DEVOPS-304 azure container registry terraform module (#18)

Author: githubofkrishnadhas

container-registry/acr.tf

@@ -0,0 +1,52 @@
+resource "azurerm_resource_group" "acr_rg" {
+  name     = var.resource_group_name
+  location = var.location
+  tags = {
+    Environment     = upper(var.environment)
+    Orchestrator    = "Terraform"
+    DisplayName     = upper(var.resource_group_name)
+    ApplicationName = lower(var.application_name)
+    Temporary       = upper(var.temporary)
+  }
+}
+
+
+resource "azurerm_container_registry" "acr" {
+  name = var.container_registry_name
+  resource_group_name = azurerm_resource_group.acr_rg.name
+  location = azurerm_resource_group.acr_rg.location
+  sku = var.sku_name 
+
+  dynamic "georeplications" {
+    for_each = var.georeplications
+    content {
+      location                = georeplications.value.location
+      zone_redundancy_enabled = var.sku_name == "Premium" ? georeplications.value.zone_redundancy_enabled : false
+      tags = {
+            Environment     = upper(var.environment)
+            Orchestrator    = "Terraform"
+            DisplayName     = "replication-${upper(var.container_registry_name)}"
+            ApplicationName = lower(var.application_name)
+            Temporary       = upper(var.temporary)
+        }
+    }
+  }
+
+    retention_policy_in_days = var.sku_name == "Premium" ? var.container_registry_config.retention_policy_in_days : null
+    public_network_access_enabled = var.container_registry_config.public_network_access_enabled
+    quarantine_policy_enabled = var.sku_name == "Premium" ? var.container_registry_config.quarantine_policy_enabled : false
+    zone_redundancy_enabled = var.sku_name == "Premium" ? var.container_registry_config.zone_redundancy_enabled : false
+    admin_enabled = var.container_registry_config.admin_enabled
+    anonymous_pull_enabled = var.sku_name != "Basic" ? var.container_registry_config.anonymous_pull_enabled : false
+    data_endpoint_enabled = var.sku_name == "Premium" ? var.container_registry_config.data_endpoint_enabled : false
+    trust_policy_enabled = var.sku_name == "Premium" ? var.container_registry_config.trust_policy_enabled : false
+
+    network_rule_bypass_option = var.azure_services_bypass
+    tags = {
+            Environment     = upper(var.environment)
+            Orchestrator    = "Terraform"
+            DisplayName     = upper(var.container_registry_name)
+            ApplicationName = lower(var.application_name)
+            Temporary       = upper(var.temporary)
+        }
+}

container-registry/outputs.tf

@@ -0,0 +1,37 @@
+output "container_registry_name" {
+  description = "Azure container registry name"
+  value       = azurerm_container_registry.acr.name
+}
+
+output "acr_rg" {
+  description = "Azure container registry RG"
+  value       = azurerm_resource_group.acr_rg.name
+}
+
+output "acr_login_server" {
+  description = "The URL that can be used to log into the container registry"
+  value       = azurerm_container_registry.acr.login_server
+}
+
+output "acr_admin_enabled" {
+  description = "Admin user is enabled for acr or not"
+  value       = azurerm_container_registry.acr.admin_enabled
+}
+
+output "acr_admin_username" {
+  description = "Username associated with the Container Registry Admin account - if the admin account is enabled"
+  value       = azurerm_container_registry.acr.admin_username
+  depends_on  = [azurerm_container_registry.acr]
+}
+
+output "acr_admin_password" {
+  description = " Password associated with the Container Registry Admin account - if the admin account is enabled"
+  value       = nonsensitive(azurerm_container_registry.acr.admin_password)
+  depends_on  = [azurerm_container_registry.acr]
+  sensitive = false 
+}
+
+output "acr_anonymous_pull_enabled" {
+  description = "Anonymous pull is enabled on ACR or not"
+  value       = azurerm_container_registry.acr.anonymous_pull_enabled
+}

container-registry/providers.tf

@@ -0,0 +1,12 @@
+terraform {
+  required_version = "~> 1.3"
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "<= 4.0"
+    }
+  }
+}
+provider "azurerm" {
+  features {}
+}

container-registry/variables.tf

@@ -0,0 +1,90 @@
+variable "resource_group_name" {
+  type        = string
+  description = "Azure container registry Rg"
+  default     = ""
+}
+
+variable "location" {
+  type        = string
+  description = "Azure container registry location"
+  default     = ""
+}
+
+variable "container_registry_name" {
+  description = "Azure container registry name"
+  type        = string
+  default     = ""
+
+}
+
+variable "sku_name" {
+  default     = "Basic"
+  description = "Container registry SKUs available in Azure. Valid options are Basic, Standard or Premium"
+  validation {
+    condition     = contains(["Basic", "Standard", "Premium"], var.sku_name)
+    error_message = "Container registry SKU should be one among Basic, Standard or Premium"
+  }
+}
+
+variable "environment" {
+  default     = "DEV"
+  description = "Environment tag value in Azure"
+  type        = string
+  validation {
+    condition     = contains(["DEV", "QA", "UAT", "PROD"], var.environment)
+    error_message = "Environment value should be one among DEV or QA or UAT or PROD."
+  }
+}
+
+variable "application_name" {
+  default     = "devwithkrishna"
+  description = "Azure application name tag"
+}
+
+variable "temporary" {
+  default     = "TRUE"
+  description = "Temporary tag value in Azure"
+  type        = string
+  validation {
+    condition     = contains(["TRUE", "FALSE"], upper(var.temporary))
+    error_message = "The temporary tag value must be either 'TRUE' or 'FALSE'."
+  }
+
+}
+
+# Container registry extra config
+variable "container_registry_config" {
+  type = object({
+    admin_enabled                 = optional(bool)
+    quarantine_policy_enabled     = optional(bool)
+    zone_redundancy_enabled       = optional(bool)
+    public_network_access_enabled = optional(bool)
+    retention_policy_in_days      = optional(number)
+    trust_policy_enabled          = optional(bool)
+    anonymous_pull_enabled        = optional(bool)
+    data_endpoint_enabled         = optional(bool)
+  })
+  description = "Manages an Azure Container Registry"
+}
+
+#azure_service_bypass
+variable "azure_services_bypass" {
+  type        = string
+  default     = "AzureServices"
+  description = "Whether to allow trusted Azure services to access a network restricted Container Registry? Possible values are None and AzureServices. Defaults to AzureServices"
+  validation {
+    condition     = contains(["None", "AzureServices"], var.azure_services_bypass)
+    error_message = "Possible values are None or AzureServices"
+  }
+}
+
+# Acr geo replication config
+variable "georeplications" {
+  description = "A list of Azure locations where the container registry should be geo-replicated"
+  type = list(object({
+    location                = string
+    zone_redundancy_enabled = optional(bool)
+  }))
+  default = []
+
+}