variable "sku" { type = string default = "Premium" validation { condition = contains(["Basic", "Standard", "Premium"], var.sku) error_message = "The SKU name must be either `Basic`, `Standard` or `Premium`." } description = "The SKU name of the Container Registry. Default is `Premium`. `Possible values are `Basic`, `Standard` and `Premium`." } variable "admin_enabled" { type = bool default = false description = "Specifies whether the admin user is enabled. Defaults to `false`." } variable "public_network_access_enabled" { type = bool default = true description = "Specifies whether public access is permitted." } variable "quarantine_policy_enabled" { type = bool default = false description = "Specifies whether the quarantine policy is enabled." } variable "zone_redundancy_enabled" { type = bool default = true description = "Specifies whether zone redundancy is enabled. Modifying this forces a new resource to be created." } variable "export_policy_enabled" { type = bool default = true description = "Specifies whether export policy is enabled. Defaults to true. In order to set it to false, make sure the public_network_access_enabled is also set to false." } variable "anonymous_pull_enabled" { type = bool default = false description = "Specifies whether anonymous (unauthenticated) pull access to this Container Registry is allowed. Requries Standard or Premium SKU." } variable "data_endpoint_enabled" { type = bool default = false description = "Specifies whether to enable dedicated data endpoints for this Container Registry. Requires Premium SKU." } variable "network_rule_bypass_option" { type = string default = "None" validation { condition = var.network_rule_bypass_option == null ? true : contains(["AzureServices", "None"], var.network_rule_bypass_option) error_message = "The network_rule_bypass_option variable must be either `AzureServices` or `None`." } description = <<DESCRIPTION Specifies whether to allow trusted Azure services access to a network restricted Container Registry. Possible values are `None` and `AzureServices`. Defaults to `None`. DESCRIPTION } variable "georeplications" { type = list(object({ location = string regional_endpoint_enabled = optional(bool, true) zone_redundancy_enabled = optional(bool, true) tags = optional(map(any), null) })) default = [] description = <<DESCRIPTION A list of geo-replication configurations for the Container Registry. - `location` - (Required) The geographic location where the Container Registry should be geo-replicated. - `regional_endpoint_enabled` - (Optional) Enables or disables regional endpoint. Defaults to `true`. - `zone_redundancy_enabled` - (Optional) Enables or disables zone redundancy. Defaults to `true`. - `tags` - (Optional) A map of additional tags for the geo-replication configuration. Defaults to `null`. DESCRIPTION } variable "network_rule_set" { type = object({ default_action = optional(string, "Deny") ip_rule = optional(list(object({ # since the `action` property only permits `Allow`, this is hard-coded. action = optional(string, "Allow") ip_range = string })), []) }) default = null validation { condition = var.network_rule_set == null ? true : contains(["Allow", "Deny"], var.network_rule_set.default_action) error_message = "The default_action value must be either `Allow` or `Deny`." } description = <<DESCRIPTION The network rule set configuration for the Container Registry. Requires Premium SKU. - `default_action` - (Optional) The default action when no rule matches. Possible values are `Allow` and `Deny`. Defaults to `Deny`. - `ip_rules` - (Optional) A list of IP rules in CIDR format. Defaults to `[]`. - `action` - Only "Allow" is permitted - `ip_range` - The CIDR block from which requests will match the rule. DESCRIPTION } variable "retention_policy_in_days" { type = number default = 7 description = <<DESCRIPTION If enabled, this retention policy will purge an untagged manifest after a specified number of days. - `days` - (Optional) The number of days before the policy Defaults to 7 days. DESCRIPTION }