diff --git a/modules/artifact-registry/README.md b/modules/artifact-registry/README.md
index a3eca65e2..f38217a25 100644
--- a/modules/artifact-registry/README.md
+++ b/modules/artifact-registry/README.md
@@ -26,7 +26,21 @@ module "docker_artifact_registry" {
"roles/artifactregistry.admin" = ["group:cicd@example.com"]
}
}
-# tftest modules=1 resources=2
+
+module "docker_artifact_registry_remote" {
+ source = "./fabric/modules/artifact-registry"
+ project_id = var.project_id
+ location = "us-west1"
+ name = "remote"
+ format = {
+ docker = {
+ remote = {
+ common_repository = module.docker_artifact_registry.id
+ }
+ }
+ }
+}
+# tftest modules=2 resources=3
```
## Remote and Virtual Repositories
@@ -286,10 +300,10 @@ module "additive_iam" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [cleanup_policies](variables.tf#L17) | Object containing details about the cleanup policies for an Artifact Registry repository. | map(object({…default = null | ✓ | |
-| [format](variables.tf#L56) | Repository format. | object({…}) | ✓ | |
-| [location](variables.tf#L202) | Registry location. Use `gcloud beta artifacts locations list' to get valid values. | string | ✓ | |
-| [name](variables.tf#L207) | Registry name. | string | ✓ | |
-| [project_id](variables.tf#L212) | Registry project id. | string | ✓ | |
+| [format](variables.tf#L56) | Repository format. | object({…}) | ✓ | |
+| [location](variables.tf#L206) | Registry location. Use `gcloud beta artifacts locations list' to get valid values. | string | ✓ | |
+| [name](variables.tf#L211) | Registry name. | string | ✓ | |
+| [project_id](variables.tf#L216) | Registry project id. | string | ✓ | |
| [cleanup_policy_dry_run](variables.tf#L38) | If true, the cleanup pipeline is prevented from deleting versions in this repository. | bool | | null |
| [description](variables.tf#L44) | An optional description for the repository. | string | | "Terraform-managed registry" |
| [encryption_key](variables.tf#L50) | The KMS key name to use for encryption at rest. | string | | null |
@@ -297,7 +311,7 @@ module "additive_iam" {
| [iam_bindings](variables-iam.tf#L43) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | map(object({…})) | | {} |
| [iam_bindings_additive](variables-iam.tf#L58) | Individual additive IAM bindings. Keys are arbitrary. | map(object({…})) | | {} |
| [iam_by_principals](variables-iam.tf#L73) | Authoritative IAM binding in {PRINCIPAL => [ROLES]} format. Principals need to be statically defined to avoid cycle errors. Merged internally with the `iam` variable. | map(list(string)) | | {} |
-| [labels](variables.tf#L196) | Labels to be attached to the registry. | map(string) | | {} |
+| [labels](variables.tf#L200) | Labels to be attached to the registry. | map(string) | | {} |
## Outputs
diff --git a/modules/artifact-registry/main.tf b/modules/artifact-registry/main.tf
index 685ea9bc6..a9ac681e3 100644
--- a/modules/artifact-registry/main.tf
+++ b/modules/artifact-registry/main.tf
@@ -107,8 +107,20 @@ resource "google_artifact_registry_repository" "registry" {
# }
}
}
+ dynamic "common_repository" {
+ for_each = (
+ local.format_string == "docker" && try(local.format_obj.remote.common_repository, null) != null
+ ? [""] : []
+ )
+ content {
+ uri = local.format_obj.remote.common_repository
+ }
+ }
dynamic "docker_repository" {
- for_each = local.format_string == "docker" ? [""] : []
+ for_each = (
+ local.format_string == "docker" && try(local.format_obj.remote.common_repository, null) == null
+ ? [""] : []
+ )
content {
public_repository = local.format_obj.remote.public_repository
dynamic "custom_repository" {
diff --git a/modules/artifact-registry/variables.tf b/modules/artifact-registry/variables.tf
index 6c86daec9..23b194a39 100644
--- a/modules/artifact-registry/variables.tf
+++ b/modules/artifact-registry/variables.tf
@@ -72,6 +72,7 @@ variable "format" {
docker = optional(object({
remote = optional(object({
public_repository = optional(string)
+ common_repository = optional(string)
custom_repository = optional(string)
disable_upstream_validation = optional(bool)
@@ -185,11 +186,14 @@ variable "format" {
}
validation {
condition = alltrue([
- for k, v in var.format :
- (try(v.remote.public_repository, null) == null) != (try(v.remote.custom_repository, null) == null)
+ for k, v in var.format : (
+ (try(v.remote.public_repository, null) == null ? 0 : 1) +
+ (try(v.remote.custom_repository, null) == null ? 0 : 1) +
+ (try(v.remote.common_repository, null) == null ? 0 : 1)
+ ) == 1
if try(v.remote, null) != null
])
- error_message = "Remote repositories must specify exactly one of public_repository and custom_repository."
+ error_message = "Remote repositories must specify exactly one of public_repository, custom_repository and common_repository."
}
}