From 9d4ffa638ac7587c2330c8324c4d5426ebaeb014 Mon Sep 17 00:00:00 2001
From: Jimmy Qian <jimmyqian@google.com>
Date: Tue, 10 Dec 2024 15:47:57 +0000
Subject: [PATCH] Add vulnerability scanning config to Artifact Registry
 repository

---
 .../products/artifactregistry/Repository.yaml | 34 +++++++++++++++++++
 ..._repository_vulnerability_scanning.tf.tmpl |  9 +++++
 2 files changed, 43 insertions(+)
 create mode 100644 mmv1/templates/terraform/examples/artifact_registry_repository_vulnerability_scanning.tf.tmpl

diff --git a/mmv1/products/artifactregistry/Repository.yaml b/mmv1/products/artifactregistry/Repository.yaml
index 6c79b2f1b783..a842aed1693b 100644
--- a/mmv1/products/artifactregistry/Repository.yaml
+++ b/mmv1/products/artifactregistry/Repository.yaml
@@ -207,6 +207,12 @@ examples:
       # Ignore this field as it is INPUT_ONLY. AR will not return this in the
       # response.
       - 'remote_repository_config.0.disable_upstream_validation'
+  - name: 'artifact_registry_repository_vulnerability_scanning'
+    primary_resource_id: 'my-repo'
+    primary_resource_name: 'fmt.Sprintf("tf-test-my-repository%s", context["random_suffix"])'
+    vars:
+      repository_id: 'my-repository'
+      desc: 'example docker repository with vulnerability scanning config'
 parameters:
   - name: 'repository_id'
     type: String
@@ -736,3 +742,31 @@ properties:
     description: |-
       If true, the cleanup pipeline is prevented from deleting versions in this
       repository.
+  - name: 'vulnerabilityScanningConfig'
+    type: NestedObject
+    description: |-
+      Configuration for vulnerability scanning of artifacts stored in this repository.
+    allow_empty_object: true
+    default_from_api: true
+    properties:
+      - name: 'enablementConfig'
+        type: Enum
+        description: |-
+          This configures whether vulnerability scanning is automatically performed for artifacts pushed to this repository.
+        enum_values:
+          - 'INHERITED'
+          - 'DISABLED'
+      - name: 'enablementState'
+        type: Enum
+        description: |-
+          This field returns whether scanning is active for this repository.
+        output: true
+        enum_values:
+          - 'SCANNING_UNSUPPORTED'
+          - 'SCANNING_DISABLED'
+          - 'SCANNING_ACTIVE'
+      - name: 'enablementStateReason'
+        type: String
+        description: |-
+          This provides an explanation for the state of scanning on this repository.
+        output: true
diff --git a/mmv1/templates/terraform/examples/artifact_registry_repository_vulnerability_scanning.tf.tmpl b/mmv1/templates/terraform/examples/artifact_registry_repository_vulnerability_scanning.tf.tmpl
new file mode 100644
index 000000000000..9669cf687686
--- /dev/null
+++ b/mmv1/templates/terraform/examples/artifact_registry_repository_vulnerability_scanning.tf.tmpl
@@ -0,0 +1,9 @@
+resource "google_artifact_registry_repository" "{{$.PrimaryResourceId}}" {
+  location      = "us-central1"
+  repository_id = "{{index $.Vars "repository_id"}}"
+  description   = "{{index $.Vars "desc"}}"
+  format        = "DOCKER"
+  vulnerability_scanning_config {
+    enablement_config = "INHERITED"
+  }
+}