diff --git a/README.md b/README.md
index 9c2538f..7371d3b 100644
--- a/README.md
+++ b/README.md
@@ -91,16 +91,21 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
+| [application](#input\_application) | Application name | `string` | n/a | yes |
+| [business\_unit](#input\_business\_unit) | Area of the MOJ responsible for the service | `string` | n/a | yes |
| [canned\_lifecycle\_policy](#input\_canned\_lifecycle\_policy) | A canned lifecycle policy to remove tagged or untagged images | `map(any)` | `null` | no |
| [deletion\_protection](#input\_deletion\_protection) | (Optional) Whether the ECR should have deletion protection enabled for non-empty registry. Set this to false if you intend to delete your ECR resource or namespace. NOTE: PR owner has responsibility to ensure that no other environments are sharing this ECR. Defaults to true. | `bool` | `true` | no |
+| [environment\_name](#input\_environment\_name) | Environment name | `string` | n/a | yes |
| [github\_actions\_prefix](#input\_github\_actions\_prefix) | String prefix for GitHub Actions variable and secrets key | `string` | `""` | no |
| [github\_environments](#input\_github\_environments) | GitHub environment in which to create github actions secrets | `list(string)` | `[]` | no |
| [github\_repositories](#input\_github\_repositories) | GitHub repositories in which to create github actions secrets | `list(string)` | `[]` | no |
+| [infrastructure\_support](#input\_infrastructure\_support) | The team responsible for managing the infrastructure. Should be of the form () | `string` | n/a | yes |
+| [is\_production](#input\_is\_production) | Whether this is used for production or not | `string` | n/a | yes |
| [lifecycle\_policy](#input\_lifecycle\_policy) | A lifecycle policy consists of one or more rules that determine which images in a repository should be expired. | `string` | `null` | no |
-| [namespace](#input\_namespace) | Namespace name | `string` | `null` | no |
+| [namespace](#input\_namespace) | Namespace name | `string` | n/a | yes |
| [oidc\_providers](#input\_oidc\_providers) | OIDC providers for this ECR repository, valid values are "github" or "circleci" | `list(string)` | `[]` | no |
| [repo\_name](#input\_repo\_name) | Name of the repository to be created | `string` | n/a | yes |
-| [team\_name](#input\_team\_name) | Name of the team creating the credentials | `string` | n/a | yes |
+| [team\_name](#input\_team\_name) | Team name | `string` | n/a | yes |
## Outputs
diff --git a/examples/ecr.tf b/examples/ecr.tf
index 3f0a9af..75bfa32 100644
--- a/examples/ecr.tf
+++ b/examples/ecr.tf
@@ -8,9 +8,7 @@ module "ecr" {
source = "github.com/ministryofjustice/cloud-platform-terraform-ecr-credentials?ref=5.3.0"
# REQUIRED: Repository configuration
- team_name = var.team_name
repo_name = var.namespace
- namespace = var.namespace
# REQUIRED: OIDC providers to configure, either "github", "circleci", or both
oidc_providers = ["github"]
@@ -76,4 +74,13 @@ module "ecr" {
# Defaults to true
# deletion_protection = false
+
+ # Tags (commented out until release)
+ # business_unit = var.business_unit
+ # application = var.application
+ # is_production = var.is_production
+ team_name = var.team_name # also used for naming the container repository
+ namespace = var.namespace # also used for creating a Kubernetes ConfigMap
+ # environment_name = var.environment
+ # infrastructure_support = var.infrastructure_support
}
diff --git a/examples/variables.tf b/examples/variables.tf
index 7adc2b5..b491f13 100644
--- a/examples/variables.tf
+++ b/examples/variables.tf
@@ -1,56 +1,37 @@
-/*
- * When using this module through the cloud-platform-environments,
- * the next 3 variables are automatically supplied by the pipeline.
- *
-*/
-variable "cluster_name" {}
-
-variable "kubernetes_cluster" {}
-
-variable "application" {
- description = "Name of Application you are deploying"
- default = "example-app"
+variable "business_unit" {
+ default = "Platforms"
}
-variable "namespace" {
- default = "example-team"
+variable "application" {
+ default = "cloud-platform-terraform-ecr-credentials example module"
}
-variable "business_unit" {
- description = "Area of the MOJ responsible for the service."
- default = "Example"
+variable "is_production" {
+ default = "false"
}
variable "team_name" {
- description = "The name of your development team"
- default = "example"
+ default = "webops"
}
-variable "environment_name" {
- description = "The type of environment you're deploying to."
- default = "development"
-}
-
-variable "infrastructure_support" {
- description = "The team responsible for managing the infrastructure. Should be of the form team-email."
- default = "example@digital.justice.gov.uk"
+variable "namespace" {
+ default = "cloud-platform-terraform-ecr-credentials-example-module"
}
-variable "is_production" {
- default = "false"
+variable "environment" {
+ default = "non-production"
}
-variable "slack_channel" {
- description = "Team slack channel to use if we need to contact your team"
- default = "example"
+variable "infrastructure_support" {
+ default = "Cloud Platform"
}
variable "github_owner" {
- description = "Required by the github terraform provider"
+ description = "Required by the GitHub terraform provider"
default = "ministryofjustice"
}
variable "github_token" {
- description = "Required by the github terraform provider"
+ description = "Required by the GitHub terraform provider"
default = ""
-}
\ No newline at end of file
+}
diff --git a/main.tf b/main.tf
index affd341..85d3924 100644
--- a/main.tf
+++ b/main.tf
@@ -1,4 +1,5 @@
locals {
+ # GitHub configuration
github_repositories = toset([
for repository in var.github_repositories : {
repository = repository
@@ -15,6 +16,20 @@ locals {
environment = pair[1].environment
}
]
+
+ # Tags
+ default_tags = {
+ # Mandatory
+ business-unit = var.business_unit
+ application = var.application
+ is-production = var.is_production
+ owner = var.team_name
+ namespace = var.namespace # for billing and identification purposes
+
+ # Optional
+ environment-name = var.environment_name
+ infrastructure-support = var.infrastructure_support
+ }
}
data "aws_caller_identity" "current" {}
@@ -27,6 +42,8 @@ resource "aws_ecr_repository" "repo" {
scan_on_push = true
}
force_delete = var.deletion_protection ? false : true
+
+ tags = local.default_tags
}
# ECR lifecycle policy
@@ -132,6 +149,7 @@ resource "aws_iam_policy" "irsa" {
name = "${local.oidc_identifier}-irsa"
path = "/cloud-platform/ecr/"
policy = data.aws_iam_policy_document.irsa.json
+ tags = local.default_tags
}
####################
@@ -217,6 +235,7 @@ resource "aws_iam_policy" "ecr" {
name = local.oidc_identifier
policy = data.aws_iam_policy_document.base.json
+ tags = local.default_tags
}
# GitHub: OIDC provider
@@ -258,6 +277,8 @@ resource "aws_iam_role" "github" {
name = "${local.oidc_identifier}-github"
assume_role_policy = data.aws_iam_policy_document.github.json
+
+ tags = local.default_tags
}
resource "aws_iam_role_policy_attachment" "github_ecr" {
@@ -361,6 +382,8 @@ resource "aws_iam_role" "circleci" {
name = "${local.oidc_identifier}-circleci"
assume_role_policy = data.aws_iam_policy_document.circleci.json
+
+ tags = local.default_tags
}
resource "aws_iam_role_policy_attachment" "circleci_ecr" {
diff --git a/test/unit-test/main.tf b/test/unit-test/main.tf
index da50e6b..48642ce 100644
--- a/test/unit-test/main.tf
+++ b/test/unit-test/main.tf
@@ -5,7 +5,15 @@ provider "aws" {
module "ecr" {
source = "../.."
- repo_name = "ecr-repo-unit-test"
- team_name = "cloud-platform"
- namespace = "cloud-platform"
+ # Configuration
+ repo_name = var.namespace
+
+ # Tags
+ business_unit = var.business_unit
+ application = var.application
+ is_production = var.is_production
+ team_name = var.team_name # also used for naming the container repository
+ namespace = var.namespace # also used for creating a Kubernetes ConfigMap
+ environment_name = var.environment
+ infrastructure_support = var.infrastructure_support
}
diff --git a/test/unit-test/variables.tf b/test/unit-test/variables.tf
new file mode 100644
index 0000000..b491f13
--- /dev/null
+++ b/test/unit-test/variables.tf
@@ -0,0 +1,37 @@
+variable "business_unit" {
+ default = "Platforms"
+}
+
+variable "application" {
+ default = "cloud-platform-terraform-ecr-credentials example module"
+}
+
+variable "is_production" {
+ default = "false"
+}
+
+variable "team_name" {
+ default = "webops"
+}
+
+variable "namespace" {
+ default = "cloud-platform-terraform-ecr-credentials-example-module"
+}
+
+variable "environment" {
+ default = "non-production"
+}
+
+variable "infrastructure_support" {
+ default = "Cloud Platform"
+}
+
+variable "github_owner" {
+ description = "Required by the GitHub terraform provider"
+ default = "ministryofjustice"
+}
+
+variable "github_token" {
+ description = "Required by the GitHub terraform provider"
+ default = ""
+}
diff --git a/test/unit-test/versions.tf b/test/unit-test/versions.tf
index 95ecfdb..2675d3a 100644
--- a/test/unit-test/versions.tf
+++ b/test/unit-test/versions.tf
@@ -1,9 +1,9 @@
terraform {
+ required_version = ">= 1.2.5"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.0.0"
+ version = ">= 4.0.0"
}
}
- required_version = ">= 1.2.5"
}
diff --git a/variables.tf b/variables.tf
index 34dca83..751f05e 100644
--- a/variables.tf
+++ b/variables.tf
@@ -3,17 +3,6 @@ variable "repo_name" {
type = string
}
-variable "team_name" {
- description = "Name of the team creating the credentials"
- type = string
-}
-
-variable "namespace" {
- description = "Namespace name"
- type = string
- default = null
-}
-
variable "github_repositories" {
description = "GitHub repositories in which to create github actions secrets"
default = []
@@ -59,3 +48,41 @@ variable "deletion_protection" {
type = bool
default = true
}
+
+########
+# Tags #
+########
+variable "business_unit" {
+ description = "Area of the MOJ responsible for the service"
+ type = string
+}
+
+variable "application" {
+ description = "Application name"
+ type = string
+}
+
+variable "is_production" {
+ description = "Whether this is used for production or not"
+ type = string
+}
+
+variable "team_name" {
+ description = "Team name"
+ type = string
+}
+
+variable "namespace" {
+ description = "Namespace name"
+ type = string
+}
+
+variable "environment_name" {
+ description = "Environment name"
+ type = string
+}
+
+variable "infrastructure_support" {
+ description = "The team responsible for managing the infrastructure. Should be of the form ()"
+ type = string
+}