Merge pull request #8 from sparkfabrik/feat/2763_add_mode_option_to_r…

…epository feat: add mode option to artifact registry repository
sparkfabrik · May 2, 2024 · 3fba29c · 3fba29c
2 parents 5c52e7c + 4fd8e15
commit 3fba29c
Show file tree

Hide file tree

Showing 9 changed files with 130 additions and 19 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -20,6 +20,15 @@ Following semver, any non backwards compatible feature implies that the next rel
 
 ## [Unreleased]
 
+## [0.3.0] - 2024-05-02
+
+[Compare with previous version](https://github.com/sparkfabrik/terraform-google-gcp-artifact-registry/compare/0.2.1...0.3.0)
+
+### Changed
+
+- FEATURE: Create an artifact registry repository in remote or virtual mode
+- FEATURE: Upgrade `hashicorp/google` provider to `>= 5.26.0`
+
 ## [0.2.1] - 2023-05-19
 
 [Compare with previous version](https://github.com/sparkfabrik/terraform-google-gcp-artifact-registry/compare/0.2.0...0.2.1)

diff --git a/README.md b/README.md
@@ -13,24 +13,24 @@ This module is provided without any kind of warranty and is GPL3 licensed.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | >= 3.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | >= 5.26.0 |
 
 ## Requirements
 
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
-| <a name="requirement_google"></a> [google](#requirement\_google) | >= 3.0 |
+| <a name="requirement_google"></a> [google](#requirement\_google) | >= 5.26.0 |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_artifact_registry_listers"></a> [artifact\_registry\_listers](#input\_artifact\_registry\_listers) | List of principals that can list Artifact Registry repositories. | `list(string)` | `[]` | no |
-| <a name="input_artifact_registry_listers_custom_role_name"></a> [artifact\_registry\_listers\_custom\_role\_name](#input\_artifact\_registry\_listers\_custom\_role\_name) | Name of the custom role for Artifact Registry listers. | `string` | `"custom.artifactRegistryListers"` | no |
+| <a name="input_artifact_registry_listers_custom_role_name"></a> [artifact\_registry\_listers\_custom\_role\_name](#input\_artifact\_registry\_listers\_custom\_role\_name) | Name of the custom role for Artifact Registry listers. | `string` | `"custom.artifactRegistryLister"` | no |
 | <a name="input_default_location"></a> [default\_location](#input\_default\_location) | The default location for the Artifact Registry repositories. | `string` | `"europe-west1"` | no |
 | <a name="input_project_id"></a> [project\_id](#input\_project\_id) | The GCP project ID that hosts the Artifact Registry. | `string` | n/a | yes |
-| <a name="input_repositories"></a> [repositories](#input\_repositories) | List of Artifact Registry repositories to create. | <pre>map(object({<br> description = string<br> format = optional(string, "DOCKER")<br> readers = optional(list(string), [])<br> writers = optional(list(string), [])<br> location = optional(string, "")<br> }))</pre> | n/a | yes |
+| <a name="input_repositories"></a> [repositories](#input\_repositories) | List of Artifact Registry repositories to create. | <pre>map(object({<br> description = string<br> format = optional(string, "DOCKER")<br> mode = optional(string, "STANDARD_REPOSITORY")<br> cleanup_policy_dry_run = optional(bool, true)<br> docker_immutable_tags = optional(bool, true)<br> virtual_repository_config = optional(map(object({<br> repository = string<br> priority = optional(number, 0)<br> })), null)<br> remote_repository_config_docker = optional(object({<br> description = optional(string, "")<br> custom_repository_uri = string<br> disable_upstream_validation = optional(bool, false)<br> username_password_credentials_username = optional(string, "")<br> username_password_credentials_password_secret_version = optional(string, "")<br> }), null)<br> readers = optional(list(string), [])<br> writers = optional(list(string), [])<br> location = optional(string, "")<br> }))</pre> | n/a | yes |
 
 ## Outputs
 

diff --git a/examples/README.md b/examples/README.md
@@ -6,6 +6,10 @@ Create two sample Artifact Registry registry in `my-sample-project-id` project:
 
  the group [email protected] can read the repository, only [email protected] user can write
 
-- project-2-images
+- project-2-virtual (virtual repository)
 
  the group [email protected] can read the repository, only [email protected] user can write
+
+- project-3-remote (remote repository)
+
+ the group [email protected] can read the repository, only [email protected] user can write
diff --git a/examples/main.tf b/examples/main.tf
@@ -1,6 +1,7 @@
+
 module "repositories" {
  source = "../"
- version = "~>0.1"
+ version = "~>0.3"
  project_id = var.project_id
  repositories = var.repositories
  artifact_registry_listers = [

diff --git a/examples/test.tfvars b/examples/test.tfvars
@@ -1,6 +1,6 @@
 project_id = "my-sample-project-id"
 
-artifact_repositories = {
+repositories = {
  "project-images" = {
  description = "Docker images repository"
  readers = [
@@ -11,8 +11,32 @@ artifact_repositories = {
  ]
  location = "europe-west1"
  },
- "project-2-images" = {
+ "project-2-virtual" = {
  description = "Docker images repository 2"
+ mode = "VIRTUAL_REPOSITORY"
+ virtual_repository_config = {
+ "my-repository-upstream-1" = {
+ repository = "projects/p1/locations/us-central1/repository/repo1"
+ priority = 10
+ }
+ "my-repository-upstream-2" = {
+ repository = "projects/p1/locations/us-central1/repository/repo2"
+ }
+ }
+ readers = [
+ "group:[email protected]"
+ ]
+ writers = [
+ "user:[email protected]"
+ ]
+ }
+ "project-3-remote" = {
+ description = "Docker images repository 3"
+ mode = "REMOTE_REPOSITORY"
+ remote_repository_config_docker = {
+ description = "Docker images repository 3"
+ custom_repository_uri = "https://registry-1.docker.io"
+ }
  readers = [
  "group:[email protected]"
  ]

diff --git a/examples/variables.tf b/examples/variables.tf
@@ -0,0 +1,9 @@
+variable "repositories" {
+ description = "List of Artifact Registry repositories to create."
+ type = map(any)
+}
+
+variable "project_id" {
+ description = "The GCP project ID that hosts the Artifact Registry."
+ type = string
+}
diff --git a/main.tf b/main.tf
@@ -36,11 +36,61 @@ locals {
 resource "google_artifact_registry_repository" "repositories" {
  for_each = var.repositories
 
- project = var.project_id
- repository_id = each.key
- location = each.value.location != "" ? each.value.location : var.default_location
- format = each.value.format
- description = each.value.description
+ project = var.project_id
+ repository_id = each.key
+ mode = each.value.mode
+ location = each.value.location != "" ? each.value.location : var.default_location
+ cleanup_policy_dry_run = each.value.cleanup_policy_dry_run
+
+ dynamic "virtual_repository_config" {
+ for_each = each.value.mode == "VIRTUAL_REPOSITORY" ? each.value.virtual_repository_config : {}
+
+ content {
+ upstream_policies {
+ id = virtual_repository_config.key
+ repository = virtual_repository_config.value.repository
+ priority = virtual_repository_config.value.priority
+ }
+ }
+ }
+
+ dynamic "remote_repository_config" {
+ for_each = each.value.mode == "REMOTE_REPOSITORY" ? [each.value.remote_repository_config_docker] : []
+
+ content {
+ description = remote_repository_config.value.description == "" ? each.value.description : remote_repository_config.value.description
+
+ docker_repository {
+ custom_repository {
+ uri = remote_repository_config.value.custom_repository_uri
+ }
+ }
+
+ disable_upstream_validation = remote_repository_config.value.disable_upstream_validation
+
+ dynamic "upstream_credentials" {
+ for_each = remote_repository_config.value.username_password_credentials_username != "" && remote_repository_config.value.username_password_credentials_password_secret_version != "" ? [remote_repository_config.value] : []
+
+ content {
+ username_password_credentials {
+ username = upstream_credentials.value.username_password_credentials_username
+ password_secret_version = upstream_credentials.value.username_password_credentials_password_secret_version
+ }
+ }
+ }
+ }
+ }
+
+ dynamic "docker_config" {
+ for_each = each.value.format == "DOCKER" ? [each.value.docker_immutable_tags] : []
+
+ content {
+ immutable_tags = docker_config.value
+ }
+ }
+
+ format = each.value.format
+ description = each.value.description
 }
 
 resource "google_artifact_registry_repository_iam_member" "member" {

diff --git a/variables.tf b/variables.tf
@@ -13,11 +13,25 @@ variable "default_location" {
 # Artifact Registry repositories.
 variable "repositories" {
  type = map(object({
- description = string
- format = optional(string, "DOCKER")
- readers = optional(list(string), [])
- writers = optional(list(string), [])
- location = optional(string, "")
+ description = string
+ format = optional(string, "DOCKER")
+ mode = optional(string, "STANDARD_REPOSITORY")
+ cleanup_policy_dry_run = optional(bool, true)
+ docker_immutable_tags = optional(bool, true)
+ virtual_repository_config = optional(map(object({
+ repository = string
+ priority = optional(number, 0)
+ })), null)
+ remote_repository_config_docker = optional(object({
+ description = optional(string, "")
+ custom_repository_uri = string
+ disable_upstream_validation = optional(bool, false)
+ username_password_credentials_username = optional(string, "")
+ username_password_credentials_password_secret_version = optional(string, "")
+ }), null)
+ readers = optional(list(string), [])
+ writers = optional(list(string), [])
+ location = optional(string, "")
  }))
  description = "List of Artifact Registry repositories to create."
 }

diff --git a/versions.tf b/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
  google = {
  source = "hashicorp/google"
- version = ">= 3.0"
+ version = ">= 5.26.0"
  }
  }
 }