artifactregistry: fix comments, more examples for common remote repos…

…itories (GoogleCloudPlatform#12312) Co-authored-by: Yury Gridasov <[email protected]> Co-authored-by: Will Yardley <[email protected]> Co-authored-by: Ian Milligan <[email protected]> Co-authored-by: Stephen Lewis (Burrows) <[email protected]>
zeleena · Nov 18, 2024 · 18d1ae1 · 18d1ae1
1 parent 63a9749
commit 18d1ae1
Show file tree

Hide file tree

Showing 3 changed files with 94 additions and 5 deletions.
diff --git a/mmv1/products/artifactregistry/Repository.yaml b/mmv1/products/artifactregistry/Repository.yaml
@@ -184,6 +184,30 @@ examples:
       # Ignore this field as it is INPUT_ONLY. AR will not return this in the
       # response.
       - 'remote_repository_config.0.disable_upstream_validation'
+  - name: 'artifact_registry_repository_remote_common_repository_with_artifact_registry_uri'
+    primary_resource_id: 'my-repo'
+    vars:
+      repository_id: 'example-common-remote'
+      desc: 'example remote common repository with docker upstream'
+      upstream_repository_id: 'example-upstream-repo'
+      upstream_repository_desc: 'example upstream repository'
+    ignore_read_extra:
+      # Ignore this field as it is INPUT_ONLY. AR will not return this in the
+      # response.
+      - 'remote_repository_config.0.disable_upstream_validation'
+  - name: 'artifact_registry_repository_remote_common_repository_with_custom_upstream'
+    primary_resource_id: 'my-repo'
+    vars:
+      repository_id: 'example-docker-custom-remote'
+      desc: 'example remote custom docker repository with credentials'
+      secret_id: 'example-secret'
+      secret_resource_id: 'example-remote-secret'
+      username: 'remote-username'
+      secret_data: 'remote-password'
+    ignore_read_extra:
+      # Ignore this field as it is INPUT_ONLY. AR will not return this in the
+      # response.
+      - 'remote_repository_config.0.disable_upstream_validation'
 parameters:
 properties:
   - name: 'name'
@@ -482,7 +506,7 @@ properties:
           - name: 'customRepository'
             type: NestedObject
             description: |-
-              Settings for a remote repository with a custom uri.
+              [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri.
             immutable: true
             conflicts:
               - remoteRepositoryConfig.0.docker_repository.0.public_repository
@@ -521,7 +545,7 @@ properties:
           - name: 'customRepository'
             type: NestedObject
             description: |-
-              Settings for a remote repository with a custom uri.
+              [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri.
             immutable: true
             conflicts:
               - remoteRepositoryConfig.0.maven_repository.0.public_repository
@@ -560,7 +584,7 @@ properties:
           - name: 'customRepository'
             type: NestedObject
             description: |-
-              Settings for a remote repository with a custom uri.
+              [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri.
             immutable: true
             conflicts:
               - remoteRepositoryConfig.0.npm_repository.0.public_repository
@@ -599,7 +623,7 @@ properties:
           - name: 'customRepository'
             type: NestedObject
             description: |-
-              Settings for a remote repository with a custom uri.
+              [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri.
             immutable: true
             conflicts:
               - remoteRepositoryConfig.0.python_repository.0.public_repository
@@ -665,7 +689,10 @@ properties:
           - name: 'uri'
             type: String
             description: |-
-              Specific uri to the Artifact Registory repository, e.g. `projects/UPSTREAM_PROJECT_ID/locations/REGION/repositories/UPSTREAM_REPOSITORY`
+              One of:
+              a. Artifact Registry Repository resource, e.g. `projects/UPSTREAM_PROJECT_ID/locations/REGION/repositories/UPSTREAM_REPOSITORY`
+              b. URI to the registry, e.g. `"https://registry-1.docker.io"`
+              c. URI to Artifact Registry Repository, e.g. `"https://REGION-docker.pkg.dev/UPSTREAM_PROJECT_ID/UPSTREAM_REPOSITORY"`
             immutable: true
             required: true
       - name: 'upstreamCredentials'

diff --git a/.../artifact_registry_repository_remote_common_repository_with_artifact_registry_uri.tf.tmpl b/.../artifact_registry_repository_remote_common_repository_with_artifact_registry_uri.tf.tmpl
@@ -0,0 +1,22 @@
+data "google_project" "project" {}
+
+resource "google_artifact_registry_repository" "upstream_repo" {
+  location      = "us-central1"
+  repository_id = "{{index $.Vars "upstream_repository_id"}}"
+  description   = "{{index $.Vars "upstream_repository_desc"}}"
+  format        = "DOCKER"
+}
+
+resource "google_artifact_registry_repository" "{{$.PrimaryResourceId}}" {
+  location      = "us-central1"
+  repository_id = "{{index $.Vars "repository_id"}}"
+  description   = "{{index $.Vars "desc"}}"
+  format        = "DOCKER"
+  mode          = "REMOTE_REPOSITORY"
+  remote_repository_config {
+    description = "pull-through cache of another Artifact Registry repository by URL"
+    common_repository {
+      uri         = "https://us-central1-docker.pkg.dev/{{index $.TestEnvVars "project_id"}}/{{index $.Vars "upstream_repository_id"}}"
+    }
+  }
+}
diff --git a/...amples/artifact_registry_repository_remote_common_repository_with_custom_upstream.tf.tmpl b/...amples/artifact_registry_repository_remote_common_repository_with_custom_upstream.tf.tmpl
@@ -0,0 +1,40 @@
+data "google_project" "project" {}
+
+resource "google_secret_manager_secret" "{{index $.Vars "secret_resource_id"}}" {
+  secret_id = "{{index $.Vars "secret_id"}}"
+  replication {
+    auto {}
+  }
+}
+
+resource "google_secret_manager_secret_version" "{{index $.Vars "secret_resource_id"}}_version" {
+  secret = google_secret_manager_secret.{{index $.Vars "secret_resource_id"}}.id
+  secret_data = "{{index $.Vars "secret_data"}}"
+}
+
+resource "google_secret_manager_secret_iam_member" "secret-access" {
+  secret_id = google_secret_manager_secret.{{index $.Vars "secret_resource_id"}}.id
+  role      = "roles/secretmanager.secretAccessor"
+  member    = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com"
+}
+
+resource "google_artifact_registry_repository" "{{$.PrimaryResourceId}}" {
+  location      = "us-central1"
+  repository_id = "{{index $.Vars "repository_id"}}"
+  description   = "{{index $.Vars "desc"}}"
+  format        = "DOCKER"
+  mode          = "REMOTE_REPOSITORY"
+  remote_repository_config {
+    description = "custom common docker remote with credentials"
+    disable_upstream_validation = true
+    common_repository {
+      uri = "https://registry-1.docker.io"
+    }
+    upstream_credentials {
+      username_password_credentials {
+        username = "{{index $.Vars "username"}}"
+        password_secret_version = google_secret_manager_secret_version.{{index $.Vars "secret_resource_id"}}_version.name
+      }
+    }
+  }
+}