feat!: Allow multiple scan filters per scan type in registry; Raise MSV of Terraform and AWS provider to 1.0 and 5.0 respectively (#29)

vrnvikas · bryantbiggs · web-flow · commit cbba4fd31f5a · 2024-03-15T10:35:50.000-04:00
* feat: Add support for multiple scan filters per scan type in registry scan rules

* refactor repository_filter var name and raise MSV of Terraform and AWS provider to 1.0 and 5.0 respectively

* chore: Fix example version

---------

Co-authored-by: Bryant Biggs &lt;bryantbiggs@gmail.com&gt;
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.88.0
+    rev: v1.88.2
     hooks:
       - id: terraform_fmt
       - id: terraform_wrapper_module_for_each
diff --git a/README.md b/README.md
@@ -129,12 +129,23 @@ module "ecr_registry" {
   registry_scan_rules = [
     {
       scan_frequency = "SCAN_ON_PUSH"
-      filter         = "*"
-      filter_type    = "WILDCARD"
-      }, {
+      filter = [
+        {
+          filter      = "example1"
+          filter_type = "WILDCARD"
+        },
+        { filter      = "example2"
+          filter_type = "WILDCARD"
+        }
+      ]
+    }, {
       scan_frequency = "CONTINUOUS_SCAN"
-      filter         = "example"
-      filter_type    = "WILDCARD"
+      filter = [
+        {
+          filter      = "example"
+          filter_type = "WILDCARD"
+        }
+      ]
     }
   ]
 
@@ -181,14 +192,14 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.22 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.22 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
 
 ## Modules
 
diff --git a/examples/complete/README.md b/examples/complete/README.md
@@ -27,14 +27,14 @@ Note that this example may create resources which will incur monetary charges on
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.22 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.22 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
 
 ## Modules
 
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -137,12 +137,23 @@ module "ecr_registry" {
   registry_scan_rules = [
     {
       scan_frequency = "SCAN_ON_PUSH"
-      filter         = "*"
-      filter_type    = "WILDCARD"
+      filter = [
+        {
+          filter      = "example1"
+          filter_type = "WILDCARD"
+        },
+        { filter      = "example2"
+          filter_type = "WILDCARD"
+        }
+      ]
       }, {
       scan_frequency = "CONTINUOUS_SCAN"
-      filter         = "example"
-      filter_type    = "WILDCARD"
+      filter = [
+        {
+          filter      = "example"
+          filter_type = "WILDCARD"
+        }
+      ]
     }
   ]
 
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 0.13.1"
+  required_version = ">= 1.0"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.22"
+      version = ">= 5.0"
     }
   }
 }
diff --git a/main.tf b/main.tf
@@ -287,9 +287,13 @@ resource "aws_ecr_registry_scanning_configuration" "this" {
     content {
       scan_frequency = rule.value.scan_frequency
 
-      repository_filter {
-        filter      = rule.value.filter
-        filter_type = try(rule.value.filter_type, "WILDCARD")
+      dynamic "repository_filter" {
+        for_each = rule.value.filter
+
+        content {
+          filter      = repository_filter.value.filter
+          filter_type = try(repository_filter.value.filter_type, "WILDCARD")
+        }
       }
     }
   }
diff --git a/versions.tf b/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 0.13.1"
+  required_version = ">= 1.0"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.22"
+      version = ">= 5.0"
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,10 +1,10 @@`
`1`	`1`	`terraform {`
`2`		`- required_version = ">= 0.13.1"`
	`2`	`+ required_version = ">= 1.0"`
`3`	`3`
`4`	`4`	`required_providers {`
`5`	`5`	`aws = {`
`6`	`6`	`source = "hashicorp/aws"`
`7`		`- version = ">= 4.22"`
	`7`	`+ version = ">= 5.0"`
`8`	`8`	`}`
`9`	`9`	`}`
`10`	`10`	`}`
Original file line number	Diff line number	Diff line change
`@@ -287,9 +287,13 @@ resource "aws_ecr_registry_scanning_configuration" "this" {`
`287`	`287`	`content {`
`288`	`288`	`scan_frequency = rule.value.scan_frequency`
`289`	`289`
`290`		`- repository_filter {`
`291`		`- filter = rule.value.filter`
`292`		`- filter_type = try(rule.value.filter_type, "WILDCARD")`
	`290`	`+ dynamic "repository_filter" {`
	`291`	`+ for_each = rule.value.filter`
	`292`	`+`
	`293`	`+ content {`
	`294`	`+ filter = repository_filter.value.filter`
	`295`	`+ filter_type = try(repository_filter.value.filter_type, "WILDCARD")`
	`296`	`+ }`
`293`	`297`	`}`
`294`	`298`	`}`
`295`	`299`	`}`