A repository for storing artifacts
To get more information about Repository, see:
resource "google_artifact_registry_repository" "my-repo" {
location = "us-central1"
repository_id = "my-repository"
description = "example docker repository"
format = "DOCKER"
}
resource "google_artifact_registry_repository" "my-repo" {
location = "us-central1"
repository_id = "my-repository"
description = "example docker repository"
format = "DOCKER"
docker_config {
immutable_tags = true
}
}
resource "google_artifact_registry_repository" "my-repo" {
location = "us-central1"
repository_id = "my-repository"
description = "example docker repository with cmek"
format = "DOCKER"
kms_key_name = "kms-key"
depends_on = [
google_kms_crypto_key_iam_member.crypto_key
]
}
resource "google_kms_crypto_key_iam_member" "crypto_key" {
crypto_key_id = "kms-key"
role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com"
}
data "google_project" "project" {}
resource "google_artifact_registry_repository" "my-repo-upstream-1" {
location = "us-central1"
repository_id = "my-repository-upstream-1"
description = "example docker repository (upstream source) 1"
format = "DOCKER"
}
resource "google_artifact_registry_repository" "my-repo-upstream-2" {
location = "us-central1"
repository_id = "my-repository-upstream-2"
description = "example docker repository (upstream source) 2"
format = "DOCKER"
}
resource "google_artifact_registry_repository" "my-repo" {
depends_on = []
location = "us-central1"
repository_id = "my-repository"
description = "example virtual docker repository"
format = "DOCKER"
mode = "VIRTUAL_REPOSITORY"
virtual_repository_config {
upstream_policies {
id = "my-repository-upstream-1"
repository = google_artifact_registry_repository.my-repo-upstream-1.id
priority = 20
}
upstream_policies {
id = "my-repository-upstream-2"
repository = google_artifact_registry_repository.my-repo-upstream-2.id
priority = 10
}
}
}
resource "google_artifact_registry_repository" "my-repo" {
location = "us-central1"
repository_id = "my-repository"
description = "example remote docker repository"
format = "DOCKER"
mode = "REMOTE_REPOSITORY"
remote_repository_config {
description = "docker hub"
docker_repository {
public_repository = "DOCKER_HUB"
}
}
}
resource "google_artifact_registry_repository" "my-repo" {
location = "us-central1"
repository_id = "debian-buster"
description = "example remote apt repository"
format = "APT"
mode = "REMOTE_REPOSITORY"
remote_repository_config {
description = "Debian buster remote repository"
apt_repository {
public_repository {
repository_base = "DEBIAN"
repository_path = "debian/dists/buster"
}
}
}
}
resource "google_artifact_registry_repository" "my-repo" {
location = "us-central1"
repository_id = "centos-8"
description = "example remote yum repository"
format = "YUM"
mode = "REMOTE_REPOSITORY"
remote_repository_config {
description = "Centos 8 remote repository"
yum_repository {
public_repository {
repository_base = "CENTOS"
repository_path = "centos/8-stream/BaseOS/x86_64/os"
}
}
}
}
resource "google_artifact_registry_repository" "my-repo" {
location = "us-central1"
repository_id = "my-repository"
description = "example docker repository with cleanup policies"
format = "DOCKER"
cleanup_policy_dry_run = false
cleanup_policies {
id = "delete-prerelease"
action = "DELETE"
condition {
tag_state = "TAGGED"
tag_prefixes = ["alpha", "v0"]
older_than = "2592000s"
}
}
cleanup_policies {
id = "keep-tagged-release"
action = "KEEP"
condition {
tag_state = "TAGGED"
tag_prefixes = ["release"]
package_name_prefixes = ["webapp", "mobile"]
}
}
cleanup_policies {
id = "keep-minimum-versions"
action = "KEEP"
most_recent_versions {
package_name_prefixes = ["webapp", "mobile", "sandbox"]
keep_count = 5
}
}
}
data "google_project" "project" {}
resource "google_secret_manager_secret" "example-remote-secret" {
secret_id = "example-secret"
replication {
auto {}
}
}
resource "google_secret_manager_secret_version" "example-remote-secret_version" {
secret = google_secret_manager_secret.example-remote-secret.id
secret_data = "remote-password"
}
resource "google_secret_manager_secret_iam_member" "secret-access" {
secret_id = google_secret_manager_secret.example-remote-secret.id
role = "roles/secretmanager.secretAccessor"
member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com"
}
resource "google_artifact_registry_repository" "my-repo" {
location = "us-central1"
repository_id = "example-dockerhub-remote"
description = "example remote dockerhub repository with credentials"
format = "DOCKER"
mode = "REMOTE_REPOSITORY"
remote_repository_config {
description = "docker hub with custom credentials"
disable_upstream_validation = true
docker_repository {
public_repository = "DOCKER_HUB"
}
upstream_credentials {
username_password_credentials {
username = "remote-username"
password_secret_version = google_secret_manager_secret_version.example-remote-secret_version.name
}
}
}
}
data "google_project" "project" {}
resource "google_secret_manager_secret" "example-remote-secret" {
secret_id = "example-secret"
replication {
auto {}
}
}
resource "google_secret_manager_secret_version" "example-remote-secret_version" {
secret = google_secret_manager_secret.example-remote-secret.id
secret_data = "remote-password"
}
resource "google_secret_manager_secret_iam_member" "secret-access" {
secret_id = google_secret_manager_secret.example-remote-secret.id
role = "roles/secretmanager.secretAccessor"
member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com"
}
resource "google_artifact_registry_repository" "my-repo" {
location = "us-central1"
repository_id = "example-docker-custom-remote"
description = "example remote custom docker repository with credentials"
format = "DOCKER"
mode = "REMOTE_REPOSITORY"
remote_repository_config {
description = "custom docker remote with credentials"
disable_upstream_validation = true
docker_repository {
custom_repository {
uri = "https://registry-1.docker.io"
}
}
upstream_credentials {
username_password_credentials {
username = "remote-username"
password_secret_version = google_secret_manager_secret_version.example-remote-secret_version.name
}
}
}
}
data "google_project" "project" {}
resource "google_secret_manager_secret" "example-remote-secret" {
secret_id = "example-secret"
replication {
auto {}
}
}
resource "google_secret_manager_secret_version" "example-remote-secret_version" {
secret = google_secret_manager_secret.example-remote-secret.id
secret_data = "remote-password"
}
resource "google_secret_manager_secret_iam_member" "secret-access" {
secret_id = google_secret_manager_secret.example-remote-secret.id
role = "roles/secretmanager.secretAccessor"
member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com"
}
resource "google_artifact_registry_repository" "my-repo" {
location = "us-central1"
repository_id = "example-maven-custom-remote"
description = "example remote custom maven repository with credentials"
format = "MAVEN"
mode = "REMOTE_REPOSITORY"
remote_repository_config {
description = "custom maven remote with credentials"
disable_upstream_validation = true
maven_repository {
custom_repository {
uri = "https://my.maven.registry"
}
}
upstream_credentials {
username_password_credentials {
username = "remote-username"
password_secret_version = google_secret_manager_secret_version.example-remote-secret_version.name
}
}
}
}
data "google_project" "project" {}
resource "google_secret_manager_secret" "example-remote-secret" {
secret_id = "example-secret"
replication {
auto {}
}
}
resource "google_secret_manager_secret_version" "example-remote-secret_version" {
secret = google_secret_manager_secret.example-remote-secret.id
secret_data = "remote-password"
}
resource "google_secret_manager_secret_iam_member" "secret-access" {
secret_id = google_secret_manager_secret.example-remote-secret.id
role = "roles/secretmanager.secretAccessor"
member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com"
}
resource "google_artifact_registry_repository" "my-repo" {
location = "us-central1"
repository_id = "example-npm-custom-remote"
description = "example remote custom npm repository with credentials"
format = "NPM"
mode = "REMOTE_REPOSITORY"
remote_repository_config {
description = "custom npm with credentials"
disable_upstream_validation = true
npm_repository {
custom_repository {
uri = "https://my.npm.registry"
}
}
upstream_credentials {
username_password_credentials {
username = "remote-username"
password_secret_version = google_secret_manager_secret_version.example-remote-secret_version.name
}
}
}
}
data "google_project" "project" {}
resource "google_secret_manager_secret" "example-remote-secret" {
secret_id = "example-secret"
replication {
auto {}
}
}
resource "google_secret_manager_secret_version" "example-remote-secret_version" {
secret = google_secret_manager_secret.example-remote-secret.id
secret_data = "remote-password"
}
resource "google_secret_manager_secret_iam_member" "secret-access" {
secret_id = google_secret_manager_secret.example-remote-secret.id
role = "roles/secretmanager.secretAccessor"
member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com"
}
resource "google_artifact_registry_repository" "my-repo" {
location = "us-central1"
repository_id = "example-python-custom-remote"
description = "example remote custom python repository with credentials"
format = "PYTHON"
mode = "REMOTE_REPOSITORY"
remote_repository_config {
description = "custom npm with credentials"
disable_upstream_validation = true
python_repository {
custom_repository {
uri = "https://my.python.registry"
}
}
upstream_credentials {
username_password_credentials {
username = "remote-username"
password_secret_version = google_secret_manager_secret_version.example-remote-secret_version.name
}
}
}
}
The following arguments are supported:
repository_id
-
(Required)
The last part of the repository name, for example:
"repo1"
format
-
(Required)
The format of packages that are stored in the repository. Supported formats
can be found here.
You can only create alpha formats if you are a member of the
alpha user group.
location
-
(Optional)
The name of the location this repository is located in.
description
-
(Optional)
The user-provided description of the repository.
labels
-
(Optional)
Labels with user-defined metadata.
This field may contain up to 64 entries. Label keys and values may be no
longer than 63 characters. Label keys must begin with a lowercase letter
and may only contain lowercase letters, numeric characters, underscores,
and dashes.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field effective_labels
for all of the labels present on the resource.
kms_key_name
-
(Optional)
The Cloud KMS resource name of the customer managed encryption key that’s
used to encrypt the contents of the Repository. Has the form:
projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key
.
This value may not be changed after the Repository has been created.
docker_config
-
(Optional)
Docker repository config contains repository level configuration for the repositories of docker type.
Structure is documented below.
maven_config
-
(Optional)
MavenRepositoryConfig is maven related repository details.
Provides additional configuration details for repositories of the maven
format type.
Structure is documented below.
mode
-
(Optional)
The mode configures the repository to serve artifacts from different sources.
Default value is STANDARD_REPOSITORY
.
Possible values are: STANDARD_REPOSITORY
, VIRTUAL_REPOSITORY
, REMOTE_REPOSITORY
.
virtual_repository_config
-
(Optional)
Configuration specific for a Virtual Repository.
Structure is documented below.
cleanup_policies
-
(Optional)
Cleanup policies for this repository. Cleanup policies indicate when
certain package versions can be automatically deleted.
Map keys are policy IDs supplied by users during policy creation. They must
unique within a repository and be under 128 characters in length.
Structure is documented below.
remote_repository_config
-
(Optional)
Configuration specific for a Remote Repository.
Structure is documented below.
cleanup_policy_dry_run
-
(Optional)
If true, the cleanup pipeline is prevented from deleting versions in this
repository.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
The docker_config
block supports:
immutable_tags
-
(Optional)
The repository which enabled this flag prevents all tags from being modified, moved or deleted. This does not prevent tags from being created.The maven_config
block supports:
allow_snapshot_overwrites
-
(Optional)
The repository with this flag will allow publishing the same
snapshot versions.
version_policy
-
(Optional)
Version policy defines the versions that the registry will accept.
Default value is VERSION_POLICY_UNSPECIFIED
.
Possible values are: VERSION_POLICY_UNSPECIFIED
, RELEASE
, SNAPSHOT
.
The virtual_repository_config
block supports:
upstream_policies
-
(Optional)
Policies that configure the upstream artifacts distributed by the Virtual
Repository. Upstream policies cannot be set on a standard repository.
Structure is documented below.The upstream_policies
block supports:
id
-
(Optional)
The user-provided ID of the upstream policy.
repository
-
(Optional)
A reference to the repository resource, for example:
"projects/p1/locations/us-central1/repository/repo1".
priority
-
(Optional)
Entries with a greater priority value take precedence in the pull order.
The cleanup_policies
block supports:
id
- (Required) The identifier for this object. Format specified above.
action
-
(Optional)
Policy action.
Possible values are: DELETE
, KEEP
.
condition
-
(Optional)
Policy condition for matching versions.
Structure is documented below.
most_recent_versions
-
(Optional)
Policy condition for retaining a minimum number of versions. May only be
specified with a Keep action.
Structure is documented below.
tag_state
-
(Optional)
Match versions by tag status.
Default value is ANY
.
Possible values are: TAGGED
, UNTAGGED
, ANY
.
tag_prefixes
-
(Optional)
Match versions by tag prefix. Applied on any prefix match.
version_name_prefixes
-
(Optional)
Match versions by version name prefix. Applied on any prefix match.
package_name_prefixes
-
(Optional)
Match versions by package prefix. Applied on any prefix match.
older_than
-
(Optional)
Match versions older than a duration.
newer_than
-
(Optional)
Match versions newer than a duration.
The most_recent_versions
block supports:
package_name_prefixes
-
(Optional)
Match versions by package prefix. Applied on any prefix match.
keep_count
-
(Optional)
Minimum number of versions to keep.
The remote_repository_config
block supports:
description
-
(Optional)
The description of the remote source.
apt_repository
-
(Optional)
Specific settings for an Apt remote repository.
Structure is documented below.
docker_repository
-
(Optional)
Specific settings for a Docker remote repository.
Structure is documented below.
maven_repository
-
(Optional)
Specific settings for a Maven remote repository.
Structure is documented below.
npm_repository
-
(Optional)
Specific settings for an Npm remote repository.
Structure is documented below.
python_repository
-
(Optional)
Specific settings for a Python remote repository.
Structure is documented below.
yum_repository
-
(Optional)
Specific settings for an Yum remote repository.
Structure is documented below.
upstream_credentials
-
(Optional)
The credentials used to access the remote repository.
Structure is documented below.
disable_upstream_validation
-
(Optional)
If true, the remote repository upstream and upstream credentials will
not be validated.
The apt_repository
block supports:
public_repository
-
(Optional)
One of the publicly available Apt repositories supported by Artifact Registry.
Structure is documented below.The public_repository
block supports:
repository_base
-
(Required)
A common public repository base for Apt, e.g. "debian/dists/buster"
Possible values are: DEBIAN
, UBUNTU
.
repository_path
-
(Required)
Specific repository from the base.
The docker_repository
block supports:
public_repository
-
(Optional)
Address of the remote repository.
Default value is DOCKER_HUB
.
Possible values are: DOCKER_HUB
.
custom_repository
-
(Optional)
Settings for a remote repository with a custom uri.
Structure is documented below.
The custom_repository
block supports:
uri
-
(Optional)
Specific uri to the registry, e.g. "https://registry-1.docker.io"
The maven_repository
block supports:
public_repository
-
(Optional)
Address of the remote repository.
Default value is MAVEN_CENTRAL
.
Possible values are: MAVEN_CENTRAL
.
custom_repository
-
(Optional)
Settings for a remote repository with a custom uri.
Structure is documented below.
The custom_repository
block supports:
uri
-
(Optional)
Specific uri to the registry, e.g. "https://repo.maven.apache.org/maven2"
The npm_repository
block supports:
public_repository
-
(Optional)
Address of the remote repository.
Default value is NPMJS
.
Possible values are: NPMJS
.
custom_repository
-
(Optional)
Settings for a remote repository with a custom uri.
Structure is documented below.
The custom_repository
block supports:
uri
-
(Optional)
Specific uri to the registry, e.g. "https://registry.npmjs.org"
The python_repository
block supports:
public_repository
-
(Optional)
Address of the remote repository.
Default value is PYPI
.
Possible values are: PYPI
.
custom_repository
-
(Optional)
Settings for a remote repository with a custom uri.
Structure is documented below.
The custom_repository
block supports:
uri
-
(Optional)
Specific uri to the registry, e.g. "https://pypi.io"
The yum_repository
block supports:
public_repository
-
(Optional)
One of the publicly available Yum repositories supported by Artifact Registry.
Structure is documented below.The public_repository
block supports:
repository_base
-
(Required)
A common public repository base for Yum.
Possible values are: CENTOS
, CENTOS_DEBUG
, CENTOS_VAULT
, CENTOS_STREAM
, ROCKY
, EPEL
.
repository_path
-
(Required)
Specific repository from the base, e.g. "centos/8-stream/BaseOS/x86_64/os"
The upstream_credentials
block supports:
username_password_credentials
-
(Optional)
Use username and password to access the remote repository.
Structure is documented below.The username_password_credentials
block supports:
username
-
(Optional)
The username to access the remote repository.
password_secret_version
-
(Optional)
The Secret Manager key version that holds the password to access the
remote repository. Must be in the format of
projects/{project}/secrets/{secret}/versions/{version}
.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}
name
-
The name of the repository, for example:
"repo1"
create_time
-
The time when the repository was created.
update_time
-
The time when the repository was last updated.
terraform_labels
-
The combination of labels configured directly on the resource
and default labels configured on the provider.
effective_labels
-
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.Repository can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}
{{project}}/{{location}}/{{repository_id}}
{{location}}/{{repository_id}}
{{repository_id}}
In Terraform v1.5.0 and later, use an import
block to import Repository using one of the formats above. For example:
import {
id = "projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}"
to = google_artifact_registry_repository.default
}
When using the terraform import
command, Repository can be imported using one of the formats above. For example:
$ terraform import google_artifact_registry_repository.default projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}
$ terraform import google_artifact_registry_repository.default {{project}}/{{location}}/{{repository_id}}
$ terraform import google_artifact_registry_repository.default {{location}}/{{repository_id}}
$ terraform import google_artifact_registry_repository.default {{repository_id}}
This resource supports User Project Overrides.