Google Git
Sign in
third-party-mirror / terraform-provider-google-beta / 7018e2f3f116fdacfd66c03551fbf0c3db62170a / . / v5.18.0 / website / docs / r / artifact_registry_repository.html.markdown
blob: e048c0b9af2f5d79c75686a4d134922abdbc8925 [file] [log] [blame]
---
# ----------------------------------------------------------------------------
#
# *** AUTO GENERATED CODE *** Type: MMv1 ***
#
# ----------------------------------------------------------------------------
#
# This file is automatically generated by Magic Modules and manual
# changes will be clobbered when the file is regenerated.
#
# Please read more about how to change this file in
# .github/CONTRIBUTING.md.
#
# ----------------------------------------------------------------------------
subcategory: "Artifact Registry"
description: |-
A repository for storing artifacts
---
# google\_artifact\_registry\_repository
A repository for storing artifacts
To get more information about Repository, see:
* [API documentation](https://cloud.google.com/artifact-registry/docs/reference/rest/v1/projects.locations.repositories)
* How-to Guides
* [Official Documentation](https://cloud.google.com/artifact-registry/docs/overview)
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=artifact_registry_repository_basic&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
</a>
</div>
## Example Usage - Artifact Registry Repository Basic
```hcl
resource "google_artifact_registry_repository" "my-repo" {
location = "us-central1"
repository_id = "my-repository"
description = "example docker repository"
format = "DOCKER"
}
```
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=artifact_registry_repository_docker&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
</a>
</div>
## Example Usage - Artifact Registry Repository Docker
```hcl
resource "google_artifact_registry_repository" "my-repo" {
location = "us-central1"
repository_id = "my-repository"
description = "example docker repository"
format = "DOCKER"
docker_config {
immutable_tags = true
}
}
```
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=artifact_registry_repository_cmek&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
</a>
</div>
## Example Usage - Artifact Registry Repository Cmek
```hcl
resource "google_artifact_registry_repository" "my-repo" {
location = "us-central1"
repository_id = "my-repository"
description = "example docker repository with cmek"
format = "DOCKER"
kms_key_name = "kms-key"
depends_on = [
google_kms_crypto_key_iam_member.crypto_key
]
}
resource "google_kms_crypto_key_iam_member" "crypto_key" {
crypto_key_id = "kms-key"
role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com"
}
data "google_project" "project" {}
```
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=artifact_registry_repository_virtual&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
</a>
</div>
## Example Usage - Artifact Registry Repository Virtual
```hcl
resource "google_artifact_registry_repository" "my-repo-upstream-1" {
location = "us-central1"
repository_id = "my-repository-upstream-1"
description = "example docker repository (upstream source) 1"
format = "DOCKER"
}
resource "google_artifact_registry_repository" "my-repo-upstream-2" {
location = "us-central1"
repository_id = "my-repository-upstream-2"
description = "example docker repository (upstream source) 2"
format = "DOCKER"
}
resource "google_artifact_registry_repository" "my-repo" {
depends_on = []
location = "us-central1"
repository_id = "my-repository"
description = "example virtual docker repository"
format = "DOCKER"
mode = "VIRTUAL_REPOSITORY"
virtual_repository_config {
upstream_policies {
id = "my-repository-upstream-1"
repository = google_artifact_registry_repository.my-repo-upstream-1.id
priority = 20
}
upstream_policies {
id = "my-repository-upstream-2"
repository = google_artifact_registry_repository.my-repo-upstream-2.id
priority = 10
}
}
}
```
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=artifact_registry_repository_remote&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
</a>
</div>
## Example Usage - Artifact Registry Repository Remote
```hcl
resource "google_artifact_registry_repository" "my-repo" {
location = "us-central1"
repository_id = "my-repository"
description = "example remote docker repository"
format = "DOCKER"
mode = "REMOTE_REPOSITORY"
remote_repository_config {
description = "docker hub"
docker_repository {
public_repository = "DOCKER_HUB"
}
}
}
```
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=artifact_registry_repository_remote_apt&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
</a>
</div>
## Example Usage - Artifact Registry Repository Remote Apt
```hcl
resource "google_artifact_registry_repository" "my-repo" {
location = "us-central1"
repository_id = "debian-buster"
description = "example remote apt repository"
format = "APT"
mode = "REMOTE_REPOSITORY"
remote_repository_config {
description = "Debian buster remote repository"
apt_repository {
public_repository {
repository_base = "DEBIAN"
repository_path = "debian/dists/buster"
}
}
}
}
```
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=artifact_registry_repository_remote_yum&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
</a>
</div>
## Example Usage - Artifact Registry Repository Remote Yum
```hcl
resource "google_artifact_registry_repository" "my-repo" {
location = "us-central1"
repository_id = "centos-8"
description = "example remote yum repository"
format = "YUM"
mode = "REMOTE_REPOSITORY"
remote_repository_config {
description = "Centos 8 remote repository"
yum_repository {
public_repository {
repository_base = "CENTOS"
repository_path = "centos/8-stream/BaseOS/x86_64/os"
}
}
}
}
```
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=artifact_registry_repository_cleanup&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
</a>
</div>
## Example Usage - Artifact Registry Repository Cleanup
```hcl
resource "google_artifact_registry_repository" "my-repo" {
location = "us-central1"
repository_id = "my-repository"
description = "example docker repository with cleanup policies"
format = "DOCKER"
cleanup_policy_dry_run = false
cleanup_policies {
id = "delete-prerelease"
action = "DELETE"
condition {
tag_state = "TAGGED"
tag_prefixes = ["alpha", "v0"]
older_than = "2592000s"
}
}
cleanup_policies {
id = "keep-tagged-release"
action = "KEEP"
condition {
tag_state = "TAGGED"
tag_prefixes = ["release"]
package_name_prefixes = ["webapp", "mobile"]
}
}
cleanup_policies {
id = "keep-minimum-versions"
action = "KEEP"
most_recent_versions {
package_name_prefixes = ["webapp", "mobile", "sandbox"]
keep_count = 5
}
}
}
```
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=artifact_registry_repository_remote_custom&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
</a>
</div>
## Example Usage - Artifact Registry Repository Remote Custom
```hcl
data "google_project" "project" {}
resource "google_secret_manager_secret" "example-custom-remote-secret" {
secret_id = "example-secret"
replication {
auto {}
}
}
resource "google_secret_manager_secret_version" "example-custom-remote-secret_version" {
secret = google_secret_manager_secret.example-custom-remote-secret.id
secret_data = "remote-password"
}
resource "google_secret_manager_secret_iam_member" "secret-access" {
secret_id = google_secret_manager_secret.example-custom-remote-secret.id
role = "roles/secretmanager.secretAccessor"
member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com"
}
resource "google_artifact_registry_repository" "my-repo" {
location = "us-central1"
repository_id = "example-custom-remote"
description = "example remote docker repository with credentials"
format = "DOCKER"
mode = "REMOTE_REPOSITORY"
remote_repository_config {
description = "docker hub with custom credentials"
docker_repository {
public_repository = "DOCKER_HUB"
}
upstream_credentials {
username_password_credentials {
username = "remote-username"
password_secret_version = google_secret_manager_secret_version.example-custom-remote-secret_version.name
}
}
}
}
```
## Argument Reference
The following arguments are supported:
* `repository_id` -
(Required)
The last part of the repository name, for example:
"repo1"
* `format` -
(Required)
The format of packages that are stored in the repository. Supported formats
can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats).
You can only create alpha formats if you are a member of the
[alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access).
- - -
* `location` -
(Optional)
The name of the location this repository is located in.
* `description` -
(Optional)
The user-provided description of the repository.
* `labels` -
(Optional)
Labels with user-defined metadata.
This field may contain up to 64 entries. Label keys and values may be no
longer than 63 characters. Label keys must begin with a lowercase letter
and may only contain lowercase letters, numeric characters, underscores,
and dashes.
**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field `effective_labels` for all of the labels present on the resource.
* `kms_key_name` -
(Optional)
The Cloud KMS resource name of the customer managed encryption key that’s
used to encrypt the contents of the Repository. Has the form:
`projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key`.
This value may not be changed after the Repository has been created.
* `docker_config` -
(Optional)
Docker repository config contains repository level configuration for the repositories of docker type.
Structure is [documented below](#nested_docker_config).
* `maven_config` -
(Optional)
MavenRepositoryConfig is maven related repository details.
Provides additional configuration details for repositories of the maven
format type.
Structure is [documented below](#nested_maven_config).
* `mode` -
(Optional)
The mode configures the repository to serve artifacts from different sources.
Default value is `STANDARD_REPOSITORY`.
Possible values are: `STANDARD_REPOSITORY`, `VIRTUAL_REPOSITORY`, `REMOTE_REPOSITORY`.
* `virtual_repository_config` -
(Optional)
Configuration specific for a Virtual Repository.
Structure is [documented below](#nested_virtual_repository_config).
* `cleanup_policies` -
(Optional)
Cleanup policies for this repository. Cleanup policies indicate when
certain package versions can be automatically deleted.
Map keys are policy IDs supplied by users during policy creation. They must
unique within a repository and be under 128 characters in length.
Structure is [documented below](#nested_cleanup_policies).
* `remote_repository_config` -
(Optional)
Configuration specific for a Remote Repository.
Structure is [documented below](#nested_remote_repository_config).
* `cleanup_policy_dry_run` -
(Optional)
If true, the cleanup pipeline is prevented from deleting versions in this
repository.
* `project` - (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
<a name="nested_docker_config"></a>The `docker_config` block supports:
* `immutable_tags` -
(Optional)
The repository which enabled this flag prevents all tags from being modified, moved or deleted. This does not prevent tags from being created.
<a name="nested_maven_config"></a>The `maven_config` block supports:
* `allow_snapshot_overwrites` -
(Optional)
The repository with this flag will allow publishing the same
snapshot versions.
* `version_policy` -
(Optional)
Version policy defines the versions that the registry will accept.
Default value is `VERSION_POLICY_UNSPECIFIED`.
Possible values are: `VERSION_POLICY_UNSPECIFIED`, `RELEASE`, `SNAPSHOT`.
<a name="nested_virtual_repository_config"></a>The `virtual_repository_config` block supports:
* `upstream_policies` -
(Optional)
Policies that configure the upstream artifacts distributed by the Virtual
Repository. Upstream policies cannot be set on a standard repository.
Structure is [documented below](#nested_upstream_policies).
<a name="nested_upstream_policies"></a>The `upstream_policies` block supports:
* `id` -
(Optional)
The user-provided ID of the upstream policy.
* `repository` -
(Optional)
A reference to the repository resource, for example:
"projects/p1/locations/us-central1/repository/repo1".
* `priority` -
(Optional)
Entries with a greater priority value take precedence in the pull order.
<a name="nested_cleanup_policies"></a>The `cleanup_policies` block supports:
* `id` - (Required) The identifier for this object. Format specified above.
* `action` -
(Optional)
Policy action.
Possible values are: `DELETE`, `KEEP`.
* `condition` -
(Optional)
Policy condition for matching versions.
Structure is [documented below](#nested_condition).
* `most_recent_versions` -
(Optional)
Policy condition for retaining a minimum number of versions. May only be
specified with a Keep action.
Structure is [documented below](#nested_most_recent_versions).
<a name="nested_condition"></a>The `condition` block supports:
* `tag_state` -
(Optional)
Match versions by tag status.
Default value is `ANY`.
Possible values are: `TAGGED`, `UNTAGGED`, `ANY`.
* `tag_prefixes` -
(Optional)
Match versions by tag prefix. Applied on any prefix match.
* `version_name_prefixes` -
(Optional)
Match versions by version name prefix. Applied on any prefix match.
* `package_name_prefixes` -
(Optional)
Match versions by package prefix. Applied on any prefix match.
* `older_than` -
(Optional)
Match versions older than a duration.
* `newer_than` -
(Optional)
Match versions newer than a duration.
<a name="nested_most_recent_versions"></a>The `most_recent_versions` block supports:
* `package_name_prefixes` -
(Optional)
Match versions by package prefix. Applied on any prefix match.
* `keep_count` -
(Optional)
Minimum number of versions to keep.
<a name="nested_remote_repository_config"></a>The `remote_repository_config` block supports:
* `description` -
(Optional)
The description of the remote source.
* `apt_repository` -
(Optional)
Specific settings for an Apt remote repository.
Structure is [documented below](#nested_apt_repository).
* `docker_repository` -
(Optional)
Specific settings for a Docker remote repository.
Structure is [documented below](#nested_docker_repository).
* `maven_repository` -
(Optional)
Specific settings for a Maven remote repository.
Structure is [documented below](#nested_maven_repository).
* `npm_repository` -
(Optional)
Specific settings for an Npm remote repository.
Structure is [documented below](#nested_npm_repository).
* `python_repository` -
(Optional)
Specific settings for a Python remote repository.
Structure is [documented below](#nested_python_repository).
* `yum_repository` -
(Optional)
Specific settings for an Yum remote repository.
Structure is [documented below](#nested_yum_repository).
* `upstream_credentials` -
(Optional)
The credentials used to access the remote repository.
Structure is [documented below](#nested_upstream_credentials).
<a name="nested_apt_repository"></a>The `apt_repository` block supports:
* `public_repository` -
(Optional)
One of the publicly available Apt repositories supported by Artifact Registry.
Structure is [documented below](#nested_public_repository).
<a name="nested_public_repository"></a>The `public_repository` block supports:
* `repository_base` -
(Required)
A common public repository base for Apt, e.g. `"debian/dists/buster"`
Possible values are: `DEBIAN`, `UBUNTU`.
* `repository_path` -
(Required)
Specific repository from the base.
<a name="nested_docker_repository"></a>The `docker_repository` block supports:
* `public_repository` -
(Optional)
Address of the remote repository.
Default value is `DOCKER_HUB`.
Possible values are: `DOCKER_HUB`.
<a name="nested_maven_repository"></a>The `maven_repository` block supports:
* `public_repository` -
(Optional)
Address of the remote repository.
Default value is `MAVEN_CENTRAL`.
Possible values are: `MAVEN_CENTRAL`.
<a name="nested_npm_repository"></a>The `npm_repository` block supports:
* `public_repository` -
(Optional)
Address of the remote repository.
Default value is `NPMJS`.
Possible values are: `NPMJS`.
<a name="nested_python_repository"></a>The `python_repository` block supports:
* `public_repository` -
(Optional)
Address of the remote repository.
Default value is `PYPI`.
Possible values are: `PYPI`.
<a name="nested_yum_repository"></a>The `yum_repository` block supports:
* `public_repository` -
(Optional)
One of the publicly available Yum repositories supported by Artifact Registry.
Structure is [documented below](#nested_public_repository).
<a name="nested_public_repository"></a>The `public_repository` block supports:
* `repository_base` -
(Required)
A common public repository base for Yum.
Possible values are: `CENTOS`, `CENTOS_DEBUG`, `CENTOS_VAULT`, `CENTOS_STREAM`, `ROCKY`, `EPEL`.
* `repository_path` -
(Required)
Specific repository from the base, e.g. `"centos/8-stream/BaseOS/x86_64/os"`
<a name="nested_upstream_credentials"></a>The `upstream_credentials` block supports:
* `username_password_credentials` -
(Optional)
Use username and password to access the remote repository.
Structure is [documented below](#nested_username_password_credentials).
<a name="nested_username_password_credentials"></a>The `username_password_credentials` block supports:
* `username` -
(Optional)
The username to access the remote repository.
* `password_secret_version` -
(Optional)
The Secret Manager key version that holds the password to access the
remote repository. Must be in the format of
`projects/{project}/secrets/{secret}/versions/{version}`.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
* `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}`
* `name` -
The name of the repository, for example:
"repo1"
* `create_time` -
The time when the repository was created.
* `update_time` -
The time when the repository was last updated.
* `terraform_labels` -
The combination of labels configured directly on the resource
and default labels configured on the provider.
* `effective_labels` -
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
## Timeouts
This resource provides the following
[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:
- `create` - Default is 20 minutes.
- `update` - Default is 20 minutes.
- `delete` - Default is 20 minutes.
## Import
Repository can be imported using any of these accepted formats:
* `projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}`
* `{{project}}/{{location}}/{{repository_id}}`
* `{{location}}/{{repository_id}}`
* `{{repository_id}}`
In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import Repository using one of the formats above. For example:
```tf
import {
id = "projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}"
to = google_artifact_registry_repository.default
}
```
When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), Repository can be imported using one of the formats above. For example:
```
$ terraform import google_artifact_registry_repository.default projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}
$ terraform import google_artifact_registry_repository.default {{project}}/{{location}}/{{repository_id}}
$ terraform import google_artifact_registry_repository.default {{location}}/{{repository_id}}
$ terraform import google_artifact_registry_repository.default {{repository_id}}
```
## User Project Overrides
This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).