Add Container Registry module (#80)

CHANGELOG.md

@@ -5,6 +5,7 @@ All notable changes to this project will be documented in this file.
 ## [Unreleased]
 
 - new `datafusion` module
+- new `container-registry` module
 
 ## [1.6.0] - 2020-05-20
 

README.md

@@ -37,6 +37,6 @@ Currently available modules:
 - **compute** - [VM/VM group](./modules/compute-vm), [MIG](./modules/compute-mig), [GKE cluster](./modules/gke-cluster), [GKE nodepool](./modules/gke-nodepool), [COS container](./modules/cos-container) (coredns, mysql, onprem, squid)
 - **data** - [GCS](./modules/gcs), [BigQuery dataset](./modules/bigquery-dataset), [Pub/Sub](./modules/pubsub)
 - **security** - [KMS](./modules/kms), [SecretManager](./modules/secret-manager)
-- **development** - [Cloud Source Repository](./modules/source-repository)
+- **development** - [Cloud Source Repository](./modules/source-repository), [Container Registry](./modules/container-registry)
 
 For more information and usage examples see each module's README file.

modules/container-registry/README.md

@@ -0,0 +1,34 @@
+# Google Cloud Container Registry Module
+
+This module simplifies the creation of GCS buckets used by Google Container Registry.
+
+## Example
+
+```hcl
+module "container_registry" {
+  source     = "../../modules/container-registry"
+  project_id = "myproject"
+  location   = "EU"
+  iam_roles  = ["roles/storage.admin"]
+  iam_members = {
+    "roles/storage.admin" = ["group:cicd@example.com"]
+  }
+}
+```
+
+<!-- BEGIN TFDOC -->
+## Variables
+
+| name | description | type | required | default |
+|---|---|:---: |:---:|:---:|
+| project_id | Registry project id. | <code title="">string</code> | ✓ |  |
+| *iam_members* | Map of member lists used to set authoritative bindings, keyed by role. | <code title="map&#40;list&#40;string&#41;&#41;">map(list(string))</code> |  | <code title="">null</code> |
+| *iam_roles* | List of roles used to set authoritative bindings. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">null</code> |
+| *location* | Bucket location. Can be US, EU, ASIA or empty | <code title="">string</code> |  | <code title=""></code> |
+
+## Outputs
+
+| name | description | sensitive |
+|---|---|:---:|
+| bucket_id | ID of the GCS bucket created |  |
+<!-- END TFDOC -->

modules/container-registry/main.tf

@@ -0,0 +1,27 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+resource "google_container_registry" "registry" {
+  project  = var.project_id
+  location = var.location
+}
+
+resource "google_storage_bucket_iam_binding" "bindings" {
+  for_each = toset(var.iam_roles)
+  bucket   = google_container_registry.registry.id
+  role     = each.value
+  members  = lookup(var.iam_members, each.value, [])
+}

modules/container-registry/outputs.tf

@@ -0,0 +1,20 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "bucket_id" {
+  description = "ID of the GCS bucket created"
+  value       = google_container_registry.registry.id
+}

modules/container-registry/variables.tf

@@ -0,0 +1,38 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "iam_members" {
+  description = "Map of member lists used to set authoritative bindings, keyed by role."
+  type        = map(list(string))
+  default     = null
+}
+
+variable "iam_roles" {
+  description = "List of roles used to set authoritative bindings."
+  type        = list(string)
+  default     = null
+}
+
+variable "location" {
+  description = "Registry location. Can be US, EU, ASIA or empty"
+  type        = string
+  default     = ""
+}
+
+variable "project_id" {
+  description = "Registry project id."
+  type        = string
+}

modules/container-registry/versions.tf

@@ -0,0 +1,19 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_version = ">= 0.12.6"
+}