fix: fix docker_config block configuration and some other improvements (

#9)

CHANGELOG.md

@@ -20,6 +20,13 @@ Following semver, any non backwards compatible feature implies that the next rel
 
 ## [Unreleased]
 
+## [0.4.0] - 2024-05-02
+
+[Compare with previous version](https://github.com/sparkfabrik/terraform-google-gcp-artifact-registry/compare/0.3.0...0.4.0)
+
+- FEATURE: add the `enable_api` variable to enable the Artifact Registry API only if needed.
+- FIX: enable the `docker_config` block if the `format` is `DOCKER` and the `mode` is `STANDARD_REPOSITORY`.
+
 ## [0.3.0] - 2024-05-02
 
 [Compare with previous version](https://github.com/sparkfabrik/terraform-google-gcp-artifact-registry/compare/0.2.1...0.3.0)

README.md

@@ -29,14 +29,15 @@ This module is provided without any kind of warranty and is GPL3 licensed.
 | <a name="input_artifact_registry_listers"></a> [artifact\_registry\_listers](#input\_artifact\_registry\_listers) | List of principals that can list Artifact Registry repositories. | `list(string)` | `[]` | no |
 | <a name="input_artifact_registry_listers_custom_role_name"></a> [artifact\_registry\_listers\_custom\_role\_name](#input\_artifact\_registry\_listers\_custom\_role\_name) | Name of the custom role for Artifact Registry listers. | `string` | `"custom.artifactRegistryLister"` | no |
 | <a name="input_default_location"></a> [default\_location](#input\_default\_location) | The default location for the Artifact Registry repositories. | `string` | `"europe-west1"` | no |
+| <a name="input_enable_api"></a> [enable\_api](#input\_enable\_api) | Enable the Artifact Registry API. | `bool` | `true` | no |
 | <a name="input_project_id"></a> [project\_id](#input\_project\_id) | The GCP project ID that hosts the Artifact Registry. | `string` | n/a | yes |
 | <a name="input_repositories"></a> [repositories](#input\_repositories) | List of Artifact Registry repositories to create. | <pre>map(object({<br> description = string<br> format = optional(string, "DOCKER")<br> mode = optional(string, "STANDARD_REPOSITORY")<br> cleanup_policy_dry_run = optional(bool, true)<br> docker_immutable_tags = optional(bool, true)<br> virtual_repository_config = optional(map(object({<br> repository = string<br> priority = optional(number, 0)<br> })), null)<br> remote_repository_config_docker = optional(object({<br> description = optional(string, "")<br> custom_repository_uri = string<br> disable_upstream_validation = optional(bool, false)<br> username_password_credentials_username = optional(string, "")<br> username_password_credentials_password_secret_version = optional(string, "")<br> }), null)<br> readers = optional(list(string), [])<br> writers = optional(list(string), [])<br> location = optional(string, "")<br> }))</pre> | n/a | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| <a name="output_custom_role_artifact_registry_lister_id"></a> [custom\_role\_artifact\_registry\_lister\_id](#output\_custom\_role\_artifact\_registry\_lister\_id) | The ID of the custom role for Artifact Registry listers. |
+| <a name="output_custom_role_artifact_registry_lister_id"></a> [custom\_role\_artifact\_registry\_lister\_id](#output\_custom\_role\_artifact\_registry\_lister\_id) | The ID of the custom role for Artifact Registry listers. The role is created only if the list of Artifact Registry listers is not empty. |
 | <a name="output_repositories"></a> [repositories](#output\_repositories) | The created Artifact Repository repositories. |
 
 ## Resources

main.tf

@@ -1,5 +1,7 @@
 # Enable Artifact Registry API
 resource "google_project_service" "project" {
+ count = var.enable_api ? 1 : 0
+
  project = var.project_id
  service = "artifactregistry.googleapis.com"
 
@@ -82,7 +84,7 @@ resource "google_artifact_registry_repository" "repositories" {
  }
 
  dynamic "docker_config" {
- for_each = each.value.format == "DOCKER" ? [each.value.docker_immutable_tags] : []
+ for_each = each.value.format == "DOCKER" && each.value.mode == "STANDARD_REPOSITORY" ? [each.value.docker_immutable_tags] : []
 
  content {
  immutable_tags = docker_config.value
@@ -105,21 +107,22 @@ resource "google_artifact_registry_repository_iam_member" "member" {
 
 # Create a custom role that allows the list of the Artifact Registry repositories
 resource "google_project_iam_custom_role" "artifact_registry_lister" {
- count = length(var.artifact_registry_listers)
+ count = length(var.artifact_registry_listers) > 0 ? 1 : 0
 
  role_id = var.artifact_registry_listers_custom_role_name
  title = "Artifact Registry Lister"
  description = "This role grants the ability to list repositories in Artifact Registry"
  permissions = ["artifactregistry.repositories.list"]
 }
 
-# Add the custom role to the group staff@sparkfabrik
+# Add the custom role to the pricipals defined in the artifact_registry_listers variable
 resource "google_project_iam_binding" "artifact_registry_lister" {
- count = length(var.artifact_registry_listers)
+ count = length(var.artifact_registry_listers) > 0 ? 1 : 0
 
  project = var.project_id
  role = local.custom_role_artifact_registry_lister_id
  members = var.artifact_registry_listers
+
  depends_on = [
  google_project_iam_custom_role.artifact_registry_lister,
  ]

outputs.tf

@@ -4,6 +4,6 @@ output "repositories" {
 }
 
 output "custom_role_artifact_registry_lister_id" {
- value = local.custom_role_artifact_registry_lister_id
- description = "The ID of the custom role for Artifact Registry listers."
+ value = length(var.artifact_registry_listers) > 0 ? local.custom_role_artifact_registry_lister_id : null
+ description = "The ID of the custom role for Artifact Registry listers. The role is created only if the list of Artifact Registry listers is not empty."
 }

variables.tf

@@ -3,6 +3,12 @@ variable "project_id" {
  description = "The GCP project ID that hosts the Artifact Registry."
 }
 
+variable "enable_api" {
+ type = bool
+ description = "Enable the Artifact Registry API."
+ default = true
+}
+
 # The default location used for the Artifact Registry repositories.
 variable "default_location" {
  type = string