main.tf (195 lines of code) (raw):
/**
* Copyright 2021 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
resource "google_artifact_registry_repository" "repo" {
provider = google-beta
repository_id = var.repository_id
location = var.location
format = var.format
project = var.project_id
mode = var.mode
description = var.description
labels = var.labels
kms_key_name = var.kms_key_name
dynamic "docker_config" {
for_each = var.docker_config[*]
content {
immutable_tags = docker_config.value.immutable_tags
}
}
dynamic "maven_config" {
for_each = var.maven_config[*]
content {
allow_snapshot_overwrites = maven_config.value.allow_snapshot_overwrites
version_policy = maven_config.value.version_policy
}
}
dynamic "virtual_repository_config" {
for_each = var.virtual_repository_config[*]
content {
dynamic "upstream_policies" {
for_each = virtual_repository_config.value.upstream_policies[*]
content {
id = upstream_policies.value.id
repository = upstream_policies.value.repository
priority = upstream_policies.value.priority
}
}
}
}
dynamic "remote_repository_config" {
for_each = var.remote_repository_config[*]
content {
description = remote_repository_config.value.description
disable_upstream_validation = remote_repository_config.value.disable_upstream_validation
dynamic "upstream_credentials" {
for_each = remote_repository_config.value.upstream_credentials[*]
content {
username_password_credentials {
username = upstream_credentials.value.username
password_secret_version = upstream_credentials.value.password_secret_version
}
}
}
dynamic "apt_repository" {
for_each = remote_repository_config.value.apt_repository[*]
content {
dynamic "public_repository" {
for_each = apt_repository.value.public_repository[*]
content {
repository_base = public_repository.value.repository_base
repository_path = public_repository.value.repository_path
}
}
}
}
dynamic "docker_repository" {
for_each = remote_repository_config.value.docker_repository[*]
content {
public_repository = docker_repository.value.public_repository
dynamic "custom_repository" {
for_each = docker_repository.value.custom_repository[*]
content {
uri = custom_repository.value.uri
}
}
}
}
dynamic "maven_repository" {
for_each = remote_repository_config.value.maven_repository[*]
content {
public_repository = maven_repository.value.public_repository
dynamic "custom_repository" {
for_each = maven_repository.value.custom_repository[*]
content {
uri = custom_repository.value.uri
}
}
}
}
dynamic "npm_repository" {
for_each = remote_repository_config.value.npm_repository[*]
content {
public_repository = npm_repository.value.public_repository
dynamic "custom_repository" {
for_each = npm_repository.value.custom_repository[*]
content {
uri = custom_repository.value.uri
}
}
}
}
dynamic "python_repository" {
for_each = remote_repository_config.value.python_repository[*]
content {
public_repository = python_repository.value.public_repository
dynamic "custom_repository" {
for_each = python_repository.value.custom_repository[*]
content {
uri = custom_repository.value.uri
}
}
}
}
dynamic "yum_repository" {
for_each = remote_repository_config.value.yum_repository[*]
content {
dynamic "public_repository" {
for_each = yum_repository.value.public_repository[*]
content {
repository_base = public_repository.value.repository_base
repository_path = public_repository.value.repository_path
}
}
}
}
}
}
cleanup_policy_dry_run = var.cleanup_policy_dry_run
dynamic "cleanup_policies" {
for_each = var.cleanup_policies
content {
id = cleanup_policies.key
action = cleanup_policies.value.action
dynamic "condition" {
for_each = cleanup_policies.value.condition[*]
content {
tag_state = condition.value.tag_state
tag_prefixes = condition.value.tag_prefixes
older_than = condition.value.older_than
newer_than = condition.value.newer_than
version_name_prefixes = condition.value.version_name_prefixes
package_name_prefixes = condition.value.package_name_prefixes
}
}
dynamic "most_recent_versions" {
for_each = cleanup_policies.value.most_recent_versions[*]
content {
keep_count = most_recent_versions.value.keep_count
package_name_prefixes = most_recent_versions.value.package_name_prefixes
}
}
}
}
}
resource "google_artifact_registry_vpcsc_config" "repo_vpc_sc" {
count = var.enable_vpcsc_policy ? 1 : 0
provider = google-beta
vpcsc_policy = var.vpcsc_policy
location = google_artifact_registry_repository.repo.location
project = google_artifact_registry_repository.repo.project
}
resource "google_artifact_registry_repository_iam_member" "readers" {
for_each = toset(contains(keys(var.members), "readers") ? var.members["readers"] : [])
project = google_artifact_registry_repository.repo.project
location = google_artifact_registry_repository.repo.location
repository = google_artifact_registry_repository.repo.name
role = "roles/artifactregistry.reader"
member = each.value
depends_on = [
google_artifact_registry_repository.repo
]
}
resource "google_artifact_registry_repository_iam_member" "writers" {
for_each = toset(contains(keys(var.members), "writers") ? var.members["writers"] : [])
project = google_artifact_registry_repository.repo.project
location = google_artifact_registry_repository.repo.location
repository = google_artifact_registry_repository.repo.name
role = "roles/artifactregistry.writer"
member = each.value
depends_on = [
google_artifact_registry_repository.repo
]
}