terraform-azure-mcaf-container-registry

Terraform module to generate Azure Container Registry

Requirements

Name	Version
terraform	>= 1.8
azurerm	>= 4, < 5.0.0

Providers

Name	Version
azurerm	>= 4, < 5.0.0

Modules

No modules.

Resources

Name	Type
azurerm_container_registry.this	resource
azurerm_monitor_diagnostic_setting.this	resource
azurerm_resource_group.this	resource
azurerm_role_assignment.acr	resource
azurerm_key_vault_key.this	data source
azurerm_user_assigned_identity.this	data source

Inputs

Name	Description	Type	Default	Required
acr	This object describes the configuration for an Azure Container Registry. - name - (Optional) Specifies the name of the Container Registry. Changing this forces a new resource to be created. - resource_group_name - (Optional) The name of the resource group in which to create the Container Registry. Changing this forces a new resource to be created. - location - (Optional) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. - sku - (Optional) The SKU name of the the Container Registry. Possible values are Basic, Premium. - admin_enabled - (Optional) Specifies whether the admin user is enabled. Defaults to false. - anonymous_pull_enabled - (Optional) Specifies whether anonymous pull is enabled. Defaults to false. - quarantine_policy_enabled - (Optional) Specifies whether quarantine policy is enabled. Defaults to false. - public_network_access_enabled - (Optional) Specifies whether public network access is enabled. Defaults to false. - export_policy_enabled - (Optional) Specifies whether export policy is enabled. Defaults to false. - retention_policy_in_days - (Optional) Specifies the number of days to retain untagged manifests. Defaults to 7. - network_bypass - (Optional) Specifies the network bypass options. Possible values are AzureServices, None, and ServiceEndpoints. - managed_identities - (Optional) Specifies the Managed Identity configuration. The following properties can be specified: - system_assigned - (Optional) Specifies if the System Assigned Managed Identity should be enabled. Defaults to false. - user_assigned_resource_ids - (Optional) Specifies a list of User Assigned Managed Identity resource IDs to be assigned to this resource. Defaults to []. - network_rule_set - (Optional) Specifies the network rule set configuration. The following properties can be specified: - default_action - (Optional) Specifies the default action for network rule set. Possible values are Allow and Deny. Defaults to Deny. - ip_rule - (Optional) Specifies the IP rule configuration. The following properties can be specified: - action - (Optional) Specifies the action for the IP rule. Possible values are Allow and Deny. Defaults to Allow. - ip_range - (Required) Specifies the IP range for the IP rule. - zone_redundancy_enabled - (Optional) Specifies whether zone redundancy is enabled. Defaults to tru. - role_assignments - (Optional) Specifies the role assignments for the Container Registry. The following properties can be specified: - principal_id - (Required) The ID of the principal to assign the role to. - role - (Required) The role to assign to the principal. Possible values are AcrPull, AcrPush - tags - (Optional) A mapping of tags to assign to the resource. Example Inputs: hcl module "acr" { source = "somelocation" acr = { name = "myacr123" resource_group_name = "myrg" location = "germanywestcentral" admin_enabled = false public_network_access_enabled = false network_rule_bypass_option = "AzureServices" } tags = { "deploymentmodel" = "Terraform" } } }	object({ name = optional(string) resource_group_name = optional(string) location = optional(string) sku = optional(string, "Premium") anonymous_pull_enabled = optional(bool, false) quarantine_policy_enabled = optional(bool, false) admin_enabled = optional(bool, false) public_network_access_enabled = optional(bool, false) enable_trust_policy = optional(bool, false) export_policy_enabled = optional(bool, false) retention_policy_in_days = optional(number, 7) network_rule_bypass_option = optional(string, "None") managed_identities = optional(object({ system_assigned = optional(bool, false) user_assigned_resource_ids = optional(set(string), []) }), {}) network_rule_set = optional(object({ default_action = optional(string, "Deny") ip_rule = optional(list(object({ # since the action property only permits Allow, this is hard-coded. action = optional(string, "Allow") ip_range = string })), []) }), null) georeplications = optional(list(object({ location = string regional_endpoint_enabled = optional(bool, true) zone_redundancy_enabled = optional(bool, true) tags = optional(map(any), null) })), []) zone_redundancy_enabled = optional(bool, true) role_assignments = optional(map(object({ principal_id = string role = string }))) tags = optional(map(string)) })	{}	no
customer_managed_key	A map of diagnostic settings to create on the Key Vault. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time. Controls the Customer managed key configuration on this resource. The following properties can be specified: - key_vault_resource_id - (Required) Resource ID of the Key Vault that the customer managed key belongs to. - key_name - (Required) Specifies the name of the Customer Managed Key Vault Key. - key_version - (Optional) The version of the Customer Managed Key Vault Key. - user_assigned_identity - (Optional) The User Assigned Identity that has access to the key. - resource_id - (Required) The resource ID of the User Assigned Identity that has access to the key.	object({ key_vault_resource_id = string key_name = string key_version = optional(string, null) user_assigned_identity = optional(object({ resource_id = string }), null) })	null	no
diagnostic_settings	A map of diagnostic settings to create on the Container Registry. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time. - name - (Optional) The name of the diagnostic setting. One will be generated if not set, however this will not be unique if you want to create multiple diagnostic setting resources. - log_categories - (Optional) A set of log categories to send to the log analytics workspace. Defaults to []. - log_groups - (Optional) A set of log groups to send to the log analytics workspace. Defaults to ["allLogs"]. - metric_categories - (Optional) A set of metric categories to send to the log analytics workspace. Defaults to ["AllMetrics"]. - log_analytics_destination_type - (Optional) The destination type for the diagnostic setting. Possible values are Dedicated and AzureDiagnostics. Defaults to Dedicated. - workspace_resource_id - (Optional) The resource ID of the log analytics workspace to send logs and metrics to. - storage_account_resource_id - (Optional) The resource ID of the storage account to send logs and metrics to. - event_hub_authorization_rule_resource_id - (Optional) The resource ID of the event hub authorization rule to send logs and metrics to. - event_hub_name - (Optional) The name of the event hub. If none is specified, the default event hub will be selected. - marketplace_partner_resource_id - (Optional) The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic LogsLogs.	map(object({ name = optional(string, null) log_categories = optional(set(string), []) log_groups = optional(set(string), ["allLogs"]) metric_categories = optional(set(string), ["AllMetrics"]) log_analytics_destination_type = optional(string, "Dedicated") workspace_resource_id = optional(string, null) storage_account_resource_id = optional(string, null) event_hub_authorization_rule_resource_id = optional(string, null) event_hub_name = optional(string, null) marketplace_partner_resource_id = optional(string, null) }))	{}	no
location	Azure region where the resource should be deployed.	string	null	no
resource_group_name	The name of the resource group in which to create the Container Registry.	string	null	no
tags	A map of tags to assign to the resource.	map(string)	{}	no

Outputs

Name	Description
azure_container_registry_admin_password	n/a
azure_container_registry_admin_username	n/a
login_server	The login server of the parent resource.
name	The name of the parent resource.
resource	This is the full output for the resource.
resource_id	The resource id for the parent resource.
system_assigned_mi_principal_id	The system assigned managed identity principal ID of the parent resource.

License

Copyright: Schuberg Philis

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.