The Terraform module handles the creation of repositories in Artifact Registry on Google Cloud.
The resources/services/activations/deletions that this module will create/trigger are:
- Different repositories in Artifact Registry
- docker, apt, yum, go, pypi, npm, maven
- Provide Artifact Registry Reader or Writer roles to the users and service accounts
This module assumes that below mentioned prerequisites are in place before consuming the module.
- To deploy this blueprint you must have an active billing account and billing permissions.
- APIs are enabled
- Permissions are available
Basic usage of this module is as follows:
module "artifact_registry" {
source = "GoogleCloudPlatform/artifact-registry/google"
version = "~> 0.3"
# Required variables
project_id = "<PROJECT ID>"
location = "<LOCATION>"
format = "<REPO_FORMAT>"
repository_id = "<REPO_NAME>"
}
Functional examples are included in the examples directory.
Name | Description | Type | Default | Required |
---|---|---|---|---|
cleanup_policies | Cleanup policies for this repository. Cleanup policies indicate when certain package versions can be automatically deleted. Map keys are policy IDs supplied by users during policy creation. They must unique within a repository and be under 128 characters in length. | map(object({ |
{} |
no |
cleanup_policy_dry_run | If true, the cleanup pipeline is prevented from deleting versions in this repository | bool |
false |
no |
description | The user-provided description of the repository | string |
null |
no |
docker_config | Docker repository config contains repository level configuration for the repositories of docker type | object({ |
null |
no |
enable_vpcsc_policy | Enable VPC SC policy | bool |
false |
no |
format | The format of packages that are stored in the repository. You can only create alpha formats if you are a member of the alpha user group. | string |
n/a | yes |
kms_key_name | The Cloud KMS resource name of the customer managed encryption key that’s used to encrypt the contents of the Repository. Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. This value may not be changed after the Repository has been created | string |
null |
no |
labels | Labels for the repository | map(string) |
{} |
no |
location | The name of the location this repository is located in | string |
n/a | yes |
maven_config | MavenRepositoryConfig is maven related repository details. Provides additional configuration details for repositories of the maven format type. | object({ |
null |
no |
members | Artifact Registry Reader and Writer roles for Users/SAs. Key names must be readers and/or writers | map(list(string)) |
{} |
no |
mode | The mode configures the repository to serve artifacts from different sources. Default value is STANDARD_REPOSITORY. Possible values are: STANDARD_REPOSITORY, VIRTUAL_REPOSITORY, REMOTE_REPOSITORY | string |
"STANDARD_REPOSITORY" |
no |
project_id | The project ID to create the repository | string |
n/a | yes |
remote_repository_config | Configuration specific for a Remote Repository. | object({ |
null |
no |
repository_id | The repository name | string |
n/a | yes |
virtual_repository_config | Configuration specific for a Virtual Repository. | object({ |
null |
no |
vpcsc_policy | The VPC SC policy for project and location. Possible values are: DENY, ALLOW | string |
"ALLOW" |
no |
Name | Description |
---|---|
artifact_id | an identifier for the resource |
artifact_name | an identifier for the resource |
create_time | The time when the repository was created. |
update_time | The time when the repository was last updated. |
These sections describe requirements for using this module.
The following dependencies must be available:
- Terraform v0.13+
- Terraform Provider for GCP plugin v5.26.0+
A service account with the following roles must be used to provision the resources of this module:
- Artifact Registry Admin:
roles/artifactregistry.admin
- Secret Manager Admin:
roles/secretmanager.admin
- Context Manager Admin:
roles/contextmanager.admin
The Project Factory module and the IAM module may be used in combination to provision a service account with the necessary roles applied.
A project with the following APIs enabled must be used to host the resources of this module:
- Artifact Registry JSON API:
artifactregistry.googleapis.com
- Secret Manager JSON API:
secretmanager.googleapis.com
- Context Manager JSON API:
contextmanager.googleapis.com
The Project Factory module can be used to provision a project with the necessary APIs enabled.
Refer to the contribution guidelines for information on contributing to this module.
Please see our security disclosure process.