kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update modules/artifact-registry with newly-released features. (#2396)

Browse Source 
Fixes #2377
This commit is contained in:
Julio Castillo
2024-06-28 19:52:25 +02:00
committed by GitHub
parent 198fa01159
commit 4e8adc9c43
10 changed files with 456 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
blueprints/data-solutions/data-platform-foundations/03-orchestration.tf
View File

@@ -1,4 +1,4 @@
# Copyright 2023 Google LLC # Copyright 2024 Google LLC
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@@ -155,6 +155,7 @@ module "orch-artifact-reg" {
name = "${var.prefix}-app-images" name = "${var.prefix}-app-images"
location = var.region location = var.region
description = "Docker repository storing application images e.g. Dataflow, Cloud Run etc..." description = "Docker repository storing application images e.g. Dataflow, Cloud Run etc..."
format = { docker = { standard = {} } }
} }
module "orch-cs-df-template" { module "orch-cs-df-template" {

3
blueprints/data-solutions/vertex-mlops/ci-cd.tf
View File

@@ -1,5 +1,5 @@
/** /**
* Copyright 2022 Google LLC * Copyright 2024 Google LLC
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -43,6 +43,7 @@ module "artifact_registry" {
name = "docker-repo" name = "docker-repo"
project_id = module.project.project_id project_id = module.project.project_id
location = var.region location = var.region
format = { docker = { standard = {} } }
} }
module "service-account-github" { module "service-account-github" {

3
blueprints/gke/autopilot/main.tf
View File

@@ -1,5 +1,5 @@
/** /**
* Copyright 2023 Google LLC * Copyright 2024 Google LLC
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -59,6 +59,7 @@ module "docker_artifact_registry" {
project_id = module.project.project_id project_id = module.project.project_id
location = var.region location = var.region
name = "registry" name = "registry"
format = { docker = { standard = {} } }
iam = { iam = {
"roles/artifactregistry.reader" = [module.node_sa.iam_email] "roles/artifactregistry.reader" = [module.node_sa.iam_email]
} }

3
blueprints/gke/binauthz/main.tf
View File

@@ -1,5 +1,5 @@
/** /**
* Copyright 2023 Google LLC * Copyright 2024 Google LLC
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -170,6 +170,7 @@ module "docker_artifact_registry" {
project_id = module.project.project_id project_id = module.project.project_id
location = var.region location = var.region
name = "${var.prefix}-registry" name = "${var.prefix}-registry"
format = { docker = { standard = {} } }
iam = { iam = {
"roles/artifactregistry.writer" = [module.image_cb_sa.iam_email] "roles/artifactregistry.writer" = [module.image_cb_sa.iam_email]
"roles/artifactregistry.reader" = [module.cluster_nodepool.service_account_iam_email] "roles/artifactregistry.reader" = [module.cluster_nodepool.service_account_iam_email]

3
blueprints/gke/patterns/autopilot-cluster/main.tf
View File

@@ -154,8 +154,7 @@ module "registry" {
project_id = module.project.project_id project_id = module.project.project_id
location = var.region location = var.region
name = var.prefix name = var.prefix
format = { docker = {} } format = { docker = { remote = { public_repository = "DOCKER_HUB" } } }
mode = { remote = true }
} }
module "nat" { module "nat" {

136
modules/artifact-registry/README.md
View File

@@ -3,15 +3,16 @@
This module simplifies the creation of repositories using Google Cloud Artifact Registry. This module simplifies the creation of repositories using Google Cloud Artifact Registry.
<!-- BEGIN TOC --> <!-- BEGIN TOC -->
- [Standard Repository](#standard-repository) - [Simple Docker Repository](#simple-docker-repository)
- [Remote and Virtual Repositories](#remote-and-virtual-repositories) - [Remote and Virtual Repositories](#remote-and-virtual-repositories)
- [Additional Docker and Maven Options](#additional-docker-and-maven-options) - [Additional Docker and Maven Options](#additional-docker-and-maven-options)
- [Other Formats](#other-formats)
- [Cleanup Policies](#cleanup-policies) - [Cleanup Policies](#cleanup-policies)
- [Variables](#variables) - [Variables](#variables)
- [Outputs](#outputs) - [Outputs](#outputs)
<!-- END TOC --> <!-- END TOC -->
## Standard Repository ## Simple Docker Repository
```hcl ```hcl
module "docker_artifact_registry" { module "docker_artifact_registry" {
@@ -19,6 +20,7 @@ module "docker_artifact_registry" {
project_id = "myproject" project_id = "myproject"
location = "europe-west1" location = "europe-west1"
name = "myregistry" name = "myregistry"
format = { docker = { standard = {} } }
iam = { iam = {
"roles/artifactregistry.admin" = ["group:cicd@example.com"] "roles/artifactregistry.admin" = ["group:cicd@example.com"]
} }
@@ -35,7 +37,11 @@ module "registry-local" {
project_id = var.project_id project_id = var.project_id
location = "europe-west1" location = "europe-west1"
name = "local" name = "local"
format = { python = {} } format = {
python = {
standard = true
}
}
} }
module "registry-remote" { module "registry-remote" {
@@ -43,8 +49,13 @@ module "registry-remote" {
project_id = var.project_id project_id = var.project_id
location = "europe-west1" location = "europe-west1"
name = "remote" name = "remote"
format = { python = {} } format = {
mode = { remote = true } python = {
remote = {
public_repository = "PYPI"
}
}
}
} }
module "registry-virtual" { module "registry-virtual" {
@@ -52,16 +63,17 @@ module "registry-virtual" {
project_id = var.project_id project_id = var.project_id
location = "europe-west1" location = "europe-west1"
name = "virtual" name = "virtual"
format = { python = {} } format = {
mode = { python = {
virtual = { virtual = {
remote = { remote = {
repository = module.registry-remote.id repository = module.registry-remote.id
priority = 1 priority = 1
} }
local = { local = {
repository = module.registry-local.id repository = module.registry-local.id
priority = 10 priority = 10
}
} }
} }
} }
@@ -81,7 +93,9 @@ module "registry-docker" {
name = "docker" name = "docker"
format = { format = {
docker = { docker = {
immutable_tags = true standard = {
immutable_tags = true
}
} }
} }
} }
@@ -93,8 +107,10 @@ module "registry-maven" {
name = "maven" name = "maven"
format = { format = {
maven = { maven = {
allow_snapshot_overwrites = true standard = {
version_policy = "RELEASE" allow_snapshot_overwrites = true
version_policy = "RELEASE"
}
} }
} }
} }
@@ -102,16 +118,77 @@ module "registry-maven" {
# tftest modules=2 resources=2 # tftest modules=2 resources=2
``` ```
## Other Formats
```hcl
module "apt-registry" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = var.region
name = "apt-registry"
format = { apt = { standard = true } }
}
module "generic-registry" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = var.region
name = "generic-registry"
format = { generic = { standard = true } }
}
module "go-registry" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = var.region
name = "go-registry"
format = { go = { standard = true } }
}
module "googet-registry" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = var.region
name = "googet-registry"
format = { googet = { standard = true } }
}
module "kfp-registry" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = var.region
name = "kfp-registry"
format = { kfp = { standard = true } }
}
module "npm-registry" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = var.region
name = "npm-registry"
format = { npm = { standard = true } }
}
module "yum-registry" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = var.region
name = "yum-registry"
format = { yum = { standard = true } }
}
# tftest modules=7 resources=7 inventory=other-formats.yaml
```
## Cleanup Policies ## Cleanup Policies
```hcl ```hcl
module "registry-docker" { module "registry-docker" {
source = "./fabric/modules/artifact-registry" source = "./fabric/modules/artifact-registry"
project_id = var.project_id project_id = var.project_id
location = "europe-west1" location = "europe-west1"
name = "docker-cleanup-policies" name = "docker-cleanup-policies"
format = { docker = {} } format = { docker = { standard = {} } }
cleanup_policy_dry_run = false cleanup_policy_dry_run = false
cleanup_policies = { cleanup_policies = {
keep-5-versions = { keep-5-versions = {
@@ -131,8 +208,6 @@ module "registry-docker" {
} }
} }
} }
# tftest modules=1 resources=1 inventory=cleanup-policies.yaml # tftest modules=1 resources=1 inventory=cleanup-policies.yaml
``` ```
<!-- BEGIN TFDOC --> <!-- BEGIN TFDOC -->
@@ -141,22 +216,21 @@ module "registry-docker" {
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [cleanup_policies](variables.tf#L17) | Object containing details about the cleanup policies for an Artifact Registry repository. | <code title="map&#40;object&#40;&#123;&#10; action &#61; string&#10; condition &#61; optional&#40;object&#40;&#123;&#10; tag_state &#61; optional&#40;string&#41;&#10; tag_prefixes &#61; optional&#40;list&#40;string&#41;&#41;&#10; older_than &#61; optional&#40;string&#41;&#10; newer_than &#61; optional&#40;string&#41;&#10; package_name_prefixes &#61; optional&#40;list&#40;string&#41;&#41;&#10; version_name_prefixes &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10; most_recent_versions &#61; optional&#40;object&#40;&#123;&#10; package_name_prefixes &#61; optional&#40;list&#40;string&#41;&#41;&#10; keep_count &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;&#41;&#10;&#10;&#10;default &#61; null">map&#40;object&#40;&#123;&#8230;default &#61; null</code> | ✓ | | | [cleanup_policies](variables.tf#L17) | Object containing details about the cleanup policies for an Artifact Registry repository. | <code title="map&#40;object&#40;&#123;&#10; action &#61; string&#10; condition &#61; optional&#40;object&#40;&#123;&#10; tag_state &#61; optional&#40;string&#41;&#10; tag_prefixes &#61; optional&#40;list&#40;string&#41;&#41;&#10; older_than &#61; optional&#40;string&#41;&#10; newer_than &#61; optional&#40;string&#41;&#10; package_name_prefixes &#61; optional&#40;list&#40;string&#41;&#41;&#10; version_name_prefixes &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10; most_recent_versions &#61; optional&#40;object&#40;&#123;&#10; package_name_prefixes &#61; optional&#40;list&#40;string&#41;&#41;&#10; keep_count &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;&#41;&#10;&#10;&#10;default &#61; null">map&#40;object&#40;&#123;&#8230;default &#61; null</code> | ✓ | |
| [location](variables.tf#L95) | Registry location. Use `gcloud beta artifacts locations list' to get valid values. | <code>string</code> | ✓ | | | [format](variables.tf#L56) | Repository format. | <code title="object&#40;&#123;&#10; apt &#61; optional&#40;object&#40;&#123;&#10; remote &#61; optional&#40;object&#40;&#123;&#10; public_repository &#61; string &#35; &#34;BASE path&#34;&#10;&#10;&#10; disable_upstream_validation &#61; optional&#40;bool&#41;&#10; upstream_credentials &#61; optional&#40;object&#40;&#123;&#10; username &#61; string&#10; password_secret_version &#61; string&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; standard &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; docker &#61; optional&#40;object&#40;&#123;&#10; remote &#61; optional&#40;object&#40;&#123;&#10; public_repository &#61; optional&#40;string&#41;&#10; custom_repository &#61; optional&#40;string&#41;&#10;&#10;&#10; disable_upstream_validation &#61; optional&#40;bool&#41;&#10; upstream_credentials &#61; optional&#40;object&#40;&#123;&#10; username &#61; string&#10; password_secret_version &#61; string&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; standard &#61; optional&#40;object&#40;&#123;&#10; immutable_tags &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; virtual &#61; optional&#40;map&#40;object&#40;&#123;&#10; repository &#61; string&#10; priority &#61; number&#10; &#125;&#41;&#41;&#41;&#10; &#125;&#41;&#41;&#10; kfp &#61; optional&#40;object&#40;&#123;&#10; standard &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; generic &#61; optional&#40;object&#40;&#123;&#10; standard &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; go &#61; optional&#40;object&#40;&#123;&#10; standard &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; googet &#61; optional&#40;object&#40;&#123;&#10; standard &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; maven &#61; optional&#40;object&#40;&#123;&#10; remote &#61; optional&#40;object&#40;&#123;&#10; public_repository &#61; optional&#40;string&#41;&#10; custom_repository &#61; optional&#40;string&#41;&#10;&#10;&#10; disable_upstream_validation &#61; optional&#40;bool&#41;&#10; upstream_credentials &#61; optional&#40;object&#40;&#123;&#10; username &#61; string&#10; password_secret_version &#61; string&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; standard &#61; optional&#40;object&#40;&#123;&#10; allow_snapshot_overwrites &#61; optional&#40;bool&#41;&#10; version_policy &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; virtual &#61; optional&#40;map&#40;object&#40;&#123;&#10; repository &#61; string&#10; priority &#61; number&#10; &#125;&#41;&#41;&#41;&#10; &#125;&#41;&#41;&#10; npm &#61; optional&#40;object&#40;&#123;&#10; remote &#61; optional&#40;object&#40;&#123;&#10; public_repository &#61; optional&#40;string&#41;&#10; custom_repository &#61; optional&#40;string&#41;&#10;&#10;&#10; disable_upstream_validation &#61; optional&#40;bool&#41;&#10; upstream_credentials &#61; optional&#40;object&#40;&#123;&#10; username &#61; string&#10; password_secret_version &#61; string&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; standard &#61; optional&#40;bool&#41;&#10; virtual &#61; optional&#40;map&#40;object&#40;&#123;&#10; repository &#61; string&#10; priority &#61; number&#10; &#125;&#41;&#41;&#41;&#10; &#125;&#41;&#41;&#10; python &#61; optional&#40;object&#40;&#123;&#10; remote &#61; optional&#40;object&#40;&#123;&#10; public_repository &#61; optional&#40;string&#41;&#10; custom_repository &#61; optional&#40;string&#41;&#10;&#10;&#10; disable_upstream_validation &#61; optional&#40;bool&#41;&#10; upstream_credentials &#61; optional&#40;object&#40;&#123;&#10; username &#61; string&#10; password_secret_version &#61; string&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; standard &#61; optional&#40;bool&#41;&#10; virtual &#61; optional&#40;map&#40;object&#40;&#123;&#10; repository &#61; string&#10; priority &#61; number&#10; &#125;&#41;&#41;&#41;&#10; &#125;&#41;&#41;&#10; yum &#61; optional&#40;object&#40;&#123;&#10; remote &#61; optional&#40;object&#40;&#123;&#10; public_repository &#61; string &#35; &#34;BASE path&#34;&#10;&#10;&#10; disable_upstream_validation &#61; optional&#40;bool&#41;&#10; upstream_credentials &#61; optional&#40;object&#40;&#123;&#10; username &#61; string&#10; password_secret_version &#61; string&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; standard &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [name](variables.tf#L120) | Registry name. | <code>string</code> | ✓ | | | [location](variables.tf#L208) | Registry location. Use `gcloud beta artifacts locations list' to get valid values. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L125) | Registry project id. | <code>string</code> | ✓ | | | [name](variables.tf#L213) | Registry name. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L218) | Registry project id. | <code>string</code> | ✓ | |
| [cleanup_policy_dry_run](variables.tf#L38) | If true, the cleanup pipeline is prevented from deleting versions in this repository. | <code>bool</code> | | <code>null</code> | | [cleanup_policy_dry_run](variables.tf#L38) | If true, the cleanup pipeline is prevented from deleting versions in this repository. | <code>bool</code> | | <code>null</code> |
| [description](variables.tf#L44) | An optional description for the repository. | <code>string</code> | | <code>&#34;Terraform-managed registry&#34;</code> | | [description](variables.tf#L44) | An optional description for the repository. | <code>string</code> | | <code>&#34;Terraform-managed registry&#34;</code> |
| [encryption_key](variables.tf#L50) | The KMS key name to use for encryption at rest. | <code>string</code> | | <code>null</code> | | [encryption_key](variables.tf#L50) | The KMS key name to use for encryption at rest. | <code>string</code> | | <code>null</code> |
| [format](variables.tf#L56) | Repository format. | <code title="object&#40;&#123;&#10; apt &#61; optional&#40;object&#40;&#123;&#125;&#41;&#41;&#10; docker &#61; optional&#40;object&#40;&#123;&#10; immutable_tags &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; kfp &#61; optional&#40;object&#40;&#123;&#125;&#41;&#41;&#10; go &#61; optional&#40;object&#40;&#123;&#125;&#41;&#41;&#10; maven &#61; optional&#40;object&#40;&#123;&#10; allow_snapshot_overwrites &#61; optional&#40;bool&#41;&#10; version_policy &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; npm &#61; optional&#40;object&#40;&#123;&#125;&#41;&#41;&#10; python &#61; optional&#40;object&#40;&#123;&#125;&#41;&#41;&#10; yum &#61; optional&#40;object&#40;&#123;&#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123; docker &#61; &#123;&#125; &#125;</code> | | [iam](variables.tf#L196) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [iam](variables.tf#L83) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [labels](variables.tf#L202) | Labels to be attached to the registry. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [labels](variables.tf#L89) | Labels to be attached to the registry. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [mode](variables.tf#L100) | Repository mode. | <code title="object&#40;&#123;&#10; standard &#61; optional&#40;bool&#41;&#10; remote &#61; optional&#40;bool&#41;&#10; virtual &#61; optional&#40;map&#40;object&#40;&#123;&#10; repository &#61; string&#10; priority &#61; number&#10; &#125;&#41;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123; standard &#61; true &#125;</code> |
## Outputs ## Outputs
| name | description | sensitive | | name | description | sensitive |
|---|---|:---:| |---|---|:---:|
| [id](outputs.tf#L17) | Fully qualified repository id. | | | [id](outputs.tf#L17) | Fully qualified repository id. | |
| [image_path](outputs.tf#L22) | Repository path for images. | | | [name](outputs.tf#L22) | Repository name. | |
| [name](outputs.tf#L32) | Repository name. | | | [repository](outputs.tf#L27) | Repository object. | |
<!-- END TFDOC --> <!-- END TFDOC -->

92
modules/artifact-registry/main.tf
View File

@@ -1,5 +1,5 @@
/** /**
* Copyright 2023 Google LLC * Copyright 2024 Google LLC
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -15,8 +15,9 @@
*/ */
locals { locals {
format_obj = one([for k, v in var.format : v if v != null])
format_string = one([for k, v in var.format : k if v != null]) format_string = one([for k, v in var.format : k if v != null])
mode_string = one([for k, v in var.mode : k if v != null && v != false]) mode_string = one([for k, v in local.format_obj : k if v != null && v != false])
} }
resource "google_artifact_registry_repository" "registry" { resource "google_artifact_registry_repository" "registry" {
@@ -62,48 +63,111 @@ resource "google_artifact_registry_repository" "registry" {
dynamic "docker_config" { dynamic "docker_config" {
# TODO: open a bug on the provider for this permadiff # TODO: open a bug on the provider for this permadiff
for_each = ( for_each = (
local.format_string == "docker" && try(var.format.docker.immutable_tags, null) == true local.format_string == "docker" && try(local.format_obj.standard.immutable_tags, null) == true
? [""] ? [""] : []
: []
) )
content { content {
immutable_tags = var.format.docker.immutable_tags immutable_tags = local.format_obj.standard.immutable_tags
} }
} }
dynamic "maven_config" { dynamic "maven_config" {
for_each = local.format_string == "maven" ? [""] : [] for_each = local.format_string == "maven" ? [""] : []
content { content {
allow_snapshot_overwrites = var.format.maven.allow_snapshot_overwrites allow_snapshot_overwrites = try(local.format_obj.standard.allow_snapshot_overwrites, null)
version_policy = var.format.maven.version_policy version_policy = try(local.format_obj.standard.version_policy, null)
} }
} }
dynamic "remote_repository_config" { dynamic "remote_repository_config" {
for_each = local.mode_string == "remote" ? [""] : [] for_each = local.mode_string == "remote" ? [""] : []
content { content {
disable_upstream_validation = local.format_obj.remote.disable_upstream_validation
dynamic "upstream_credentials" {
for_each = local.format_obj.remote.upstream_credentials != null ? [""] : []
content {
username_password_credentials {
username = local.format_obj.remote.upstream_credentials.username
password_secret_version = local.format_obj.remote.upstream_credentials.password_secret_version
}
}
}
dynamic "apt_repository" {
for_each = local.format_string == "apt" ? [""] : []
content {
public_repository {
repository_base = split(" ", local.format_obj.remote.public_repository)[0]
repository_path = split(" ", local.format_obj.remote.public_repository)[1]
}
# dynamic "custom_repository" {
# for_each = local.format_obj.remote.custom_repository != null ? [""] : []
# content {
# uri = local.format_obj.remote.custom_repository
# }
# }
}
}
dynamic "docker_repository" { dynamic "docker_repository" {
for_each = local.format_string == "docker" ? [""] : [] for_each = local.format_string == "docker" ? [""] : []
content { content {
public_repository = "DOCKER_HUB" public_repository = local.format_obj.remote.public_repository
dynamic "custom_repository" {
for_each = local.format_obj.remote.custom_repository != null ? [""] : []
content {
uri = local.format_obj.remote.custom_repository
}
}
} }
} }
dynamic "maven_repository" { dynamic "maven_repository" {
for_each = local.format_string == "maven" ? [""] : [] for_each = local.format_string == "maven" ? [""] : []
content { content {
public_repository = "MAVEN_CENTRAL" public_repository = local.format_obj.remote.public_repository
dynamic "custom_repository" {
for_each = local.format_obj.remote.custom_repository != null ? [""] : []
content {
uri = local.format_obj.remote.custom_repository
}
}
} }
} }
dynamic "npm_repository" { dynamic "npm_repository" {
for_each = local.format_string == "npm" ? [""] : [] for_each = local.format_string == "npm" ? [""] : []
content { content {
public_repository = "NPMJS" public_repository = local.format_obj.remote.public_repository
dynamic "custom_repository" {
for_each = local.format_obj.remote.custom_repository != null ? [""] : []
content {
uri = local.format_obj.remote.custom_repository
}
}
} }
} }
dynamic "python_repository" { dynamic "python_repository" {
for_each = local.format_string == "python" ? [""] : [] for_each = local.format_string == "python" ? [""] : []
content { content {
public_repository = "PYPI" public_repository = local.format_obj.remote.public_repository
dynamic "custom_repository" {
for_each = local.format_obj.remote.custom_repository != null ? [""] : []
content {
uri = local.format_obj.remote.custom_repository
}
}
}
}
dynamic "yum_repository" {
for_each = local.format_string == "yum" ? [""] : []
content {
public_repository {
repository_base = split(" ", local.format_obj.remote.public_repository)[0]
repository_path = split(" ", local.format_obj.remote.public_repository)[1]
}
# dynamic "custom_repository" {
# for_each = local.format_obj.remote.custom_repository != null ? [""] : []
# content {
# uri = local.format_obj.remote.custom_repository
# }
# }
} }
} }
} }
@@ -113,7 +177,7 @@ resource "google_artifact_registry_repository" "registry" {
for_each = local.mode_string == "virtual" ? [""] : [] for_each = local.mode_string == "virtual" ? [""] : []
content { content {
dynamic "upstream_policies" { dynamic "upstream_policies" {
for_each = var.mode.virtual for_each = local.format_obj.virtual
content { content {
id = upstream_policies.key id = upstream_policies.key
repository = upstream_policies.value.repository repository = upstream_policies.value.repository
@@ -126,7 +190,7 @@ resource "google_artifact_registry_repository" "registry" {
lifecycle { lifecycle {
precondition { precondition {
condition = local.mode_string != "remote" || contains( condition = local.mode_string != "remote" || contains(
["docker", "maven", "npm", "python"], local.format_string ["apt", "docker", "maven", "npm", "python", "yum"], local.format_string
) )
error_message = "Invalid format for remote repository." error_message = "Invalid format for remote repository."
} }

17
modules/artifact-registry/outputs.tf
View File

@@ -1,5 +1,5 @@
/** /**
* Copyright 2022 Google LLC * Copyright 2024 Google LLC
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -19,17 +19,12 @@ output "id" {
value = google_artifact_registry_repository.registry.id value = google_artifact_registry_repository.registry.id
} }
output "image_path" {
description = "Repository path for images."
value = join("/", [
"${var.location}-${local.format_string}.pkg.dev",
var.project_id,
var.name
])
depends_on = [google_artifact_registry_repository.registry]
}
output "name" { output "name" {
description = "Repository name." description = "Repository name."
value = google_artifact_registry_repository.registry.name value = google_artifact_registry_repository.registry.name
} }
output "repository" {
description = "Repository object."
value = google_artifact_registry_repository.registry
}

155
modules/artifact-registry/variables.tf
View File

@@ -1,5 +1,5 @@
/** /**
* Copyright 2023 Google LLC * Copyright 2024 Google LLC
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -56,28 +56,141 @@ variable "encryption_key" {
variable "format" { variable "format" {
description = "Repository format." description = "Repository format."
type = object({ type = object({
apt = optional(object({})) apt = optional(object({
remote = optional(object({
# custom_repository = optional(string) # still not available in provider
public_repository = string # "BASE path"
disable_upstream_validation = optional(bool)
upstream_credentials = optional(object({
username = string
password_secret_version = string
}))
}))
standard = optional(bool)
}))
docker = optional(object({ docker = optional(object({
immutable_tags = optional(bool) remote = optional(object({
public_repository = optional(string)
custom_repository = optional(string)
disable_upstream_validation = optional(bool)
upstream_credentials = optional(object({
username = string
password_secret_version = string
}))
}))
standard = optional(object({
immutable_tags = optional(bool)
}))
virtual = optional(map(object({
repository = string
priority = number
})))
}))
kfp = optional(object({
standard = optional(bool)
}))
generic = optional(object({
standard = optional(bool)
}))
go = optional(object({
standard = optional(bool)
}))
googet = optional(object({
standard = optional(bool)
})) }))
kfp = optional(object({}))
go = optional(object({}))
maven = optional(object({ maven = optional(object({
allow_snapshot_overwrites = optional(bool) remote = optional(object({
version_policy = optional(string) public_repository = optional(string)
custom_repository = optional(string)
disable_upstream_validation = optional(bool)
upstream_credentials = optional(object({
username = string
password_secret_version = string
}))
}))
standard = optional(object({
allow_snapshot_overwrites = optional(bool)
version_policy = optional(string)
}))
virtual = optional(map(object({
repository = string
priority = number
})))
}))
npm = optional(object({
remote = optional(object({
public_repository = optional(string)
custom_repository = optional(string)
disable_upstream_validation = optional(bool)
upstream_credentials = optional(object({
username = string
password_secret_version = string
}))
}))
standard = optional(bool)
virtual = optional(map(object({
repository = string
priority = number
})))
}))
python = optional(object({
remote = optional(object({
public_repository = optional(string)
custom_repository = optional(string)
disable_upstream_validation = optional(bool)
upstream_credentials = optional(object({
username = string
password_secret_version = string
}))
}))
standard = optional(bool)
virtual = optional(map(object({
repository = string
priority = number
})))
}))
yum = optional(object({
remote = optional(object({
# custom_repository = optional(string) # still not available in provider
public_repository = string # "BASE path"
disable_upstream_validation = optional(bool)
upstream_credentials = optional(object({
username = string
password_secret_version = string
}))
}))
standard = optional(bool)
})) }))
npm = optional(object({}))
python = optional(object({}))
yum = optional(object({}))
}) })
nullable = false nullable = false
default = { docker = {} }
validation { validation {
condition = ( condition = (
length([for k, v in var.format : k if v != null]) == 1 length([for k, v in var.format : k if v != null]) == 1
) )
error_message = "Multiple or zero formats are not supported." error_message = "Multiple or zero formats are not supported."
} }
validation {
condition = alltrue([
for k, v in var.format :
length([for kk, vv in v : k if vv != null]) == 1
if v != null
])
error_message = "Repository can only be one of standard, remote or virtual."
}
validation {
condition = alltrue([
for k, v in var.format :
(try(v.remote.public_repository, null) == null) != (try(v.remote.custom_repository, null) == null)
if try(v.remote, null) != null
])
error_message = "Remote repositories must specify exactly one of public_repository and custom_repository."
}
} }
variable "iam" { variable "iam" {
@@ -97,26 +210,6 @@ variable "location" {
type = string type = string
} }
variable "mode" {
description = "Repository mode."
type = object({
standard = optional(bool)
remote = optional(bool)
virtual = optional(map(object({
repository = string
priority = number
})))
})
nullable = false
default = { standard = true }
validation {
condition = (
length([for k, v in var.mode : k if v != null && v != false]) == 1
)
error_message = "Multiple or zero modes are not supported."
}
}
variable "name" { variable "name" {
description = "Registry name." description = "Registry name."
type = string type = string

134
tests/modules/artifact_registry/examples/other-formats.yaml Normal file
View File

@@ -0,0 +1,134 @@
# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.apt-registry.google_artifact_registry_repository.registry:
cleanup_policies: []
cleanup_policy_dry_run: null
description: Terraform-managed registry
docker_config: []
format: APT
kms_key_name: null
labels: null
location: europe-west8
maven_config: []
mode: STANDARD_REPOSITORY
project: project-id
remote_repository_config: []
repository_id: apt-registry
timeouts: null
virtual_repository_config: []
module.generic-registry.google_artifact_registry_repository.registry:
cleanup_policies: []
cleanup_policy_dry_run: null
description: Terraform-managed registry
docker_config: []
format: GENERIC
kms_key_name: null
labels: null
location: europe-west8
maven_config: []
mode: STANDARD_REPOSITORY
project: project-id
remote_repository_config: []
repository_id: generic-registry
timeouts: null
virtual_repository_config: []
module.go-registry.google_artifact_registry_repository.registry:
cleanup_policies: []
cleanup_policy_dry_run: null
description: Terraform-managed registry
docker_config: []
format: GO
kms_key_name: null
labels: null
location: europe-west8
maven_config: []
mode: STANDARD_REPOSITORY
project: project-id
remote_repository_config: []
repository_id: go-registry
timeouts: null
virtual_repository_config: []
module.googet-registry.google_artifact_registry_repository.registry:
cleanup_policies: []
cleanup_policy_dry_run: null
description: Terraform-managed registry
docker_config: []
format: GOOGET
kms_key_name: null
labels: null
location: europe-west8
maven_config: []
mode: STANDARD_REPOSITORY
project: project-id
remote_repository_config: []
repository_id: googet-registry
timeouts: null
virtual_repository_config: []
module.kfp-registry.google_artifact_registry_repository.registry:
cleanup_policies: []
cleanup_policy_dry_run: null
description: Terraform-managed registry
docker_config: []
format: KFP
kms_key_name: null
labels: null
location: europe-west8
maven_config: []
mode: STANDARD_REPOSITORY
project: project-id
remote_repository_config: []
repository_id: kfp-registry
timeouts: null
virtual_repository_config: []
module.npm-registry.google_artifact_registry_repository.registry:
cleanup_policies: []
cleanup_policy_dry_run: null
description: Terraform-managed registry
docker_config: []
format: NPM
kms_key_name: null
labels: null
location: europe-west8
maven_config: []
mode: STANDARD_REPOSITORY
project: project-id
remote_repository_config: []
repository_id: npm-registry
timeouts: null
virtual_repository_config: []
module.yum-registry.google_artifact_registry_repository.registry:
cleanup_policies: []
cleanup_policy_dry_run: null
description: Terraform-managed registry
docker_config: []
format: YUM
kms_key_name: null
labels: null
location: europe-west8
maven_config: []
mode: STANDARD_REPOSITORY
project: project-id
remote_repository_config: []
repository_id: yum-registry
timeouts: null
virtual_repository_config: []
counts:
google_artifact_registry_repository: 7
modules: 7
resources: 7
outputs: {}