Skip to content

GoogleCloudPlatform/terraform-google-artifact-registry

Repository files navigation

terraform-google-artifact-registry

The Terraform module handles the creation of repositories in Artifact Registry on Google Cloud.

The resources/services/activations/deletions that this module will create/trigger are:

  • Different repositories in Artifact Registry
    • docker, apt, yum, go, pypi, npm, maven
  • Provide Artifact Registry Reader or Writer roles to the users and service accounts

Assumptions and prerequisites

This module assumes that below mentioned prerequisites are in place before consuming the module.

  • To deploy this blueprint you must have an active billing account and billing permissions.
  • APIs are enabled
  • Permissions are available

Usage

Basic usage of this module is as follows:

module "artifact_registry" {
  source  = "GoogleCloudPlatform/artifact-registry/google"
  version = "~> 0.3"

  # Required variables
  project_id    = "<PROJECT ID>"
  location      = "<LOCATION>"
  format        = "<REPO_FORMAT>"
  repository_id = "<REPO_NAME>"
}

Functional examples are included in the examples directory.

Inputs

Name Description Type Default Required
cleanup_policies Cleanup policies for this repository. Cleanup policies indicate when certain package versions can be automatically deleted. Map keys are policy IDs supplied by users during policy creation. They must unique within a repository and be under 128 characters in length.
map(object({
action = optional(string)
condition = optional(object({
tag_state = optional(string)
tag_prefixes = optional(list(string))
version_name_prefixes = optional(list(string))
package_name_prefixes = optional(list(string))
older_than = optional(string)
newer_than = optional(string)
}), null)
most_recent_versions = optional(object({
package_name_prefixes = optional(list(string))
keep_count = optional(number)
}), null)
}))
{} no
cleanup_policy_dry_run If true, the cleanup pipeline is prevented from deleting versions in this repository bool false no
description The user-provided description of the repository string null no
docker_config Docker repository config contains repository level configuration for the repositories of docker type
object({
immutable_tags = optional(bool)
})
null no
enable_vpcsc_policy Enable VPC SC policy bool false no
format The format of packages that are stored in the repository. You can only create alpha formats if you are a member of the alpha user group. string n/a yes
kms_key_name The Cloud KMS resource name of the customer managed encryption key that’s used to encrypt the contents of the Repository. Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. This value may not be changed after the Repository has been created string null no
labels Labels for the repository map(string) {} no
location The name of the location this repository is located in string n/a yes
maven_config MavenRepositoryConfig is maven related repository details. Provides additional configuration details for repositories of the maven format type.
object({
allow_snapshot_overwrites = optional(bool)
version_policy = optional(string)
})
null no
members Artifact Registry Reader and Writer roles for Users/SAs. Key names must be readers and/or writers map(list(string)) {} no
mode The mode configures the repository to serve artifacts from different sources. Default value is STANDARD_REPOSITORY. Possible values are: STANDARD_REPOSITORY, VIRTUAL_REPOSITORY, REMOTE_REPOSITORY string "STANDARD_REPOSITORY" no
project_id The project ID to create the repository string n/a yes
remote_repository_config Configuration specific for a Remote Repository.
object({
description = optional(string)
disable_upstream_validation = optional(bool, true)
upstream_credentials = optional(object({
username = string
password_secret_version = string
}), null)
apt_repository = optional(object({
public_repository = optional(object({
repository_base = string
repository_path = string
}), null)
}), null)
docker_repository = optional(object({
public_repository = optional(string)
custom_repository = optional(object({
uri = string
}), null)
}), null)
maven_repository = optional(object({
public_repository = optional(string)
custom_repository = optional(object({
uri = string
}), null)
}), null)
npm_repository = optional(object({
public_repository = optional(string)
custom_repository = optional(object({
uri = string
}), null)
}), null)
python_repository = optional(object({
public_repository = optional(string)
custom_repository = optional(object({
uri = string
}), null)
}), null)
yum_repository = optional(object({
public_repository = optional(object({
repository_base = string
repository_path = string
}), null)
}), null)
})
null no
repository_id The repository name string n/a yes
virtual_repository_config Configuration specific for a Virtual Repository.
object({
upstream_policies = optional(list(object({
id = string
repository = string
priority = number
})), null)
})
null no
vpcsc_policy The VPC SC policy for project and location. Possible values are: DENY, ALLOW string "ALLOW" no

Outputs

Name Description
artifact_id an identifier for the resource
artifact_name an identifier for the resource
create_time The time when the repository was created.
update_time The time when the repository was last updated.

Requirements

These sections describe requirements for using this module.

Software

The following dependencies must be available:

Service Account

A service account with the following roles must be used to provision the resources of this module:

  • Artifact Registry Admin: roles/artifactregistry.admin
  • Secret Manager Admin: roles/secretmanager.admin
  • Context Manager Admin: roles/contextmanager.admin

The Project Factory module and the IAM module may be used in combination to provision a service account with the necessary roles applied.

APIs

A project with the following APIs enabled must be used to host the resources of this module:

  • Artifact Registry JSON API: artifactregistry.googleapis.com
  • Secret Manager JSON API: secretmanager.googleapis.com
  • Context Manager JSON API: contextmanager.googleapis.com

The Project Factory module can be used to provision a project with the necessary APIs enabled.

Contributing

Refer to the contribution guidelines for information on contributing to this module.

Security Disclosures

Please see our security disclosure process.