163 lines
6.8 KiB
Markdown
163 lines
6.8 KiB
Markdown
# Google Cloud Artifact Registry Module
|
|
|
|
This module simplifies the creation of repositories using Google Cloud Artifact Registry.
|
|
|
|
<!-- BEGIN TOC -->
|
|
- [Standard Repository](#standard-repository)
|
|
- [Remote and Virtual Repositories](#remote-and-virtual-repositories)
|
|
- [Additional Docker and Maven Options](#additional-docker-and-maven-options)
|
|
- [Cleanup Policies](#cleanup-policies)
|
|
- [Variables](#variables)
|
|
- [Outputs](#outputs)
|
|
<!-- END TOC -->
|
|
|
|
## Standard Repository
|
|
|
|
```hcl
|
|
module "docker_artifact_registry" {
|
|
source = "./fabric/modules/artifact-registry"
|
|
project_id = "myproject"
|
|
location = "europe-west1"
|
|
name = "myregistry"
|
|
iam = {
|
|
"roles/artifactregistry.admin" = ["group:cicd@example.com"]
|
|
}
|
|
}
|
|
# tftest modules=1 resources=2
|
|
```
|
|
|
|
## Remote and Virtual Repositories
|
|
|
|
```hcl
|
|
|
|
module "registry-local" {
|
|
source = "./fabric/modules/artifact-registry"
|
|
project_id = var.project_id
|
|
location = "europe-west1"
|
|
name = "local"
|
|
format = { python = {} }
|
|
}
|
|
|
|
module "registry-remote" {
|
|
source = "./fabric/modules/artifact-registry"
|
|
project_id = var.project_id
|
|
location = "europe-west1"
|
|
name = "remote"
|
|
format = { python = {} }
|
|
mode = { remote = true }
|
|
}
|
|
|
|
module "registry-virtual" {
|
|
source = "./fabric/modules/artifact-registry"
|
|
project_id = var.project_id
|
|
location = "europe-west1"
|
|
name = "virtual"
|
|
format = { python = {} }
|
|
mode = {
|
|
virtual = {
|
|
remote = {
|
|
repository = module.registry-remote.id
|
|
priority = 1
|
|
}
|
|
local = {
|
|
repository = module.registry-local.id
|
|
priority = 10
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
# tftest modules=3 resources=3 inventory=remote-virtual.yaml
|
|
```
|
|
|
|
## Additional Docker and Maven Options
|
|
|
|
```hcl
|
|
|
|
module "registry-docker" {
|
|
source = "./fabric/modules/artifact-registry"
|
|
project_id = var.project_id
|
|
location = "europe-west1"
|
|
name = "docker"
|
|
format = {
|
|
docker = {
|
|
immutable_tags = true
|
|
}
|
|
}
|
|
}
|
|
|
|
module "registry-maven" {
|
|
source = "./fabric/modules/artifact-registry"
|
|
project_id = var.project_id
|
|
location = "europe-west1"
|
|
name = "maven"
|
|
format = {
|
|
maven = {
|
|
allow_snapshot_overwrites = true
|
|
version_policy = "RELEASE"
|
|
}
|
|
}
|
|
}
|
|
|
|
# tftest modules=2 resources=2
|
|
```
|
|
|
|
## Cleanup Policies
|
|
|
|
```hcl
|
|
|
|
module "registry-docker" {
|
|
source = "./fabric/modules/artifact-registry"
|
|
project_id = var.project_id
|
|
location = "europe-west1"
|
|
name = "docker-cleanup-policies"
|
|
format = { docker = {} }
|
|
cleanup_policy_dry_run = false
|
|
cleanup_policies = {
|
|
keep-5-versions = {
|
|
action = "KEEP"
|
|
most_recent_versions = {
|
|
package_name_prefixes = ["test"]
|
|
keep_count = 5
|
|
}
|
|
}
|
|
keep-tagged-release = {
|
|
action = "KEEP"
|
|
condition = {
|
|
tag_state = "TAGGED"
|
|
tag_prefixes = ["release"]
|
|
package_name_prefixes = ["webapp", "mobile"]
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
# tftest modules=1 resources=1 inventory=cleanup-policies.yaml
|
|
```
|
|
<!-- BEGIN TFDOC -->
|
|
## Variables
|
|
|
|
| name | description | type | required | default |
|
|
|---|---|:---:|:---:|:---:|
|
|
| [cleanup_policies](variables.tf#L17) | Object containing details about the cleanup policies for an Artifact Registry repository. | <code title="map(object({ action = string condition = optional(object({ tag_state = optional(string) tag_prefixes = optional(list(string)) older_than = optional(string) newer_than = optional(string) package_name_prefixes = optional(list(string)) version_name_prefixes = optional(list(string)) })) most_recent_versions = optional(object({ package_name_prefixes = optional(list(string)) keep_count = optional(number) })) })) default = null">map(object({…default = null</code> | ✓ | |
|
|
| [location](variables.tf#L95) | Registry location. Use `gcloud beta artifacts locations list' to get valid values. | <code>string</code> | ✓ | |
|
|
| [name](variables.tf#L120) | Registry name. | <code>string</code> | ✓ | |
|
|
| [project_id](variables.tf#L125) | Registry project id. | <code>string</code> | ✓ | |
|
|
| [cleanup_policy_dry_run](variables.tf#L38) | If true, the cleanup pipeline is prevented from deleting versions in this repository. | <code>bool</code> | | <code>null</code> |
|
|
| [description](variables.tf#L44) | An optional description for the repository. | <code>string</code> | | <code>"Terraform-managed registry"</code> |
|
|
| [encryption_key](variables.tf#L50) | The KMS key name to use for encryption at rest. | <code>string</code> | | <code>null</code> |
|
|
| [format](variables.tf#L56) | Repository format. | <code title="object({ apt = optional(object({})) docker = optional(object({ immutable_tags = optional(bool) })) kfp = optional(object({})) go = optional(object({})) maven = optional(object({ allow_snapshot_overwrites = optional(bool) version_policy = optional(string) })) npm = optional(object({})) python = optional(object({})) yum = optional(object({})) })">object({…})</code> | | <code>{ docker = {} }</code> |
|
|
| [iam](variables.tf#L83) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> |
|
|
| [labels](variables.tf#L89) | Labels to be attached to the registry. | <code>map(string)</code> | | <code>{}</code> |
|
|
| [mode](variables.tf#L100) | Repository mode. | <code title="object({ standard = optional(bool) remote = optional(bool) virtual = optional(map(object({ repository = string priority = number }))) })">object({…})</code> | | <code>{ standard = true }</code> |
|
|
|
|
## Outputs
|
|
|
|
| name | description | sensitive |
|
|
|---|---|:---:|
|
|
| [id](outputs.tf#L17) | Fully qualified repository id. | |
|
|
| [image_path](outputs.tf#L22) | Repository path for images. | |
|
|
| [name](outputs.tf#L32) | Repository name. | |
|
|
<!-- END TFDOC -->
|