cca6f25d37
* feat(artifact-registry): Add possibility to setup Docker common remote repository configuration Add the possibility to setup Docker common remote repository configuration to be able to have remote of internal Artifact Registry repository. * feat(artifact-registry): Add instructions Readme to setup simple Docker common remote repository configuration
16 KiB
16 KiB
Google Cloud Artifact Registry Module
This module simplifies the creation of repositories using Google Cloud Artifact Registry.
- Simple Docker Repository
- Remote and Virtual Repositories
- Additional Docker and Maven Options
- Other Formats
- Cleanup Policies
- IAM
- Variables
- Outputs
Simple Docker Repository
module "docker_artifact_registry" {
source = "./fabric/modules/artifact-registry"
project_id = "myproject"
location = "europe-west1"
name = "myregistry"
format = { docker = { standard = {} } }
iam = {
"roles/artifactregistry.admin" = ["group:cicd@example.com"]
}
}
module "docker_artifact_registry_remote" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = "us-west1"
name = "remote"
format = {
docker = {
remote = {
common_repository = module.docker_artifact_registry.id
}
}
}
}
# tftest modules=2 resources=3
Remote and Virtual Repositories
module "registry-local" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = "europe-west1"
name = "local"
format = {
python = {
standard = true
}
}
}
module "registry-remote" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = "europe-west1"
name = "remote"
format = {
python = {
remote = {
public_repository = "PYPI"
}
}
}
}
module "registry-virtual" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = "europe-west1"
name = "virtual"
format = {
python = {
virtual = {
remote = {
repository = module.registry-remote.id
priority = 1
}
local = {
repository = module.registry-local.id
priority = 10
}
}
}
}
}
# tftest modules=3 resources=3 inventory=remote-virtual.yaml
Additional Docker and Maven Options
module "registry-docker" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = "europe-west1"
name = "docker"
format = {
docker = {
standard = {
immutable_tags = true
}
}
}
}
module "registry-maven" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = "europe-west1"
name = "maven"
format = {
maven = {
standard = {
allow_snapshot_overwrites = true
version_policy = "RELEASE"
}
}
}
}
# tftest modules=2 resources=2
Other Formats
module "apt-registry" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = var.region
name = "apt-registry"
format = { apt = { standard = true } }
}
module "generic-registry" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = var.region
name = "generic-registry"
format = { generic = { standard = true } }
}
module "go-registry" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = var.region
name = "go-registry"
format = { go = { standard = true } }
}
module "googet-registry" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = var.region
name = "googet-registry"
format = { googet = { standard = true } }
}
module "kfp-registry" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = var.region
name = "kfp-registry"
format = { kfp = { standard = true } }
}
module "npm-registry" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = var.region
name = "npm-registry"
format = { npm = { standard = true } }
}
module "yum-registry" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = var.region
name = "yum-registry"
format = { yum = { standard = true } }
}
# tftest modules=7 resources=7 inventory=other-formats.yaml
Cleanup Policies
module "registry-docker" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = "europe-west1"
name = "docker-cleanup-policies"
format = { docker = { standard = {} } }
cleanup_policy_dry_run = false
cleanup_policies = {
keep-5-versions = {
action = "KEEP"
most_recent_versions = {
package_name_prefixes = ["test"]
keep_count = 5
}
}
keep-tagged-release = {
action = "KEEP"
condition = {
tag_state = "TAGGED"
tag_prefixes = ["release"]
package_name_prefixes = ["webapp", "mobile"]
}
}
}
}
# tftest modules=1 resources=1 inventory=cleanup-policies.yaml
IAM
This module implements the same IAM interface than the other modules. You can choose one (and only one) of the three options below:
# Authoritative IAM bindings
module "authoritative_iam" {
source = "./fabric/modules/artifact-registry"
project_id = "myproject"
location = "europe-west1"
name = "myregistry"
format = { docker = { standard = {} } }
iam = {
"roles/artifactregistry.admin" = ["group:cicd@example.com"]
}
}
# Authoritative IAM bindings (with conditions)
module "authoritative_iam_conditions" {
source = "./fabric/modules/artifact-registry"
project_id = "myproject"
location = "europe-west1"
name = "myregistry"
format = { docker = { standard = {} } }
iam_bindings = {
"ci-admin" = {
members = ["group:cicd@example.com"]
role = "roles/artifactregistry.admin"
// condition = {
// expression = string
// title = string
// description = optional(string)
// }
}
}
}
# Additive IAM bindings
module "additive_iam" {
source = "./fabric/modules/artifact-registry"
project_id = "myproject"
location = "europe-west1"
name = "myregistry"
format = { docker = { standard = {} } }
iam_bindings_additive = {
"ci-admin" = {
member = "group:cicd@example.com"
role = "roles/artifactregistry.admin"
// condition = {
// expression = string
// title = string
// description = optional(string)
// }
}
"ci-read" = {
member = "group:cicd-read@example.com"
role = "roles/artifactregistry.reader"
// condition = {
// expression = string
// title = string
// description = optional(string)
// }
}
}
}
# tftest modules=3 resources=7
Variables
| name | description | type | required | default |
|---|---|---|---|---|
| cleanup_policies | Object containing details about the cleanup policies for an Artifact Registry repository. | map(object({…default = null |
✓ | |
| format | Repository format. | object({…}) |
✓ | |
| location | Registry location. Use `gcloud beta artifacts locations list' to get valid values. | string |
✓ | |
| name | Registry name. | string |
✓ | |
| project_id | Registry project id. | string |
✓ | |
| cleanup_policy_dry_run | If true, the cleanup pipeline is prevented from deleting versions in this repository. | bool |
null |
|
| description | An optional description for the repository. | string |
"Terraform-managed registry" |
|
| encryption_key | The KMS key name to use for encryption at rest. | string |
null |
|
| iam | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) |
{} |
|
| iam_bindings | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | map(object({…})) |
{} |
|
| iam_bindings_additive | Individual additive IAM bindings. Keys are arbitrary. | map(object({…})) |
{} |
|
| iam_by_principals | Authoritative IAM binding in {PRINCIPAL => [ROLES]} format. Principals need to be statically defined to avoid cycle errors. Merged internally with the iam variable. |
map(list(string)) |
{} |
|
| labels | Labels to be attached to the registry. | map(string) |
{} |
Outputs
| name | description | sensitive |
|---|---|---|
| id | Fully qualified repository id. | |
| name | Repository name. | |
| repository | Repository object. | |
| url | Repository URL. |