Add Container Registry module (#80)
This commit is contained in:
parent
4bf3a81463
commit
0f291fbde3
|
@ -5,6 +5,7 @@ All notable changes to this project will be documented in this file.
|
|||
## [Unreleased]
|
||||
|
||||
- new `datafusion` module
|
||||
- new `container-registry` module
|
||||
|
||||
## [1.6.0] - 2020-05-20
|
||||
|
||||
|
|
|
@ -37,6 +37,6 @@ Currently available modules:
|
|||
- **compute** - [VM/VM group](./modules/compute-vm), [MIG](./modules/compute-mig), [GKE cluster](./modules/gke-cluster), [GKE nodepool](./modules/gke-nodepool), [COS container](./modules/cos-container) (coredns, mysql, onprem, squid)
|
||||
- **data** - [GCS](./modules/gcs), [BigQuery dataset](./modules/bigquery-dataset), [Pub/Sub](./modules/pubsub)
|
||||
- **security** - [KMS](./modules/kms), [SecretManager](./modules/secret-manager)
|
||||
- **development** - [Cloud Source Repository](./modules/source-repository)
|
||||
- **development** - [Cloud Source Repository](./modules/source-repository), [Container Registry](./modules/container-registry)
|
||||
|
||||
For more information and usage examples see each module's README file.
|
||||
|
|
|
@ -0,0 +1,34 @@
|
|||
# Google Cloud Container Registry Module
|
||||
|
||||
This module simplifies the creation of GCS buckets used by Google Container Registry.
|
||||
|
||||
## Example
|
||||
|
||||
```hcl
|
||||
module "container_registry" {
|
||||
source = "../../modules/container-registry"
|
||||
project_id = "myproject"
|
||||
location = "EU"
|
||||
iam_roles = ["roles/storage.admin"]
|
||||
iam_members = {
|
||||
"roles/storage.admin" = ["group:cicd@example.com"]
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
<!-- BEGIN TFDOC -->
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---: |:---:|:---:|
|
||||
| project_id | Registry project id. | <code title="">string</code> | ✓ | |
|
||||
| *iam_members* | Map of member lists used to set authoritative bindings, keyed by role. | <code title="map(list(string))">map(list(string))</code> | | <code title="">null</code> |
|
||||
| *iam_roles* | List of roles used to set authoritative bindings. | <code title="list(string)">list(string)</code> | | <code title="">null</code> |
|
||||
| *location* | Bucket location. Can be US, EU, ASIA or empty | <code title="">string</code> | | <code title=""></code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
| name | description | sensitive |
|
||||
|---|---|:---:|
|
||||
| bucket_id | ID of the GCS bucket created | |
|
||||
<!-- END TFDOC -->
|
|
@ -0,0 +1,27 @@
|
|||
/**
|
||||
* Copyright 2020 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
resource "google_container_registry" "registry" {
|
||||
project = var.project_id
|
||||
location = var.location
|
||||
}
|
||||
|
||||
resource "google_storage_bucket_iam_binding" "bindings" {
|
||||
for_each = toset(var.iam_roles)
|
||||
bucket = google_container_registry.registry.id
|
||||
role = each.value
|
||||
members = lookup(var.iam_members, each.value, [])
|
||||
}
|
|
@ -0,0 +1,20 @@
|
|||
/**
|
||||
* Copyright 2020 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
output "bucket_id" {
|
||||
description = "ID of the GCS bucket created"
|
||||
value = google_container_registry.registry.id
|
||||
}
|
|
@ -0,0 +1,38 @@
|
|||
/**
|
||||
* Copyright 2020 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "iam_members" {
|
||||
description = "Map of member lists used to set authoritative bindings, keyed by role."
|
||||
type = map(list(string))
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "iam_roles" {
|
||||
description = "List of roles used to set authoritative bindings."
|
||||
type = list(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "location" {
|
||||
description = "Registry location. Can be US, EU, ASIA or empty"
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Registry project id."
|
||||
type = string
|
||||
}
|
|
@ -0,0 +1,19 @@
|
|||
/**
|
||||
* Copyright 2020 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
terraform {
|
||||
required_version = ">= 0.12.6"
|
||||
}
|
Loading…
Reference in New Issue