From 3e4244fc6d887812ffe44e2919e97564cf197433 Mon Sep 17 00:00:00 2001
From: Rob Gil <dds@rem5.com>
Date: Mon, 27 Jan 2020 12:44:08 -0500
Subject: [PATCH] Configures container registry to log to a log analytics
 workspace

---
 terraform/modules/container_registry/main.tf  | 28 +++++++++++++++++--
 .../modules/container_registry/variables.tf   |  5 ++++
 terraform/providers/dev/container_registry.tf |  3 +-
 3 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/terraform/modules/container_registry/main.tf b/terraform/modules/container_registry/main.tf
index 30b2b1cc..48b9789d 100644
--- a/terraform/modules/container_registry/main.tf
+++ b/terraform/modules/container_registry/main.tf
@@ -36,8 +36,32 @@ resource "azurerm_container_registry" "acr" {
     virtual_network = [
       for subnet in var.subnet_ids : {
         action    = "Allow"
-        subnet_id = subnet.value
+        subnet_id = subnet
       }
     ]
   }
-}
\ No newline at end of file
+}
+
+resource "azurerm_monitor_diagnostic_setting" "acr_diagnostic" {
+  name                       = "${var.name}-${var.environment}-acr-diag"
+  target_resource_id         = azurerm_container_registry.acr.id
+  log_analytics_workspace_id = var.workspace_id
+  log {
+    category = "ContainerRegistryRepositoryEvents"
+    retention_policy {
+      enabled = true
+    }
+  }
+  log {
+    category = "ContainerRegistryLoginEvents"
+    retention_policy {
+      enabled = true
+    }
+  }
+  metric {
+    category = "AllMetrics"
+    retention_policy {
+      enabled = true
+    }
+  }
+}
diff --git a/terraform/modules/container_registry/variables.tf b/terraform/modules/container_registry/variables.tf
index 48fbb64a..aa0ff23a 100644
--- a/terraform/modules/container_registry/variables.tf
+++ b/terraform/modules/container_registry/variables.tf
@@ -52,3 +52,8 @@ variable "whitelist" {
   description = "A map of whitelisted IPs and CIDR ranges. For single IPs, Azure expects just the IP, NOT a /32."
   default     = {}
 }
+
+variable "workspace_id" {
+  description = "The Log Analytics Workspace ID"
+  type        = string
+}
\ No newline at end of file
diff --git a/terraform/providers/dev/container_registry.tf b/terraform/providers/dev/container_registry.tf
index 805ef3e8..a6b76654 100644
--- a/terraform/providers/dev/container_registry.tf
+++ b/terraform/providers/dev/container_registry.tf
@@ -6,6 +6,7 @@ module "container_registry" {
   owner         = var.owner
   backup_region = var.backup_region
   policy        = "Deny"
-  subnet_ids    = []
+  subnet_ids    = [module.vpc.subnet_list["private"].id]
   whitelist     = var.admin_user_whitelist
+  workspace_id  = module.logs.workspace_id
 }