Merge pull request #24 from clouddrove/feat/enable-disable-module

feat: module enable-disable feature added
clouddrove · Oct 9, 2023 · 2161c01 · 2161c01
2 parents 0e29065 + 687d108
commit 2161c01
Show file tree

Hide file tree

Showing 12 changed files with 35 additions and 20 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -28,7 +28,7 @@ updates:
     open-pull-requests-limit: 3
 
   - package-ecosystem: "terraform" # See documentation for possible values
-    directory: "/_example/privat_ecr" # Location of package manifests
+    directory: "/_example/private_ecr" # Location of package manifests
     schedule:
       interval: "weekly"
     # Add assignees

diff --git a/.github/workflows/auto_assignee.yml b/.github/workflows/auto_assignee.yml
@@ -5,7 +5,7 @@ on:
   workflow_dispatch:
 jobs:
   assignee:
-    uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@1.0.6
     secrets:
       GITHUB: ${{ secrets.GITHUB }}
     with:

diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml
@@ -7,7 +7,7 @@ on:
   workflow_dispatch:
 jobs:
   changelog:
-    uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@1.0.6
     secrets: inherit
     with:
       branch: 'master'
diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml
@@ -6,10 +6,10 @@ on:
   workflow_dispatch:
 jobs:
   private_ecr:
-    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6
     with:
       working_directory: './_example/private_ecr/'
   public_ecr:
-    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6
     with:
       working_directory: './_example/public_ecr/'
diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml
@@ -6,6 +6,6 @@ on:
   workflow_dispatch:
 jobs:
   tf-lint:
-    uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@1.0.6
     secrets:
       GITHUB: ${{ secrets.GITHUB }}
diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml
@@ -5,7 +5,7 @@ on:
   workflow_dispatch:
 jobs:
   tfsec:
-    uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@1.0.6
     secrets: inherit
     with:
       working_directory: '.'
diff --git a/_example/private_ecr/example.tf b/_example/private_ecr/example.tf
@@ -11,7 +11,8 @@ locals {
 ## private_ecr module call.
 ##-----------------------------------------------------------------------------
 module "private_ecr" {
-  source             = "./../../"
+  source = "./../../"
+
   enable_private_ecr = true
   name               = local.name
   environment        = local.environment

diff --git a/_example/private_ecr/versions.tf b/_example/private_ecr/versions.tf
@@ -1,11 +1,11 @@
 # Terraform version
 terraform {
-  required_version = ">= 1.5.5"
+  required_version = ">= 1.5.7"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.13.1"
+      version = ">= 5.20.0"
     }
   }
 }
diff --git a/_example/public_ecr/versions.tf b/_example/public_ecr/versions.tf
@@ -1,11 +1,11 @@
 # Terraform version
 terraform {
-  required_version = ">= 1.5.5"
+  required_version = ">= 1.5.7"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.13.1"
+      version = ">= 5.20.0"
     }
   }
 }
diff --git a/main.tf b/main.tf
@@ -33,7 +33,7 @@ module "labels" {
 # Private Repository
 ################################################################################
 resource "aws_ecr_repository" "default" {
-  count                = var.enable_private_ecr ? 1 : 0
+  count                = var.enable && var.enable_private_ecr ? 1 : 0
   name                 = var.use_fullname != "" ? var.use_fullname : module.labels.id
   tags                 = module.labels.tags
   image_tag_mutability = var.image_tag_mutability
@@ -57,7 +57,7 @@ resource "aws_ecr_repository" "default" {
 }
 
 resource "aws_ecr_lifecycle_policy" "private" {
-  count      = var.enable_private_ecr ? 1 : 0
+  count      = var.enable && var.enable_private_ecr ? 1 : 0
   repository = join("", aws_ecr_repository.default[*].name)
 
   policy = <<EOF
@@ -96,7 +96,7 @@ EOF
 # Public Repository
 ################################################################################
 resource "aws_ecrpublic_repository" "default" {
-  count = var.enable_public_ecr ? 1 : 0
+  count = var.enable && var.enable_public_ecr ? 1 : 0
 
   repository_name = var.use_fullname != "" ? var.use_fullname : module.labels.id
 
@@ -119,6 +119,7 @@ resource "aws_ecrpublic_repository" "default" {
 # Private ECR IAM Policies
 ################################################################################
 data "aws_iam_policy_document" "resource_readonly_access_private" {
+  count = var.enable ? 1 : 0
   statement {
     sid    = "ReadonlyAccess"
     effect = "Allow"
@@ -153,6 +154,7 @@ data "aws_iam_policy_document" "resource_readonly_access_private" {
 }
 
 data "aws_iam_policy_document" "resource_full_access_private" {
+  count = var.enable ? 1 : 0
   statement {
     sid    = "FullAccess"
     effect = "Allow"
@@ -170,12 +172,13 @@ data "aws_iam_policy_document" "resource_full_access_private" {
 }
 
 data "aws_iam_policy_document" "resource_private" {
+  count                     = var.enable ? 1 : 0
   source_policy_documents   = [local.principals_readonly_access_non_empty ? join("", data.aws_iam_policy_document.resource_readonly_access_private[*].json) : join("", data.aws_iam_policy_document.empty[*].json)]
   override_policy_documents = [local.principals_full_access_non_empty ? join("", data.aws_iam_policy_document.resource_full_access_private[*].json) : join("", data.aws_iam_policy_document.empty[*].json)]
 }
 
 resource "aws_ecr_repository_policy" "private" {
-  count      = local.ecr_need_policy && var.enable_private_ecr ? 1 : 0
+  count      = var.enable && local.ecr_need_policy && var.enable_private_ecr ? 1 : 0
   repository = join("", aws_ecr_repository.default[*].name)
   policy     = join("", data.aws_iam_policy_document.resource_private[*].json)
 }
@@ -184,6 +187,7 @@ resource "aws_ecr_repository_policy" "private" {
 # Public ECR IAM Policies
 ################################################################################
 data "aws_iam_policy_document" "resource_readonly_access_public" {
+  count = var.enable ? 1 : 0
   statement {
     sid    = "ReadonlyAccess"
     effect = "Allow"
@@ -210,6 +214,7 @@ data "aws_iam_policy_document" "resource_readonly_access_public" {
 }
 
 data "aws_iam_policy_document" "resource_full_access_public" {
+  count = var.enable ? 1 : 0
   statement {
     sid    = "FullAccess"
     effect = "Allow"
@@ -228,14 +233,17 @@ data "aws_iam_policy_document" "resource_full_access_public" {
 
 
 data "aws_iam_policy_document" "resource_public" {
+  count                     = var.enable ? 1 : 0
   source_policy_documents   = [local.principals_readonly_access_non_empty ? join("", data.aws_iam_policy_document.resource_readonly_access_public[*].json) : join("", data.aws_iam_policy_document.empty[*].json)]
   override_policy_documents = [local.principals_full_access_non_empty ? join("", data.aws_iam_policy_document.resource_full_access_public[*].json) : join("", data.aws_iam_policy_document.empty[*].json)]
 }
 
 resource "aws_ecr_repository_policy" "public" {
-  count      = local.ecr_need_policy && var.enable_public_ecr ? 1 : 0
+  count      = var.enable && local.ecr_need_policy && var.enable_public_ecr ? 1 : 0
   repository = join("", aws_ecrpublic_repository.default[*].repository_name)
   policy     = join("", data.aws_iam_policy_document.resource_public[*].json)
 }
 
-data "aws_iam_policy_document" "empty" {}
+data "aws_iam_policy_document" "empty" {
+  count = var.enable ? 1 : 0
+}
diff --git a/variables.tf b/variables.tf
@@ -43,6 +43,12 @@ variable "tags" {
   description = "Additional tags (e.g. map(`BusinessUnit`,`XYZ`)."
 }
 
+variable "enable" {
+  type        = bool
+  default     = true
+  description = "Set to false to prevent the module from creating any resources."
+}
+
 variable "enable_private_ecr" {
   type        = bool
   default     = false

diff --git a/versions.tf b/versions.tf
@@ -1,11 +1,11 @@
 # Terraform version
 terraform {
-  required_version = ">= 1.5.5"
+  required_version = ">= 1.5.7"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.13.1"
+      version = ">= 5.20.0"
     }
   }
 }