diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index b30a2d4..a538416 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,6 +1,2 @@ -.github/* @clouddrove/approvers - -* @clouddrove/clouddrovians @clouddrove/approvers - -.github/mergify.yml @clouddrove/admins -.github/CODEOWNERS @clouddrove/admins +# These owners will be the default owners for everything in the repo. +* @anmolnagpal @clouddrove-ci @clouddrove/terraform-azure-admins \ No newline at end of file diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml index f51070a..f0d9f2a 100644 --- a/.github/workflows/automerge.yml +++ b/.github/workflows/automerge.yml @@ -8,5 +8,5 @@ jobs: secrets: GITHUB: ${{ secrets.GITHUB }} with: - tfcheck: 'basic-example / Check code format' + tfcheck: 'complete-example / Check code format' ... diff --git a/examples/basic/example.tf b/examples/basic/example.tf index 607ba17..55cef03 100644 --- a/examples/basic/example.tf +++ b/examples/basic/example.tf @@ -1,14 +1,12 @@ provider "azurerm" { features {} - subscription_id = "01111111111110-11-11-11-11" - skip_provider_registration = "true" + subscription_id = "000001-11111-1223-XXX-XXXXXXXXXXXX" } provider "azurerm" { features {} - alias = "peer" - subscription_id = "01111111111110-11-11-11-11" - skip_provider_registration = "true" + alias = "peer" + subscription_id = "000001-11111-1223-XXX-XXXXXXXXXXXX" } locals { diff --git a/examples/basic/versions.tf b/examples/basic/versions.tf index f3fa032..53efd9f 100644 --- a/examples/basic/versions.tf +++ b/examples/basic/versions.tf @@ -7,7 +7,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.112.0" + version = ">=4.0.0" } } } \ No newline at end of file diff --git a/examples/complete/example.tf b/examples/complete/example.tf index 26287c0..e056576 100644 --- a/examples/complete/example.tf +++ b/examples/complete/example.tf @@ -1,14 +1,12 @@ provider "azurerm" { features {} - subscription_id = "01111111111110-11-11-11-11" - skip_provider_registration = "true" + subscription_id = "000001-11111-1223-XXX-XXXXXXXXXXXX" } provider "azurerm" { features {} - alias = "peer" - subscription_id = "01111111111110-11-11-11-11" - skip_provider_registration = "true" + alias = "peer" + subscription_id = "000001-11111-1223-XXX-XXXXXXXXXXXX" } @@ -78,11 +76,12 @@ module "subnet" { ##----------------------------------------------------------------------------- module "log-analytics" { source = "clouddrove/log-analytics/azure" - version = "1.0.1" + version = "1.1.0" name = local.name environment = local.environment create_log_analytics_workspace = true log_analytics_workspace_sku = "PerGB2018" + log_analytics_workspace_id = module.log-analytics.workspace_id resource_group_name = module.resource_group.resource_group_name log_analytics_workspace_location = module.resource_group.resource_group_location } diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 18fc9ba..09a49af 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -7,7 +7,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.112.0" + version = ">=4.0.0" } } } diff --git a/examples/with_existing_dns_zone_in_diff_rg/example.tf b/examples/with_existing_dns_zone_in_diff_rg/example.tf index e21758a..4ec8681 100644 --- a/examples/with_existing_dns_zone_in_diff_rg/example.tf +++ b/examples/with_existing_dns_zone_in_diff_rg/example.tf @@ -1,14 +1,12 @@ provider "azurerm" { features {} - subscription_id = "01111111111110-11-11-11-11" - skip_provider_registration = "true" + subscription_id = "000001-11111-1223-XXX-XXXXXXXXXXXX" } provider "azurerm" { features {} - alias = "peer" - subscription_id = "01111111111110-11-11-11-11" - skip_provider_registration = "true" + alias = "peer" + subscription_id = "000001-11111-1223-XXX-XXXXXXXXXXXX" } locals { @@ -77,11 +75,12 @@ module "subnet" { ##----------------------------------------------------------------------------- module "log-analytics" { source = "clouddrove/log-analytics/azure" - version = "1.0.1" + version = "1.1.0" name = local.name environment = local.environment create_log_analytics_workspace = true log_analytics_workspace_sku = "PerGB2018" + log_analytics_workspace_id = module.log-analytics.workspace_id resource_group_name = module.resource_group.resource_group_name log_analytics_workspace_location = module.resource_group.resource_group_location } @@ -106,9 +105,11 @@ module "container-registry" { environment = local.environment resource_group_name = module.resource_group.resource_group_name location = module.resource_group.resource_group_location + container_registry_config = { - name = "cdacr1234" # Name of Container Registry - sku = "Premium" + name = "cdacr1234" # Name of Container Registry + sku = "Premium" + retention_policy_in_days = 5 } log_analytics_workspace_id = module.log-analytics.workspace_id ##----------------------------------------------------------------------------- diff --git a/examples/with_existing_dns_zone_in_diff_rg/versions.tf b/examples/with_existing_dns_zone_in_diff_rg/versions.tf index 18fc9ba..09a49af 100644 --- a/examples/with_existing_dns_zone_in_diff_rg/versions.tf +++ b/examples/with_existing_dns_zone_in_diff_rg/versions.tf @@ -7,7 +7,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.112.0" + version = ">=4.0.0" } } } diff --git a/examples/with_existing_dns_zone_in_diff_subs/example.tf b/examples/with_existing_dns_zone_in_diff_subs/example.tf index 0a3f366..75aa596 100644 --- a/examples/with_existing_dns_zone_in_diff_subs/example.tf +++ b/examples/with_existing_dns_zone_in_diff_subs/example.tf @@ -1,14 +1,12 @@ provider "azurerm" { features {} - subscription_id = "01111111111110-11-11-11-11" - skip_provider_registration = "true" + subscription_id = "000001-11111-1223-XXX-XXXXXXXXXXXX" } provider "azurerm" { features {} - alias = "peer" - subscription_id = "01111111111110-11-11-11-11" - skip_provider_registration = "true" + alias = "peer" + subscription_id = "000001-11111-1223-XXX-XXXXXXXXXXXX" } locals { name = "app" @@ -75,11 +73,12 @@ module "subnet" { ##----------------------------------------------------------------------------- module "log-analytics" { source = "clouddrove/log-analytics/azure" - version = "1.0.1" + version = "1.1.0" name = local.name environment = local.environment create_log_analytics_workspace = true log_analytics_workspace_sku = "PerGB2018" + log_analytics_workspace_id = module.log-analytics.workspace_id resource_group_name = module.resource_group.resource_group_name log_analytics_workspace_location = module.resource_group.resource_group_location } diff --git a/examples/with_existing_dns_zone_in_diff_subs/versions.tf b/examples/with_existing_dns_zone_in_diff_subs/versions.tf index f3fa032..53efd9f 100644 --- a/examples/with_existing_dns_zone_in_diff_subs/versions.tf +++ b/examples/with_existing_dns_zone_in_diff_subs/versions.tf @@ -7,7 +7,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.112.0" + version = ">=4.0.0" } } } \ No newline at end of file diff --git a/main.tf b/main.tf index 2a8528c..dd38d62 100644 --- a/main.tf +++ b/main.tf @@ -52,30 +52,11 @@ resource "azurerm_container_registry" "main" { } } - dynamic "virtual_network" { - for_each = network_rule_set.value.virtual_network - content { - action = "Allow" - subnet_id = virtual_network.value.subnet_id - } - } - } - } - - dynamic "retention_policy" { - for_each = var.retention_policy != null && var.container_registry_config.sku == "Premium" ? [var.retention_policy] : [] - content { - days = lookup(retention_policy.value, "days", 7) - enabled = lookup(retention_policy.value, "enabled", true) } } - dynamic "trust_policy" { - for_each = var.enable_content_trust ? [1] : [] - content { - enabled = var.enable_content_trust - } - } + trust_policy_enabled = var.container_registry_config.sku == "Premium" ? var.enable_content_trust : false + retention_policy_in_days = var.retention_policy_in_days != null && var.container_registry_config.sku == "Premium" ? var.retention_policy_in_days : null identity { type = var.identity_ids != null || var.encryption ? "SystemAssigned, UserAssigned" : "SystemAssigned" @@ -85,7 +66,6 @@ resource "azurerm_container_registry" "main" { dynamic "encryption" { for_each = var.encryption && var.container_registry_config.sku == "Premium" ? ["encryption"] : [] content { - enabled = true key_vault_key_id = azurerm_key_vault_key.kvkey[0].id identity_client_id = azurerm_user_assigned_identity.identity[0].client_id } diff --git a/variables.tf b/variables.tf index 9a174e1..6ae369d 100644 --- a/variables.tf +++ b/variables.tf @@ -87,15 +87,10 @@ variable "network_rule_set" { description = "Manage network rules for Azure Container Registries" } -variable "retention_policy" { - type = object({ - days = optional(number) - enabled = optional(bool) - }) - default = { - days = 10 - enabled = true - } + +variable "retention_policy_in_days" { + type = number + default = 5 description = "Set a retention policy for untagged manifests" } diff --git a/versions.tf b/versions.tf index 96cb024..aae43e2 100644 --- a/versions.tf +++ b/versions.tf @@ -6,8 +6,9 @@ terraform { terraform { required_providers { azurerm = { - source = "hashicorp/azurerm" - version = ">=3.102.0" + source = "hashicorp/azurerm" + version = ">=4.0.0" + configuration_aliases = [azurerm.main_sub, azurerm.dns_sub] } } }