google_artifact_registry_repository

A repository for storing artifacts

To get more information about Repository, see:

Open in Cloud Shell

Example Usage - Artifact Registry Repository Basic

resource "google_artifact_registry_repository" "my-repo" {
  location      = "us-central1"
  repository_id = "my-repository"
  description   = "example docker repository"
  format        = "DOCKER"
}
Open in Cloud Shell

Example Usage - Artifact Registry Repository Docker

resource "google_artifact_registry_repository" "my-repo" {
  location      = "us-central1"
  repository_id = "my-repository"
  description   = "example docker repository"
  format        = "DOCKER"

  docker_config {
    immutable_tags = true
  }
}
Open in Cloud Shell

Example Usage - Artifact Registry Repository Cmek

resource "google_artifact_registry_repository" "my-repo" {
  location      = "us-central1"
  repository_id = "my-repository"
  description   = "example docker repository with cmek"
  format        = "DOCKER"
  kms_key_name  = "kms-key"
  depends_on = [
    google_kms_crypto_key_iam_member.crypto_key
  ]
}

resource "google_kms_crypto_key_iam_member" "crypto_key" {
  crypto_key_id = "kms-key"
  role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
  member        = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com"
}

data "google_project" "project" {}
Open in Cloud Shell

Example Usage - Artifact Registry Repository Virtual

resource "google_artifact_registry_repository" "my-repo-upstream-1" {
  location      = "us-central1"
  repository_id = "my-repository-upstream-1"
  description   = "example docker repository (upstream source) 1"
  format        = "DOCKER"
}

resource "google_artifact_registry_repository" "my-repo-upstream-2" {
  location      = "us-central1"
  repository_id = "my-repository-upstream-2"
  description   = "example docker repository (upstream source) 2"
  format        = "DOCKER"
}

resource "google_artifact_registry_repository" "my-repo" {
  depends_on    = []
  location      = "us-central1"
  repository_id = "my-repository"
  description   = "example virtual docker repository"
  format        = "DOCKER"
  mode          = "VIRTUAL_REPOSITORY"
  virtual_repository_config {
    upstream_policies {
      id          = "my-repository-upstream-1"
      repository  = google_artifact_registry_repository.my-repo-upstream-1.id
      priority    = 20
    }
    upstream_policies {
      id          = "my-repository-upstream-2"
      repository  = google_artifact_registry_repository.my-repo-upstream-2.id
      priority    = 10
    }
  }
}
Open in Cloud Shell

Example Usage - Artifact Registry Repository Remote

resource "google_artifact_registry_repository" "my-repo" {
  location      = "us-central1"
  repository_id = "my-repository"
  description   = "example remote docker repository"
  format        = "DOCKER"
  mode          = "REMOTE_REPOSITORY"
  remote_repository_config {
    description = "docker hub"
    docker_repository {
      public_repository = "DOCKER_HUB"
    }
  }
}
Open in Cloud Shell

Example Usage - Artifact Registry Repository Remote Apt

resource "google_artifact_registry_repository" "my-repo" {
  location      = "us-central1"
  repository_id = "debian-buster"
  description   = "example remote apt repository"
  format        = "APT"
  mode          = "REMOTE_REPOSITORY"
  remote_repository_config {
    description = "Debian buster remote repository"
    apt_repository {
      public_repository {
        repository_base = "DEBIAN"
        repository_path = "debian/dists/buster"
      }
    }
  }
}
Open in Cloud Shell

Example Usage - Artifact Registry Repository Remote Yum

resource "google_artifact_registry_repository" "my-repo" {
  location      = "us-central1"
  repository_id = "centos-8"
  description   = "example remote yum repository"
  format        = "YUM"
  mode          = "REMOTE_REPOSITORY"
  remote_repository_config {
    description = "Centos 8 remote repository"
    yum_repository {
      public_repository {
        repository_base = "CENTOS"
        repository_path = "centos/8-stream/BaseOS/x86_64/os"
      }
    }
  }
}
Open in Cloud Shell

Example Usage - Artifact Registry Repository Cleanup

resource "google_artifact_registry_repository" "my-repo" {
  location      = "us-central1"
  repository_id = "my-repository"
  description   = "example docker repository with cleanup policies"
  format        = "DOCKER"
  cleanup_policy_dry_run = false
  cleanup_policies {
    id     = "delete-prerelease"
    action = "DELETE"
    condition {
      tag_state    = "TAGGED"
      tag_prefixes = ["alpha", "v0"]
      older_than   = "2592000s"
    }
  }
  cleanup_policies {
    id     = "keep-tagged-release"
    action = "KEEP"
    condition {
      tag_state             = "TAGGED"
      tag_prefixes          = ["release"]
      package_name_prefixes = ["webapp", "mobile"]
    }
  }
  cleanup_policies {
    id     = "keep-minimum-versions"
    action = "KEEP"
    most_recent_versions {
      package_name_prefixes = ["webapp", "mobile", "sandbox"]
      keep_count            = 5
    }
  }
}
Open in Cloud Shell

Example Usage - Artifact Registry Repository Remote Dockerhub Auth

data "google_project" "project" {}

resource "google_secret_manager_secret" "example-remote-secret" {
  secret_id = "example-secret"
  replication {
    auto {}
  }
}

resource "google_secret_manager_secret_version" "example-remote-secret_version" {
  secret = google_secret_manager_secret.example-remote-secret.id
  secret_data = "remote-password"
}

resource "google_secret_manager_secret_iam_member" "secret-access" {
  secret_id = google_secret_manager_secret.example-remote-secret.id
  role      = "roles/secretmanager.secretAccessor"
  member    = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com"
}

resource "google_artifact_registry_repository" "my-repo" {
  location      = "us-central1"
  repository_id = "example-dockerhub-remote"
  description   = "example remote dockerhub repository with credentials"
  format        = "DOCKER"
  mode          = "REMOTE_REPOSITORY"
  remote_repository_config {
    description = "docker hub with custom credentials"
    disable_upstream_validation = true
    docker_repository {
      public_repository = "DOCKER_HUB"
    }
    upstream_credentials {
      username_password_credentials {
        username = "remote-username"
        password_secret_version = google_secret_manager_secret_version.example-remote-secret_version.name
      }
    }
  }
}
Open in Cloud Shell

Example Usage - Artifact Registry Repository Remote Docker Custom With Auth

data "google_project" "project" {}

resource "google_secret_manager_secret" "example-remote-secret" {
  secret_id = "example-secret"
  replication {
    auto {}
  }
}

resource "google_secret_manager_secret_version" "example-remote-secret_version" {
  secret = google_secret_manager_secret.example-remote-secret.id
  secret_data = "remote-password"
}

resource "google_secret_manager_secret_iam_member" "secret-access" {
  secret_id = google_secret_manager_secret.example-remote-secret.id
  role      = "roles/secretmanager.secretAccessor"
  member    = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com"
}

resource "google_artifact_registry_repository" "my-repo" {
  location      = "us-central1"
  repository_id = "example-docker-custom-remote"
  description   = "example remote custom docker repository with credentials"
  format        = "DOCKER"
  mode          = "REMOTE_REPOSITORY"
  remote_repository_config {
    description = "custom docker remote with credentials"
    disable_upstream_validation = true
    docker_repository {
      custom_repository {
        uri = "https://registry-1.docker.io"
      }
    }
    upstream_credentials {
      username_password_credentials {
        username = "remote-username"
        password_secret_version = google_secret_manager_secret_version.example-remote-secret_version.name
      }
    }
  }
}
Open in Cloud Shell

Example Usage - Artifact Registry Repository Remote Maven Custom With Auth

data "google_project" "project" {}

resource "google_secret_manager_secret" "example-remote-secret" {
  secret_id = "example-secret"
  replication {
    auto {}
  }
}

resource "google_secret_manager_secret_version" "example-remote-secret_version" {
  secret = google_secret_manager_secret.example-remote-secret.id
  secret_data = "remote-password"
}

resource "google_secret_manager_secret_iam_member" "secret-access" {
  secret_id = google_secret_manager_secret.example-remote-secret.id
  role      = "roles/secretmanager.secretAccessor"
  member    = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com"
}

resource "google_artifact_registry_repository" "my-repo" {
  location      = "us-central1"
  repository_id = "example-maven-custom-remote"
  description   = "example remote custom maven repository with credentials"
  format        = "MAVEN"
  mode          = "REMOTE_REPOSITORY"
  remote_repository_config {
    description = "custom maven remote with credentials"
    disable_upstream_validation = true
    maven_repository {
      custom_repository {
        uri = "https://my.maven.registry"
      }
    }
    upstream_credentials {
      username_password_credentials {
        username = "remote-username"
        password_secret_version = google_secret_manager_secret_version.example-remote-secret_version.name
      }
    }
  }
}
Open in Cloud Shell

Example Usage - Artifact Registry Repository Remote Npm Custom With Auth

data "google_project" "project" {}

resource "google_secret_manager_secret" "example-remote-secret" {
  secret_id = "example-secret"
  replication {
    auto {}
  }
}

resource "google_secret_manager_secret_version" "example-remote-secret_version" {
  secret = google_secret_manager_secret.example-remote-secret.id
  secret_data = "remote-password"
}

resource "google_secret_manager_secret_iam_member" "secret-access" {
  secret_id = google_secret_manager_secret.example-remote-secret.id
  role      = "roles/secretmanager.secretAccessor"
  member    = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com"
}

resource "google_artifact_registry_repository" "my-repo" {
  location      = "us-central1"
  repository_id = "example-npm-custom-remote"
  description   = "example remote custom npm repository with credentials"
  format        = "NPM"
  mode          = "REMOTE_REPOSITORY"
  remote_repository_config {
    description = "custom npm with credentials"
    disable_upstream_validation = true
    npm_repository {
      custom_repository {
        uri = "https://my.npm.registry"
      }
    }
    upstream_credentials {
      username_password_credentials {
        username = "remote-username"
        password_secret_version = google_secret_manager_secret_version.example-remote-secret_version.name
      }
    }
  }
}
Open in Cloud Shell

Example Usage - Artifact Registry Repository Remote Python Custom With Auth

data "google_project" "project" {}

resource "google_secret_manager_secret" "example-remote-secret" {
  secret_id = "example-secret"
  replication {
    auto {}
  }
}

resource "google_secret_manager_secret_version" "example-remote-secret_version" {
  secret = google_secret_manager_secret.example-remote-secret.id
  secret_data = "remote-password"
}

resource "google_secret_manager_secret_iam_member" "secret-access" {
  secret_id = google_secret_manager_secret.example-remote-secret.id
  role      = "roles/secretmanager.secretAccessor"
  member    = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com"
}

resource "google_artifact_registry_repository" "my-repo" {
  location      = "us-central1"
  repository_id = "example-python-custom-remote"
  description   = "example remote custom python repository with credentials"
  format        = "PYTHON"
  mode          = "REMOTE_REPOSITORY"
  remote_repository_config {
    description = "custom npm with credentials"
    disable_upstream_validation = true
    python_repository {
      custom_repository {
        uri = "https://my.python.registry"
      }
    }
    upstream_credentials {
      username_password_credentials {
        username = "remote-username"
        password_secret_version = google_secret_manager_secret_version.example-remote-secret_version.name
      }
    }
  }
}

Argument Reference

The following arguments are supported:


The docker_config block supports:

The maven_config block supports:

The virtual_repository_config block supports:

The upstream_policies block supports:

The cleanup_policies block supports:

The condition block supports:

The most_recent_versions block supports:

The remote_repository_config block supports:

The apt_repository block supports:

The public_repository block supports:

The docker_repository block supports:

The custom_repository block supports:

The maven_repository block supports:

The custom_repository block supports:

The npm_repository block supports:

The custom_repository block supports:

The python_repository block supports:

The custom_repository block supports:

The yum_repository block supports:

The public_repository block supports:

The upstream_credentials block supports:

The username_password_credentials block supports:

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

Repository can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import Repository using one of the formats above. For example:

import {
  id = "projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}"
  to = google_artifact_registry_repository.default
}

When using the terraform import command, Repository can be imported using one of the formats above. For example:

$ terraform import google_artifact_registry_repository.default projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}
$ terraform import google_artifact_registry_repository.default {{project}}/{{location}}/{{repository_id}}
$ terraform import google_artifact_registry_repository.default {{location}}/{{repository_id}}
$ terraform import google_artifact_registry_repository.default {{repository_id}}

User Project Overrides

This resource supports User Project Overrides.