enhancement for multiple repo creation (#41)

* enhancement for multiple repo creation * add arn output * Updated README.md * Executed 'terraform fmt' * Apply suggestions from code review Fix format of documents & codes Co-Authored-By: Andriy Knysh <aknysh@users.noreply.github.com> * Apply suggestions from aknysh * Apply suggestions from aknysh Co-Authored-By: Andriy Knysh <aknysh@users.noreply.github.com> * Updated README.md * Executed 'terraform fmt' Co-authored-by: Maxim Mironenko <simixido@gmail.com> Co-authored-by: actions-bot <58130806+actions-bot@users.noreply.github.com> Co-authored-by: Andriy Knysh <aknysh@users.noreply.github.com>
cloudposse · Feb 25, 2020 · 2868a6d · 2868a6d
1 parent e99335b
commit 2868a6d
Show file tree

Hide file tree

Showing 7 changed files with 74 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -134,6 +134,7 @@ Available targets:
 | attributes | Additional attributes (e.g. `policy` or `role`) | list(string) | `<list>` | no |
 | delimiter | Delimiter to be used between `name`, `namespace`, `stage`, etc. | string | `-` | no |
 | enabled | Set to false to prevent the module from creating any resources | bool | `true` | no |
+| image_names | List of Docker local image names, used as repository names for AWS ECR | list(string) | `<list>` | no |
 | max_image_count | How many Docker Image versions AWS ECR will store | string | `500` | no |
 | name | The Name of the application or solution  (e.g. `bastion` or `portal`) | string | - | yes |
 | namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no |
@@ -152,7 +153,10 @@ Available targets:
 | registry_id | Registry ID |
 | registry_url | Registry URL |
 | repository_arn | Repository ARN |
+| repository_arn_map | Map of repository names to repository ARNs |
+| repository_id_map | Map of repository names to repository IDs |
 | repository_name | Repository name |
+| repository_url_map | Map of repository names to repository URLs |
 
 
 

diff --git a/docs/terraform.md b/docs/terraform.md
@@ -5,6 +5,7 @@
 | attributes | Additional attributes (e.g. `policy` or `role`) | list(string) | `<list>` | no |
 | delimiter | Delimiter to be used between `name`, `namespace`, `stage`, etc. | string | `-` | no |
 | enabled | Set to false to prevent the module from creating any resources | bool | `true` | no |
+| image_names | List of Docker local image names, used as repository names for AWS ECR | list(string) | `<list>` | no |
 | max_image_count | How many Docker Image versions AWS ECR will store | string | `500` | no |
 | name | The Name of the application or solution  (e.g. `bastion` or `portal`) | string | - | yes |
 | namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no |
@@ -23,5 +24,8 @@
 | registry_id | Registry ID |
 | registry_url | Registry URL |
 | repository_arn | Repository ARN |
+| repository_arn_map | Map of repository names to repository ARNs |
+| repository_id_map | Map of repository names to repository IDs |
 | repository_name | Repository name |
+| repository_url_map | Map of repository names to repository URLs |
 
diff --git a/examples/multiple-repo/main.tf b/examples/multiple-repo/main.tf
@@ -0,0 +1,12 @@
+provider "aws" {
+  region = "eu-west-1"
+}
+
+module "ecr" {
+  source       = "../../"
+  namespace    = "eg"
+  stage        = "dev"
+  name         = "app"
+  use_fullname = false
+  list_image   = ["redis", "nginx"]
+}
diff --git a/examples/multiple-repo/outputs.tf b/examples/multiple-repo/outputs.tf
@@ -0,0 +1,8 @@
+output "repository_id_map" {
+  value       = module.ecr.repository_id_map
+  description = "Repository id map"
+}
+output "repository_url_map" {
+  value       = module.ecr.repository_url_map
+  description = "Repository url map"
+}
diff --git a/main.tf b/main.tf
@@ -16,9 +16,14 @@ module "label" {
   regex_replace_chars = var.regex_replace_chars
 }
 
+locals {
+  _name       = var.use_fullname ? module.label.id : module.label.name
+  image_names = length(var.image_names) > 0 ? var.image_names : [local._name]
+}
+
 resource "aws_ecr_repository" "default" {
-  count = var.enabled ? 1 : 0
-  name  = var.use_fullname ? module.label.id : module.label.name
+  count = var.enabled ? length(local.image_names) : 0
+  name  = local.image_names[count.index]
 
   image_scanning_configuration {
     scan_on_push = var.scan_images_on_push
@@ -28,8 +33,8 @@ resource "aws_ecr_repository" "default" {
 }
 
 resource "aws_ecr_lifecycle_policy" "default" {
-  count      = var.enabled ? 1 : 0
-  repository = join("", aws_ecr_repository.default.*.name)
+  count      = var.enabled ? length(local.image_names) : 0
+  repository = aws_ecr_repository.default[count.index].name
 
   policy = <<EOF
 {
@@ -64,11 +69,11 @@ EOF
 }
 
 data "aws_iam_policy_document" "empty" {
-  count = var.enabled ? 1 : 0
+  count = var.enabled ? length(local.image_names) : 0
 }
 
 data "aws_iam_policy_document" "resource_readonly_access" {
-  count = var.enabled ? 1 : 0
+  count = var.enabled ? length(local.image_names) : 0
 
   statement {
     sid    = "ReadonlyAccess"
@@ -95,7 +100,7 @@ data "aws_iam_policy_document" "resource_readonly_access" {
 }
 
 data "aws_iam_policy_document" "resource_full_access" {
-  count = var.enabled ? 1 : 0
+  count = var.enabled ? length(local.image_names) : 0
 
   statement {
     sid    = "FullAccess"
@@ -127,13 +132,13 @@ data "aws_iam_policy_document" "resource_full_access" {
 }
 
 data "aws_iam_policy_document" "resource" {
-  count         = var.enabled ? 1 : 0
-  source_json   = local.principals_readonly_access_non_empty ? join("", data.aws_iam_policy_document.resource_readonly_access.*.json) : join("", data.aws_iam_policy_document.empty.*.json)
-  override_json = local.principals_full_access_non_empty ? join("", data.aws_iam_policy_document.resource_full_access.*.json) : join("", data.aws_iam_policy_document.empty.*.json)
+  count         = var.enabled ? length(local.image_names) : 0
+  source_json   = local.principals_readonly_access_non_empty ? join("", [data.aws_iam_policy_document.resource_readonly_access[0].json]) : join("", [data.aws_iam_policy_document.empty[0].json])
+  override_json = local.principals_full_access_non_empty ? join("", [data.aws_iam_policy_document.resource_full_access[0].json]) : join("", [data.aws_iam_policy_document.empty[0].json])
 }
 
 resource "aws_ecr_repository_policy" "default" {
-  count      = local.ecr_need_policy && var.enabled ? 1 : 0
-  repository = join("", aws_ecr_repository.default.*.name)
+  count      = local.ecr_need_policy && var.enabled ? length(local.image_names) : 0
+  repository = aws_ecr_repository.default[count.index].name
   policy     = join("", data.aws_iam_policy_document.resource.*.json)
 }
diff --git a/outputs.tf b/outputs.tf
@@ -17,3 +17,27 @@ output "repository_arn" {
   value       = join("", aws_ecr_repository.default.*.arn)
   description = "Repository ARN"
 }
+
+output "repository_id_map" {
+  value = zipmap(
+    aws_ecr_repository.default[*].name
+    , aws_ecr_repository.default[*].registry_id
+  )
+  description = "Map of repository names to repository IDs"
+}
+
+output "repository_url_map" {
+  value = zipmap(
+    aws_ecr_repository.default[*].name,
+    aws_ecr_repository.default[*].repository_url
+  )
+  description = "Map of repository names to repository URLs"
+}
+
+output "repository_arn_map" {
+  value = zipmap(
+    aws_ecr_repository.default[*].name,
+    aws_ecr_repository.default[*].arn
+  )
+  description = "Map of repository names to repository ARNs"
+}
diff --git a/variables.tf b/variables.tf
@@ -74,3 +74,8 @@ variable "regex_replace_chars" {
   description = "Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`. By default only hyphens, letters and digits are allowed, all other chars are removed"
 }
 
+variable "image_names" {
+  type        = list(string)
+  default     = []
+  description = "List of Docker local image names, used as repository names for AWS ECR "
+}