Top / Microsoft Azure / Azure Container / Registry Webhook

Azure Container Registry Webhook

This page shows how to write Terraform and Azure Resource Manager for Container Registry Webhook and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_container_registry_webhook (Terraform)

The Registry Webhook in Container can be configured in Terraform with the resource name azurerm_container_registry_webhook. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

resources.tf#L1
resource "azurerm_container_registry_webhook" "panel" {
  actions             = ["push"]
  location            = var.resource_group_location
  name                = "panelwebhook"
  registry_name       = var.registry_name
  resource_group_name = var.resource_group_name
main.tf#L5
resource "azurerm_container_registry_webhook" "container_registry_webhook" {
  name                = "autodeploy"
  resource_group_name = var.resource_group
  registry_name       = var.container_registry
  location            = var.location
main.tf#L5
resource "azurerm_container_registry_webhook" "container_registry_webhook" {
  name                = "autodeploy"
  resource_group_name = var.resource_group
  registry_name       = var.container_registry
  location            = var.location
main.tf#L1
resource "azurerm_container_registry_webhook" "acrwebhook" {
  name                = var.acr_webhook_name
  resource_group_name = var.acr_webhook_rg
  registry_name       = var.acr_webhook_registry
  location            = var.location
  service_uri         = var.acr_webhook_service_uri
webhooks.tf#L1
resource "azurerm_container_registry_webhook" "webhook" {
  name                = "mywebhook"
  resource_group_name = azurerm_resource_group.rg.name
  registry_name       = azurerm_container_registry.acr.name
  location            = azurerm_resource_group.rg.location
main.tf#L5
resource "azurerm_container_registry_webhook" "container_registry_webhook" {
  name                = "autodeploy"
  resource_group_name = var.resource_group
  registry_name       = var.container_registry
  location            = var.location
main.tf#L1
resource "azurerm_container_registry_webhook" "webhook" {
  name                = var.name
  resource_group_name = module.resource_group.azurerm_resource_group.example.name
  registry_name       = module.container_registry.azurerm_container_registry.example.name
  location            = module.resource_group.azurerm_resource_group.example.location
main.tf#L7
resource "azurerm_container_registry_webhook" "this" {
  actions             = var.actions
  custom_headers      = var.custom_headers
  location            = var.location
  name                = var.name
  registry_name       = var.registry_name
main.tf#L30
resource "azurerm_container_registry_webhook" "webhooks" {
  for_each = { for object in var.webhooks : object.name => object }

  depends_on = [azurerm_container_registry.registry]

  name                = each.value.name
main.tf#L1
resource "azurerm_container_registry_webhook" "registry_webhook" {
  count               = length(var.registry_webhook)
  actions             = [lookup(var.registry_webhook[count.index], "actions")]
  name                = lookup(var.registry_webhook[count.index], "name")
  registry_name       = lookup(var.registry_webhook[count.index], "registry_id") == null ? var.registry_name : element(var.registry_name, lookup(var.registry_webhook[count.index], "registry_id"))
  resource_group_name = lookup(var.registry_webhook[count.index], "resource_group_id") == null ? var.resource_group_name : element(var.resource_group_name, lookup(var.registry_webhook[count.index], "resource_group_id"))

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Manages an Azure Container Registry Webhook.

>> from Terraform Registry

Tips: Best Practices for The Other Azure Container Resources

In addition to the azurerm_kubernetes_cluster, Azure Container has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

azurerm_kubernetes_cluster

Ensure to enable logging for AKS

It is better to enable AKS logging to Azure Monitoring. This provides useful information regarding access and usage.

Review your Azure Container settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

Microsoft.ContainerRegistry/registries/webhooks (Azure Resource Manager)

The registries/webhooks in Microsoft.ContainerRegistry can be configured in Azure Resource Manager with the resource name Microsoft.ContainerRegistry/registries/webhooks. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

  • apiVersion required - string
  • location required - string

    The location of the webhook. This cannot be changed after the resource is created.

  • name required - string

    The name of the webhook.

  • properties required
      • actions required - array

        The list of actions that trigger the webhook to post notifications.

      • customHeaders optional - string

        Custom headers that will be added to the webhook notifications.

      • scope optional - string

        The scope of repositories where the event can be triggered. For example, 'foo:*' means events for all tags under repository 'foo'. 'foo:bar' means events for 'foo:bar' only. 'foo' is equivalent to 'foo:latest'. Empty means all events.

      • serviceUri required - string

        The service URI for the webhook to post notifications.

      • status optional - string

        The status of the webhook at the time the operation was called.

  • tags optional - string

    The tags for the webhook.

  • type required - string

>> from Azure Resource Manager Documentation

The Other Related Azure Container Resources

Frequently asked questions

What is Azure Container Registry Webhook?

Azure Container Registry Webhook is a resource for Container of Microsoft Azure. Settings can be wrote in Terraform.

Where can I find the example code for the Azure Container Registry Webhook?

For Terraform, the kashw2/Fleet-of-the-Faithful-Knights, DTS-STN/BenefitsFinderFrontEnd and DTS-STN/rules-based-benefit-finder source code examples are useful. See the Terraform Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents