Skip to content

Commit

Permalink
Update modules/artifact-registry with newly-released features.
Browse files Browse the repository at this point in the history
Fixes #2377
  • Loading branch information
juliocc committed Jun 28, 2024
1 parent 198fa01 commit 95785b2
Show file tree
Hide file tree
Showing 10 changed files with 456 additions and 93 deletions.
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright 2023 Google LLC
# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -155,6 +155,7 @@ module "orch-artifact-reg" {
name = "${var.prefix}-app-images"
location = var.region
description = "Docker repository storing application images e.g. Dataflow, Cloud Run etc..."
format = { docker = { standard = {} } }
}

module "orch-cs-df-template" {
Expand Down
3 changes: 2 additions & 1 deletion blueprints/data-solutions/vertex-mlops/ci-cd.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/**
* Copyright 2022 Google LLC
* Copyright 2024 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -43,6 +43,7 @@ module "artifact_registry" {
name = "docker-repo"
project_id = module.project.project_id
location = var.region
format = { docker = { standard = {} } }
}

module "service-account-github" {
Expand Down
3 changes: 2 additions & 1 deletion blueprints/gke/autopilot/main.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/**
* Copyright 2023 Google LLC
* Copyright 2024 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -59,6 +59,7 @@ module "docker_artifact_registry" {
project_id = module.project.project_id
location = var.region
name = "registry"
format = { docker = { standard = {} } }
iam = {
"roles/artifactregistry.reader" = [module.node_sa.iam_email]
}
Expand Down
3 changes: 2 additions & 1 deletion blueprints/gke/binauthz/main.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/**
* Copyright 2023 Google LLC
* Copyright 2024 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -170,6 +170,7 @@ module "docker_artifact_registry" {
project_id = module.project.project_id
location = var.region
name = "${var.prefix}-registry"
format = { docker = { standard = {} } }
iam = {
"roles/artifactregistry.writer" = [module.image_cb_sa.iam_email]
"roles/artifactregistry.reader" = [module.cluster_nodepool.service_account_iam_email]
Expand Down
3 changes: 1 addition & 2 deletions blueprints/gke/patterns/autopilot-cluster/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -154,8 +154,7 @@ module "registry" {
project_id = module.project.project_id
location = var.region
name = var.prefix
format = { docker = {} }
mode = { remote = true }
format = { docker = { remote = { public_repository = "DOCKER_HUB" } } }
}

module "nat" {
Expand Down
136 changes: 105 additions & 31 deletions modules/artifact-registry/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,22 +3,24 @@
This module simplifies the creation of repositories using Google Cloud Artifact Registry.

<!-- BEGIN TOC -->
- [Standard Repository](#standard-repository)
- [Simple Docker Repository](#simple-docker-repository)
- [Remote and Virtual Repositories](#remote-and-virtual-repositories)
- [Additional Docker and Maven Options](#additional-docker-and-maven-options)
- [Other Formats](#other-formats)
- [Cleanup Policies](#cleanup-policies)
- [Variables](#variables)
- [Outputs](#outputs)
<!-- END TOC -->

## Standard Repository
## Simple Docker Repository

```hcl
module "docker_artifact_registry" {
source = "./fabric/modules/artifact-registry"
project_id = "myproject"
location = "europe-west1"
name = "myregistry"
format = { docker = { standard = {} } }
iam = {
"roles/artifactregistry.admin" = ["group:[email protected]"]
}
Expand All @@ -35,33 +37,43 @@ module "registry-local" {
project_id = var.project_id
location = "europe-west1"
name = "local"
format = { python = {} }
format = {
python = {
standard = true
}
}
}
module "registry-remote" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = "europe-west1"
name = "remote"
format = { python = {} }
mode = { remote = true }
format = {
python = {
remote = {
public_repository = "PYPI"
}
}
}
}
module "registry-virtual" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = "europe-west1"
name = "virtual"
format = { python = {} }
mode = {
virtual = {
remote = {
repository = module.registry-remote.id
priority = 1
}
local = {
repository = module.registry-local.id
priority = 10
format = {
python = {
virtual = {
remote = {
repository = module.registry-remote.id
priority = 1
}
local = {
repository = module.registry-local.id
priority = 10
}
}
}
}
Expand All @@ -81,7 +93,9 @@ module "registry-docker" {
name = "docker"
format = {
docker = {
immutable_tags = true
standard = {
immutable_tags = true
}
}
}
}
Expand All @@ -93,25 +107,88 @@ module "registry-maven" {
name = "maven"
format = {
maven = {
allow_snapshot_overwrites = true
version_policy = "RELEASE"
standard = {
allow_snapshot_overwrites = true
version_policy = "RELEASE"
}
}
}
}
# tftest modules=2 resources=2
```

## Cleanup Policies
## Other Formats

```hcl
module "apt-registry" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = var.region
name = "apt-registry"
format = { apt = { standard = true } }
}
module "generic-registry" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = var.region
name = "generic-registry"
format = { generic = { standard = true } }
}
module "go-registry" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = var.region
name = "go-registry"
format = { go = { standard = true } }
}
module "googet-registry" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = var.region
name = "googet-registry"
format = { googet = { standard = true } }
}
module "kfp-registry" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = var.region
name = "kfp-registry"
format = { kfp = { standard = true } }
}
module "npm-registry" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = var.region
name = "npm-registry"
format = { npm = { standard = true } }
}
module "yum-registry" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = var.region
name = "yum-registry"
format = { yum = { standard = true } }
}
# tftest modules=7 resources=7 inventory=other-formats.yaml
```

## Cleanup Policies

```hcl
module "registry-docker" {
source = "./fabric/modules/artifact-registry"
project_id = var.project_id
location = "europe-west1"
name = "docker-cleanup-policies"
format = { docker = {} }
format = { docker = { standard = {} } }
cleanup_policy_dry_run = false
cleanup_policies = {
keep-5-versions = {
Expand All @@ -131,8 +208,6 @@ module "registry-docker" {
}
}
}
# tftest modules=1 resources=1 inventory=cleanup-policies.yaml
```
<!-- BEGIN TFDOC -->
Expand All @@ -141,22 +216,21 @@ module "registry-docker" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [cleanup_policies](variables.tf#L17) | Object containing details about the cleanup policies for an Artifact Registry repository. | <code title="map&#40;object&#40;&#123;&#10; action &#61; string&#10; condition &#61; optional&#40;object&#40;&#123;&#10; tag_state &#61; optional&#40;string&#41;&#10; tag_prefixes &#61; optional&#40;list&#40;string&#41;&#41;&#10; older_than &#61; optional&#40;string&#41;&#10; newer_than &#61; optional&#40;string&#41;&#10; package_name_prefixes &#61; optional&#40;list&#40;string&#41;&#41;&#10; version_name_prefixes &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10; most_recent_versions &#61; optional&#40;object&#40;&#123;&#10; package_name_prefixes &#61; optional&#40;list&#40;string&#41;&#41;&#10; keep_count &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;&#41;&#10;&#10;&#10;default &#61; null">map&#40;object&#40;&#123;&#8230;default &#61; null</code> | ✓ | |
| [location](variables.tf#L95) | Registry location. Use `gcloud beta artifacts locations list' to get valid values. | <code>string</code> || |
| [name](variables.tf#L120) | Registry name. | <code>string</code> || |
| [project_id](variables.tf#L125) | Registry project id. | <code>string</code> || |
| [format](variables.tf#L56) | Repository format. | <code title="object&#40;&#123;&#10; apt &#61; optional&#40;object&#40;&#123;&#10; remote &#61; optional&#40;object&#40;&#123;&#10; public_repository &#61; string &#35; &#34;BASE path&#34;&#10;&#10;&#10; disable_upstream_validation &#61; optional&#40;bool&#41;&#10; upstream_credentials &#61; optional&#40;object&#40;&#123;&#10; username &#61; string&#10; password_secret_version &#61; string&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; standard &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; docker &#61; optional&#40;object&#40;&#123;&#10; remote &#61; optional&#40;object&#40;&#123;&#10; public_repository &#61; optional&#40;string&#41;&#10; custom_repository &#61; optional&#40;string&#41;&#10;&#10;&#10; disable_upstream_validation &#61; optional&#40;bool&#41;&#10; upstream_credentials &#61; optional&#40;object&#40;&#123;&#10; username &#61; string&#10; password_secret_version &#61; string&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; standard &#61; optional&#40;object&#40;&#123;&#10; immutable_tags &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; virtual &#61; optional&#40;map&#40;object&#40;&#123;&#10; repository &#61; string&#10; priority &#61; number&#10; &#125;&#41;&#41;&#41;&#10; &#125;&#41;&#41;&#10; kfp &#61; optional&#40;object&#40;&#123;&#10; standard &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; generic &#61; optional&#40;object&#40;&#123;&#10; standard &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; go &#61; optional&#40;object&#40;&#123;&#10; standard &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; googet &#61; optional&#40;object&#40;&#123;&#10; standard &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; maven &#61; optional&#40;object&#40;&#123;&#10; remote &#61; optional&#40;object&#40;&#123;&#10; public_repository &#61; optional&#40;string&#41;&#10; custom_repository &#61; optional&#40;string&#41;&#10;&#10;&#10; disable_upstream_validation &#61; optional&#40;bool&#41;&#10; upstream_credentials &#61; optional&#40;object&#40;&#123;&#10; username &#61; string&#10; password_secret_version &#61; string&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; standard &#61; optional&#40;object&#40;&#123;&#10; allow_snapshot_overwrites &#61; optional&#40;bool&#41;&#10; version_policy &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; virtual &#61; optional&#40;map&#40;object&#40;&#123;&#10; repository &#61; string&#10; priority &#61; number&#10; &#125;&#41;&#41;&#41;&#10; &#125;&#41;&#41;&#10; npm &#61; optional&#40;object&#40;&#123;&#10; remote &#61; optional&#40;object&#40;&#123;&#10; public_repository &#61; optional&#40;string&#41;&#10; custom_repository &#61; optional&#40;string&#41;&#10;&#10;&#10; disable_upstream_validation &#61; optional&#40;bool&#41;&#10; upstream_credentials &#61; optional&#40;object&#40;&#123;&#10; username &#61; string&#10; password_secret_version &#61; string&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; standard &#61; optional&#40;bool&#41;&#10; virtual &#61; optional&#40;map&#40;object&#40;&#123;&#10; repository &#61; string&#10; priority &#61; number&#10; &#125;&#41;&#41;&#41;&#10; &#125;&#41;&#41;&#10; python &#61; optional&#40;object&#40;&#123;&#10; remote &#61; optional&#40;object&#40;&#123;&#10; public_repository &#61; optional&#40;string&#41;&#10; custom_repository &#61; optional&#40;string&#41;&#10;&#10;&#10; disable_upstream_validation &#61; optional&#40;bool&#41;&#10; upstream_credentials &#61; optional&#40;object&#40;&#123;&#10; username &#61; string&#10; password_secret_version &#61; string&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; standard &#61; optional&#40;bool&#41;&#10; virtual &#61; optional&#40;map&#40;object&#40;&#123;&#10; repository &#61; string&#10; priority &#61; number&#10; &#125;&#41;&#41;&#41;&#10; &#125;&#41;&#41;&#10; yum &#61; optional&#40;object&#40;&#123;&#10; remote &#61; optional&#40;object&#40;&#123;&#10; public_repository &#61; string &#35; &#34;BASE path&#34;&#10;&#10;&#10; disable_upstream_validation &#61; optional&#40;bool&#41;&#10; upstream_credentials &#61; optional&#40;object&#40;&#123;&#10; username &#61; string&#10; password_secret_version &#61; string&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; standard &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [location](variables.tf#L208) | Registry location. Use `gcloud beta artifacts locations list' to get valid values. | <code>string</code> || |
| [name](variables.tf#L213) | Registry name. | <code>string</code> || |
| [project_id](variables.tf#L218) | Registry project id. | <code>string</code> || |
| [cleanup_policy_dry_run](variables.tf#L38) | If true, the cleanup pipeline is prevented from deleting versions in this repository. | <code>bool</code> | | <code>null</code> |
| [description](variables.tf#L44) | An optional description for the repository. | <code>string</code> | | <code>&#34;Terraform-managed registry&#34;</code> |
| [encryption_key](variables.tf#L50) | The KMS key name to use for encryption at rest. | <code>string</code> | | <code>null</code> |
| [format](variables.tf#L56) | Repository format. | <code title="object&#40;&#123;&#10; apt &#61; optional&#40;object&#40;&#123;&#125;&#41;&#41;&#10; docker &#61; optional&#40;object&#40;&#123;&#10; immutable_tags &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; kfp &#61; optional&#40;object&#40;&#123;&#125;&#41;&#41;&#10; go &#61; optional&#40;object&#40;&#123;&#125;&#41;&#41;&#10; maven &#61; optional&#40;object&#40;&#123;&#10; allow_snapshot_overwrites &#61; optional&#40;bool&#41;&#10; version_policy &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; npm &#61; optional&#40;object&#40;&#123;&#125;&#41;&#41;&#10; python &#61; optional&#40;object&#40;&#123;&#125;&#41;&#41;&#10; yum &#61; optional&#40;object&#40;&#123;&#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123; docker &#61; &#123;&#125; &#125;</code> |
| [iam](variables.tf#L83) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [labels](variables.tf#L89) | Labels to be attached to the registry. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [mode](variables.tf#L100) | Repository mode. | <code title="object&#40;&#123;&#10; standard &#61; optional&#40;bool&#41;&#10; remote &#61; optional&#40;bool&#41;&#10; virtual &#61; optional&#40;map&#40;object&#40;&#123;&#10; repository &#61; string&#10; priority &#61; number&#10; &#125;&#41;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123; standard &#61; true &#125;</code> |
| [iam](variables.tf#L196) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [labels](variables.tf#L202) | Labels to be attached to the registry. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |

## Outputs

| name | description | sensitive |
|---|---|:---:|
| [id](outputs.tf#L17) | Fully qualified repository id. | |
| [image_path](outputs.tf#L22) | Repository path for images. | |
| [name](outputs.tf#L32) | Repository name. | |
| [name](outputs.tf#L22) | Repository name. | |
| [repository](outputs.tf#L27) | Repository object. | |
<!-- END TFDOC -->
Loading

0 comments on commit 95785b2

Please sign in to comment.