From 6f59a186ac2ce4e033f105aef156a5d144402888 Mon Sep 17 00:00:00 2001
From: Christian Kappen <christian.kappen@geekcell.io>
Date: Tue, 2 Jul 2024 15:14:07 +0200
Subject: [PATCH 1/2] feat: Add KMS functionality

feat: Add KMS functionality
---
 README.md                      | 18 ++++++++++--------
 examples/basic-example/main.tf |  2 +-
 main.tf                        |  5 +++++
 variables.tf                   | 28 ++++++++++++++++++++--------
 4 files changed, 36 insertions(+), 17 deletions(-)

diff --git a/README.md b/README.md
index d730151..722dc93 100644
--- a/README.md
+++ b/README.md
@@ -55,8 +55,10 @@ benefits of a lifecycle policy, all with just a few simple commands. Try it out
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_encryption_type"></a> [encryption\_type](#input\_encryption\_type) | The encryption type to use for the repository. | `string` | `"AES256"` | no |
 | <a name="input_force_delete"></a> [force\_delete](#input\_force\_delete) | Delete the repository even if it contains images. | `bool` | `false` | no |
 | <a name="input_image_tag_mutability"></a> [image\_tag\_mutability](#input\_image\_tag\_mutability) | The tag mutability setting for the repository. | `string` | `"MUTABLE"` | no |
+| <a name="input_kms_key"></a> [kms\_key](#input\_kms\_key) | The ARN of the KMS key to use for encryption. | `string` | `null` | no |
 | <a name="input_lifecycle_rules"></a> [lifecycle\_rules](#input\_lifecycle\_rules) | Lifecycle policy rules for expiring images. | <pre>list(object({<br>    description     = optional(string)<br>    tag_status      = optional(string)<br>    tag_prefix_list = optional(list(string))<br>    count_type      = string<br>    count_unit      = optional(string)<br>    count_number    = number<br>  }))</pre> | <pre>[<br>  {<br>    "count_number": 30,<br>    "count_type": "imageCountMoreThan",<br>    "description": "Keep the last 30 tagged images",<br>    "tag_prefix_list": [<br>      "sha"<br>    ],<br>    "tag_status": "tagged"<br>  },<br>  {<br>    "count_number": 10,<br>    "count_type": "sinceImagePushed",<br>    "count_unit": "days",<br>    "description": "Expire untagged images older than 10 days",<br>    "tag_status": "untagged"<br>  }<br>]</pre> | no |
 | <a name="input_name"></a> [name](#input\_name) | Name of the ECR repository. | `string` | n/a | yes |
 | <a name="input_policy"></a> [policy](#input\_policy) | Repository policy document in JSON format. | `string` | `null` | no |
@@ -80,18 +82,18 @@ benefits of a lifecycle policy, all with just a few simple commands. Try it out
 
 ## Resources
 
-- resource.aws_ecr_lifecycle_policy.main (main.tf#38)
+- resource.aws_ecr_lifecycle_policy.main (main.tf#43)
 - resource.aws_ecr_repository.main (main.tf#19)
-- resource.aws_ecr_repository_policy.main (main.tf#31)
-- data source.jq_query.main (main.tf#47)
+- resource.aws_ecr_repository_policy.main (main.tf#36)
+- data source.jq_query.main (main.tf#52)
 
 # Examples
-### Full
-```hcl
-module "basic_example" {
-  source = "../../"
+  ### Full
+  ```hcl
+  module "basic_example" {
+  source = "../.."
 
   name = var.name
 }
-```
+  ```
 <!-- END_TF_DOCS -->
diff --git a/examples/basic-example/main.tf b/examples/basic-example/main.tf
index 580d95d..c341d0f 100644
--- a/examples/basic-example/main.tf
+++ b/examples/basic-example/main.tf
@@ -1,5 +1,5 @@
 module "basic_example" {
-  source = "../../"
+  source = "../.."
 
   name = var.name
 }
diff --git a/main.tf b/main.tf
index 3fa002a..4606840 100644
--- a/main.tf
+++ b/main.tf
@@ -21,6 +21,11 @@ resource "aws_ecr_repository" "main" {
   image_tag_mutability = var.image_tag_mutability
   force_delete         = var.force_delete
 
+  encryption_configuration {
+    encryption_type = var.encryption_type
+    kms_key         = var.kms_key
+  }
+
   image_scanning_configuration {
     scan_on_push = var.scan_on_push
   }
diff --git a/variables.tf b/variables.tf
index 578121c..e8c62d0 100644
--- a/variables.tf
+++ b/variables.tf
@@ -11,26 +11,26 @@ variable "tags" {
 }
 
 ## REPOSITORY
+variable "encryption_type" {
+  description = "The encryption type to use for the repository."
+  default     = "AES256"
+  type        = string
+}
+
 variable "image_tag_mutability" {
   description = "The tag mutability setting for the repository."
   default     = "MUTABLE"
   type        = string
 }
 
-variable "scan_on_push" {
-  description = "Indicates whether images are scanned after being pushed to the repository."
-  default     = true
-  type        = bool
-}
-
 variable "force_delete" {
   description = "Delete the repository even if it contains images."
   default     = false
   type        = bool
 }
 
-variable "policy" {
-  description = "Repository policy document in JSON format."
+variable "kms_key" {
+  description = "The ARN of the KMS key to use for encryption."
   default     = null
   type        = string
 }
@@ -62,3 +62,15 @@ variable "lifecycle_rules" {
     count_number    = number
   }))
 }
+
+variable "policy" {
+  description = "Repository policy document in JSON format."
+  default     = null
+  type        = string
+}
+
+variable "scan_on_push" {
+  description = "Indicates whether images are scanned after being pushed to the repository."
+  default     = true
+  type        = bool
+}

From f9adb385e1930170da2583d0a250b91c0791a466 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Tue, 2 Jul 2024 13:57:38 +0000
Subject: [PATCH 2/2] terraform-docs: automated action

---
 README.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 722dc93..54cb958 100644
--- a/README.md
+++ b/README.md
@@ -88,12 +88,12 @@ benefits of a lifecycle policy, all with just a few simple commands. Try it out
 - data source.jq_query.main (main.tf#52)
 
 # Examples
-  ### Full
-  ```hcl
-  module "basic_example" {
+### Full
+```hcl
+module "basic_example" {
   source = "../.."
 
   name = var.name
 }
-  ```
+```
 <!-- END_TF_DOCS -->