artifact-registry: Support cleanup policies (#1891)
This commit is contained in:
parent
da5371b391
commit
3a2484843c
|
@ -6,6 +6,7 @@ This module simplifies the creation of repositories using Google Cloud Artifact
|
|||
- [Standard Repository](#standard-repository)
|
||||
- [Remote and Virtual Repositories](#remote-and-virtual-repositories)
|
||||
- [Additional Docker and Maven Options](#additional-docker-and-maven-options)
|
||||
- [Cleanup Policies](#cleanup-policies)
|
||||
- [Variables](#variables)
|
||||
- [Outputs](#outputs)
|
||||
<!-- END TOC -->
|
||||
|
@ -100,20 +101,56 @@ module "registry-maven" {
|
|||
|
||||
# tftest modules=2 resources=2
|
||||
```
|
||||
|
||||
## Cleanup Policies
|
||||
|
||||
```hcl
|
||||
|
||||
module "registry-docker" {
|
||||
source = "./fabric/modules/artifact-registry"
|
||||
project_id = var.project_id
|
||||
location = "europe-west1"
|
||||
name = "docker-cleanup-policies"
|
||||
format = { docker = {} }
|
||||
cleanup_policy_dry_run = false
|
||||
cleanup_policies = {
|
||||
keep-5-versions = {
|
||||
action = "KEEP"
|
||||
most_recent_versions = {
|
||||
package_name_prefixes = ["test"]
|
||||
keep_count = 5
|
||||
}
|
||||
}
|
||||
keep-tagged-release = {
|
||||
action = "KEEP"
|
||||
condition = {
|
||||
tag_state = "TAGGED"
|
||||
tag_prefixes = ["release"]
|
||||
package_name_prefixes = ["webapp", "mobile"]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# tftest modules=1 resources=1 inventory=cleanup-policies.yaml
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [location](variables.tf#L68) | Registry location. Use `gcloud beta artifacts locations list' to get valid values. | <code>string</code> | ✓ | |
|
||||
| [name](variables.tf#L93) | Registry name. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L98) | Registry project id. | <code>string</code> | ✓ | |
|
||||
| [description](variables.tf#L17) | An optional description for the repository. | <code>string</code> | | <code>"Terraform-managed registry"</code> |
|
||||
| [encryption_key](variables.tf#L23) | The KMS key name to use for encryption at rest. | <code>string</code> | | <code>null</code> |
|
||||
| [format](variables.tf#L29) | Repository format. | <code title="object({ apt = optional(object({})) docker = optional(object({ immutable_tags = optional(bool) })) kfp = optional(object({})) go = optional(object({})) maven = optional(object({ allow_snapshot_overwrites = optional(bool) version_policy = optional(string) })) npm = optional(object({})) python = optional(object({})) yum = optional(object({})) })">object({…})</code> | | <code>{ docker = {} }</code> |
|
||||
| [iam](variables.tf#L56) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [labels](variables.tf#L62) | Labels to be attached to the registry. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [mode](variables.tf#L73) | Repository mode. | <code title="object({ standard = optional(bool) remote = optional(bool) virtual = optional(map(object({ repository = string priority = number }))) })">object({…})</code> | | <code>{ standard = true }</code> |
|
||||
| [cleanup_policies](variables.tf#L17) | Object containing details about the cleanup policies for an Artifact Registry repository. | <code title="map(object({ action = string condition = optional(object({ tag_state = optional(string) tag_prefixes = optional(list(string)) older_than = optional(string) newer_than = optional(string) package_name_prefixes = optional(list(string)) version_name_prefixes = optional(list(string)) })) most_recent_versions = optional(object({ package_name_prefixes = optional(list(string)) keep_count = optional(number) })) })) default = null">map(object({…default = null</code> | ✓ | |
|
||||
| [location](variables.tf#L95) | Registry location. Use `gcloud beta artifacts locations list' to get valid values. | <code>string</code> | ✓ | |
|
||||
| [name](variables.tf#L120) | Registry name. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L125) | Registry project id. | <code>string</code> | ✓ | |
|
||||
| [cleanup_policy_dry_run](variables.tf#L38) | If true, the cleanup pipeline is prevented from deleting versions in this repository. | <code>bool</code> | | <code>null</code> |
|
||||
| [description](variables.tf#L44) | An optional description for the repository. | <code>string</code> | | <code>"Terraform-managed registry"</code> |
|
||||
| [encryption_key](variables.tf#L50) | The KMS key name to use for encryption at rest. | <code>string</code> | | <code>null</code> |
|
||||
| [format](variables.tf#L56) | Repository format. | <code title="object({ apt = optional(object({})) docker = optional(object({ immutable_tags = optional(bool) })) kfp = optional(object({})) go = optional(object({})) maven = optional(object({ allow_snapshot_overwrites = optional(bool) version_policy = optional(string) })) npm = optional(object({})) python = optional(object({})) yum = optional(object({})) })">object({…})</code> | | <code>{ docker = {} }</code> |
|
||||
| [iam](variables.tf#L83) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [labels](variables.tf#L89) | Labels to be attached to the registry. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [mode](variables.tf#L100) | Repository mode. | <code title="object({ standard = optional(bool) remote = optional(bool) virtual = optional(map(object({ repository = string priority = number }))) })">object({…})</code> | | <code>{ standard = true }</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -20,6 +20,7 @@ locals {
|
|||
}
|
||||
|
||||
resource "google_artifact_registry_repository" "registry" {
|
||||
provider = google-beta
|
||||
project = var.project_id
|
||||
location = var.location
|
||||
description = var.description
|
||||
|
@ -29,6 +30,35 @@ resource "google_artifact_registry_repository" "registry" {
|
|||
mode = "${upper(local.mode_string)}_REPOSITORY"
|
||||
kms_key_name = var.encryption_key
|
||||
|
||||
cleanup_policy_dry_run = var.cleanup_policy_dry_run
|
||||
dynamic "cleanup_policies" {
|
||||
for_each = var.cleanup_policies == null ? {} : var.cleanup_policies
|
||||
content {
|
||||
id = cleanup_policies.key
|
||||
action = cleanup_policies.value.action
|
||||
|
||||
dynamic "condition" {
|
||||
for_each = (cleanup_policies.value.condition != null) ? [""] : []
|
||||
content {
|
||||
tag_state = cleanup_policies.value.condition.tag_state
|
||||
tag_prefixes = cleanup_policies.value.condition.tag_prefixes
|
||||
version_name_prefixes = cleanup_policies.value.condition.version_name_prefixes
|
||||
package_name_prefixes = cleanup_policies.value.condition.package_name_prefixes
|
||||
newer_than = cleanup_policies.value.condition.newer_than
|
||||
older_than = cleanup_policies.value.condition.older_than
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "most_recent_versions" {
|
||||
for_each = (cleanup_policies.value.most_recent_versions != null) ? [""] : []
|
||||
content {
|
||||
package_name_prefixes = cleanup_policies.value.most_recent_versions.package_name_prefixes
|
||||
keep_count = cleanup_policies.value.most_recent_versions.keep_count
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "docker_config" {
|
||||
# TODO: open a bug on the provider for this permadiff
|
||||
for_each = (
|
||||
|
|
|
@ -14,6 +14,33 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "cleanup_policies" {
|
||||
description = "Object containing details about the cleanup policies for an Artifact Registry repository."
|
||||
type = map(object({
|
||||
action = string
|
||||
condition = optional(object({
|
||||
tag_state = optional(string)
|
||||
tag_prefixes = optional(list(string))
|
||||
older_than = optional(string)
|
||||
newer_than = optional(string)
|
||||
package_name_prefixes = optional(list(string))
|
||||
version_name_prefixes = optional(list(string))
|
||||
}))
|
||||
most_recent_versions = optional(object({
|
||||
package_name_prefixes = optional(list(string))
|
||||
keep_count = optional(number)
|
||||
}))
|
||||
}))
|
||||
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "cleanup_policy_dry_run" {
|
||||
description = "If true, the cleanup pipeline is prevented from deleting versions in this repository."
|
||||
type = bool
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "description" {
|
||||
description = "An optional description for the repository."
|
||||
type = string
|
||||
|
|
|
@ -0,0 +1,46 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
values:
|
||||
module.registry-docker.google_artifact_registry_repository.registry:
|
||||
cleanup_policies:
|
||||
- id: keep-tagged-release
|
||||
action: KEEP
|
||||
condition:
|
||||
- package_name_prefixes:
|
||||
- webapp
|
||||
- mobile
|
||||
tag_prefixes:
|
||||
- release
|
||||
tag_state: TAGGED
|
||||
- id: keep-5-versions
|
||||
action: KEEP
|
||||
condition: []
|
||||
most_recent_versions:
|
||||
- keep_count: 5
|
||||
package_name_prefixes:
|
||||
- test
|
||||
cleanup_policy_dry_run: false
|
||||
format: DOCKER
|
||||
location: europe-west1
|
||||
mode: STANDARD_REPOSITORY
|
||||
project: project-id
|
||||
repository_id: docker-cleanup-policies
|
||||
|
||||
|
||||
counts:
|
||||
google_artifact_registry_repository: 1
|
||||
modules: 1
|
||||
resources: 1
|
Loading…
Reference in New Issue