From fdf0b576d6369cf526a028f13d27bab9ff9d79da Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Wed, 3 Jul 2024 10:41:05 -0400
Subject: [PATCH] enable lifecycle policy

---
 CHANGELOG.md |  5 ++++
 README.md    | 15 ++++++++++++
 variables.tf | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 version.tf   |  2 +-
 4 files changed, 87 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5688b38..be97082 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -23,3 +23,8 @@
 * 2.0.3 -- 2023-11-14
   - add output repository_names
   - add tags
+
+* 2.1.0 -- 2024-07-03
+  - add feature to create lifecycle policy
+    - variable enable_lifecycle_policy
+    - variables for specifying policies per specific repo
diff --git a/README.md b/README.md
index a693792..15cc460 100644
--- a/README.md
+++ b/README.md
@@ -254,6 +254,11 @@ No modules.
 
 | Name | Type |
 |------|------|
+| [aws_ecr_lifecycle_policy.all](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_lifecycle_policy) | resource |
+| [aws_ecr_lifecycle_policy.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_lifecycle_policy) | resource |
+| [aws_ecr_lifecycle_policy.explicit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_lifecycle_policy) | resource |
+| [aws_ecr_lifecycle_policy.patterns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_lifecycle_policy) | resource |
+| [aws_ecr_lifecycle_policy.prefixes](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_lifecycle_policy) | resource |
 | [aws_ecr_repository.apps_repos](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository) | resource |
 | [null_resource.copy_images](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
@@ -261,6 +266,10 @@ No modules.
 | [aws_availability_zones.zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_ecr_authorization_token.token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_authorization_token) | data source |
+| [aws_ecr_lifecycle_policy_document.any](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_lifecycle_policy_document) | data source |
+| [aws_ecr_lifecycle_policy_document.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_lifecycle_policy_document) | data source |
+| [aws_ecr_lifecycle_policy_document.patterns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_lifecycle_policy_document) | data source |
+| [aws_ecr_lifecycle_policy_document.prefixes](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_lifecycle_policy_document) | data source |
 | [aws_iam_account_alias.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
@@ -274,7 +283,13 @@ No modules.
 | <a name="input_application_name"></a> [application\_name](#input\_application\_name) | Appliication name, usually {org}-{project}, which is likely a prefix to the EKS cluster name | `string` | n/a | yes |
 | <a name="input_destination_password"></a> [destination\_password](#input\_destination\_password) | OCI destination repository password | `string` | `null` | no |
 | <a name="input_destination_username"></a> [destination\_username](#input\_destination\_username) | OCI destination repository username | `string` | `null` | no |
+| <a name="input_enable_lifecycle_policy"></a> [enable\_lifecycle\_policy](#input\_enable\_lifecycle\_policy) | Flag to enable/disable ECR lifecycle policy.  If enabled, default is 5 most recent images (count) | `bool` | `false` | no |
 | <a name="input_image_config"></a> [image\_config](#input\_image\_config) | List of image configuration objects to copy from SOURCE to DESTINATION | <pre>list(object({<br>    name            = string,<br>    tag             = string,<br>    dest_path       = string,<br>    source_registry = string,<br>    source_image    = string,<br>    source_tag      = string,<br>    enabled         = bool,<br>  }))</pre> | `[]` | no |
+| <a name="input_lifecycle_policy_all"></a> [lifecycle\_policy\_all](#input\_lifecycle\_policy\_all) | Flag to enable the same default policy (any, count of 5) if true | `bool` | `false` | no |
+| <a name="input_lifecycle_policy_default"></a> [lifecycle\_policy\_default](#input\_lifecycle\_policy\_default) | Object with settings for selecting repositories to apply a policy for 'any'.  Select repo list and number of images to keep (default: 5). | <pre>object({<br>    repos = list(string)<br>    count = optional(number, 5)<br>  })</pre> | <pre>{<br>  "count": 5,<br>  "repos": []<br>}</pre> | no |
+| <a name="input_lifecycle_policy_explicit"></a> [lifecycle\_policy\_explicit](#input\_lifecycle\_policy\_explicit) | Object with settings for selecting repositories to apply a policy for an explicit policy.  Select repo list and number of images to keep (default: 5), and a policy defined using `data.aws_ecr_lifecycle_policy_document.{name}.json'` | <pre>object({<br>    count  = optional(number, 5)<br>    repos  = list(string)<br>    policy = string<br>  })</pre> | <pre>{<br>  "count": 5,<br>  "policy": null,<br>  "repos": []<br>}</pre> | no |
+| <a name="input_lifecycle_policy_pattern"></a> [lifecycle\_policy\_pattern](#input\_lifecycle\_policy\_pattern) | Object with settings for selecting repositories to apply a policy for 'pattern'.  Select repo list and number of images to keep (default: 5), and a list of patterns (will create one rule per pattern). | <pre>object({<br>    count  = optional(number, 5)<br>    repos  = list(string)<br>    values = list(string)<br>  })</pre> | <pre>{<br>  "count": 5,<br>  "repos": [],<br>  "values": []<br>}</pre> | no |
+| <a name="input_lifecycle_policy_prefix"></a> [lifecycle\_policy\_prefix](#input\_lifecycle\_policy\_prefix) | Object with settings for selecting repositories to apply a policy for 'prefix'.  Select repo list and number of images to keep (default: 5), and a list of prefixes (will create one rule per prefix). | <pre>object({<br>    count  = optional(number, 5)<br>    repos  = list(string)<br>    values = list(string)<br>  })</pre> | <pre>{<br>  "count": 5,<br>  "repos": [],<br>  "values": []<br>}</pre> | no |
 | <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
 | <a name="input_profile"></a> [profile](#input\_profile) | AWS Profile Name, used generating key rotation file | `string` | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | Region in which to create the ECR repositories (default of current region) | `string` | `null` | no |
diff --git a/variables.tf b/variables.tf
index dde4a23..0000abd 100644
--- a/variables.tf
+++ b/variables.tf
@@ -60,3 +60,69 @@ variable "destination_password" {
   default = null
 }
 
+
+variable "enable_lifecycle_policy" {
+  description = "Flag to enable/disable ECR lifecycle policy.  If enabled, default is 5 most recent images (count)"
+  type        = bool
+  default     = false
+}
+
+variable "lifecycle_policy_all" {
+  description = "Flag to enable the same default policy (any, count of 5) if true"
+  type        = bool
+  default     = false
+}
+
+variable "lifecycle_policy_default" {
+  description = "Object with settings for selecting repositories to apply a policy for 'any'.  Select repo list and number of images to keep (default: 5)."
+  type = object({
+    repos = list(string)
+    count = optional(number, 5)
+  })
+  default = {
+    repos = []
+    count = 5
+  }
+}
+
+variable "lifecycle_policy_prefix" {
+  description = "Object with settings for selecting repositories to apply a policy for 'prefix'.  Select repo list and number of images to keep (default: 5), and a list of prefixes (will create one rule per prefix)."
+  type = object({
+    count  = optional(number, 5)
+    repos  = list(string)
+    values = list(string)
+  })
+  default = {
+    count  = 5
+    repos  = []
+    values = []
+  }
+}
+
+variable "lifecycle_policy_pattern" {
+  description = "Object with settings for selecting repositories to apply a policy for 'pattern'.  Select repo list and number of images to keep (default: 5), and a list of patterns (will create one rule per pattern)."
+  type = object({
+    count  = optional(number, 5)
+    repos  = list(string)
+    values = list(string)
+  })
+  default = {
+    count  = 5
+    repos  = []
+    values = []
+  }
+}
+
+variable "lifecycle_policy_explicit" {
+  description = "Object with settings for selecting repositories to apply a policy for an explicit policy.  Select repo list and number of images to keep (default: 5), and a policy defined using `data.aws_ecr_lifecycle_policy_document.{name}.json'"
+  type = object({
+    count  = optional(number, 5)
+    repos  = list(string)
+    policy = string
+  })
+  default = {
+    count  = 5
+    repos  = []
+    policy = null
+  }
+}
diff --git a/version.tf b/version.tf
index 66cbccb..0c7da82 100644
--- a/version.tf
+++ b/version.tf
@@ -1,4 +1,4 @@
 locals {
   _module_name    = "aws-ecr-copy-images"
-  _module_version = "2.0.3"
+  _module_version = "2.1.0"
 }