variable "key_vault_rbac_auth_enabled" { type = bool default = true + description = "Flag to tell whether key vault used role based access or not." } ##----------------------------------------------------------------------------- @@ -171,6 +168,7 @@ variable "existing_private_dns_zone" { variable "private_dns_name" { type = string default = "privatelink.azurecr.io" + description = "Private DNS name for ACR." } variable "subnet_id" { diff --git a/versions.tf b/versions.tf index 96cb024..aae43e2 100644 --- a/versions.tf +++ b/versions.tf @@ -6,8 +6,9 @@ terraform { terraform { required_providers { azurerm = { - source = "hashicorp/azurerm" - version = ">=3.102.0" + source = "hashicorp/azurerm" + version = ">=4.0.0" + configuration_aliases = [azurerm.main_sub, azurerm.dns_sub] } } }