Skip to content

Commit 7b12ed1

Browse files
using-systemusing-system
authored
Merge pull request #37 from using-system/features/acr-update
feat : Add ip_rules variable for az-acr tf module
2 parents 6b4c4f3 + f2777d5 commit 7b12ed1

File tree

4 files changed

+30
-6
lines changed

4 files changed

+30
-6
lines changed

terraform/modules/az-acr/README.md

4.26 KB

Providers

Name Version
azurerm 3.82.0
Name Version
azurerm 3.76.0

Modules

No modules.

Inputs

Name Description Type Default Required
admin_enabled Determines if the admin user is enabled bool false no
enable_lock_on_acr Determines if the lock on acr is enabled bool true no
georeplication_locations List of locations for the georeplication list(string) [] no
identity_ids A list of identities associated with the acr. list(string) [] no
identity_type The type of identity used for the acr. string "SystemAssigned" no
location Azure Region Location any n/a yes
name Name of the acr any n/a yes
network_rule_bypass_option Determines if the network rule bypass option is enabled string "None" no
public_network_access_enabled Determines if the public network access is enabled bool false no
quarantine_policy_enabled Determines if the quarantine policy is enabled bool true no
resource_group_name Resource group name of the acr any n/a yes
retention_policy_days Number of days to retain an untagged manifest after which it gets purged number 7 no
retention_policy_enabled Determines if the retention policy is enabled bool true no
sku The SKU name of the container registry. string "Premium" no
tags Tags to associate with resources. map(string) n/a yes
trust_policy_enabled Determines if the trust policy is enabled bool true no
zone_redundancy_enabled Determines if the zone redundancy is enabled bool true no
Name Description Type Default Required
admin_enabled Determines if the admin user is enabled bool false no
enable_lock_on_acr Determines if the lock on acr is enabled bool true no
georeplication_locations List of locations for the georeplication list(string) [] no
identity_ids A list of identities associated with the acr. list(string) [] no
identity_type The type of identity used for the acr. string "SystemAssigned" no
ip_rules List of IP rules to allow on the acr. list(string) [] no
location Azure Region Location any n/a yes
name Name of the acr any n/a yes
network_rule_bypass_option Determines if the network rule bypass option is enabled string "None" no
public_network_access_enabled Determines if the public network access is enabled bool false no
quarantine_policy_enabled Determines if the quarantine policy is enabled bool true no
resource_group_name Resource group name of the acr any n/a yes
retention_policy_days Number of days to retain an untagged manifest after which it gets purged number 7 no
retention_policy_enabled Determines if the retention policy is enabled bool true no
sku The SKU name of the container registry. string "Premium" no
tags Tags to associate with resources. map(string) n/a yes
trust_policy_enabled Determines if the trust policy is enabled bool true no
zone_redundancy_enabled Determines if the zone redundancy is enabled bool true no

Outputs

terraform/modules/az-acr/main.tf

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,23 @@ resource "azurerm_container_registry" "acr" {
2626
}
2727
}
2828

29+
dynamic "network_rule_set" {
30+
for_each = length(var.ip_rules) > 0 ? [1] : []
31+
32+
content {
33+
default_action = "Deny"
34+
35+
dynamic "ip_rule" {
36+
for_each = var.ip_rules
37+
38+
content {
39+
action = "Allow"
40+
ip_range = ip_rule.value
41+
}
42+
}
43+
}
44+
}
45+
2946
zone_redundancy_enabled = var.zone_redundancy_enabled
3047

3148
identity {

terraform/modules/az-acr/tests/acr_secure.tftest.hcl

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -14,11 +14,11 @@ run "plan" {
1414
command = plan
1515

1616
variables {
17-
name = "usingsystemazacrtest1"
18-
location = run.setup.resource_group_location
19-
resource_group_name = run.setup.resource_group_name
20-
21-
tags = { Environment = "Test" }
17+
name = "usingsystemazacrtest1"
18+
location = run.setup.resource_group_location
19+
resource_group_name = run.setup.resource_group_name
20+
ip_rules = ["20.75.211.8/29", "20.99.157.152/29"]
21+
tags = { Environment = "Test" }
2222
}
2323

2424
assert {
@@ -126,7 +126,8 @@ run "apply" {
126126
name = "usingsystemazacrtest1"
127127
location = run.setup.resource_group_location
128128
resource_group_name = run.setup.resource_group_name
129-
129+
ip_rules = ["20.75.211.8/29", "20.99.157.152/29"]
130+
130131
tags = { Environment = "Test" }
131132
}
132133

terraform/modules/az-acr/variables.tf

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -87,6 +87,12 @@ variable "identity_ids" {
8787
default = []
8888
}
8989

90+
variable "ip_rules" {
91+
description = "List of IP rules to allow on the acr."
92+
type = list(string)
93+
default = []
94+
}
95+
9096
variable "tags" {
9197
description = "Tags to associate with resources."
9298
type = map(string)

0 commit comments

Comments
 (0)