feat: add scanning and policy support

Signed-off-by: Kevin Lefevre <lefevre.kevin@gmail.com>

ecr.tf

@@ -4,8 +4,21 @@ locals {
 
 resource "aws_ecr_repository" "ecr" {
   count = length(var.registries)
-  name  = var.registries[count.index]
-  tags  = merge(local.common_tags, var.custom_tags)
+  name  = var.registries[count.index]["name"]
+
+  image_tag_mutability = var.registries[count.index]["image_tag_mutability"]
+
+  image_scanning_configuration {
+    scan_on_push = var.registries[count.index]["scan_on_push"]
+  }
+
+  tags = merge(local.common_tags, var.custom_tags)
+}
+
+resource "aws_ecr_repository_policy" "ecr" {
+  count      = length(var.registries_policies)
+  repository = var.registries_policies[count.index]["name"]
+  policy     = var.registries_policies[count.index]["policy"]
 }
 
 resource "aws_iam_user" "ecr_user" {

examples/terragrunt.hcl

@@ -30,8 +30,18 @@ inputs = {
   )
 
   registries = [
-    "myproject/one",
-    "myproject/two",
-    "myproject/three"
+    {
+      name = "myproject/one"
+      image_tag_mutability = "MUTABLE"
+      scan_on_push = true
+    }
+  ]
+
+  registries_policies = [
+    {
+      name = "myproject/one"
+      policy = <<POLICY
+POLICY
+    }
   ]
 }

variables.tf

@@ -7,7 +7,12 @@ variable "aws" {
 
 variable "registries" {
   type    = any
-  default = {}
+  default = []
+}
+
+variable "registries_policies" {
+  type    = any
+  default = []
 }
 
 variable "custom_tags" {