artifactregistry: support custom remote repositories for language pac…

…kages (#10242)

mmv1/products/artifactregistry/Repository.yaml

@@ -101,18 +101,79 @@ examples:
       repository_id: 'my-repository'
       description: 'example docker repository with cleanup policies'
   - !ruby/object:Provider::Terraform::Examples
-    name: 'artifact_registry_repository_remote_custom'
+    name: 'artifact_registry_repository_remote_dockerhub_auth'
     primary_resource_id: 'my-repo'
+    # Ignore this field as it is INPUT_ONLY. AR will not return this in the
+    # response.
+    ignore_read_extra:
+      - 'remote_repository_config.0.disable_upstream_validation'
     vars:
-      repository_id: 'example-custom-remote'
-      description: 'example remote docker repository with credentials'
+      repository_id: 'example-dockerhub-remote'
+      description: 'example remote dockerhub repository with credentials'
       secret_id: 'example-secret'
-      secret_resource_id: 'example-custom-remote-secret'
+      secret_resource_id: 'example-remote-secret'
+      username: 'remote-username'
+      secret_data: 'remote-password'
+  - !ruby/object:Provider::Terraform::Examples
+    name: 'artifact_registry_repository_remote_docker_custom_with_auth'
+    primary_resource_id: 'my-repo'
+    ignore_read_extra:
+      # Ignore this field as it is INPUT_ONLY. AR will not return this in the
+      # response.
+      - 'remote_repository_config.0.disable_upstream_validation'
+    vars:
+      repository_id: 'example-docker-custom-remote'
+      description: 'example remote custom docker repository with credentials'
+      secret_id: 'example-secret'
+      secret_resource_id: 'example-remote-secret'
+      username: 'remote-username'
+      secret_data: 'remote-password'
+  - !ruby/object:Provider::Terraform::Examples
+    name: 'artifact_registry_repository_remote_maven_custom_with_auth'
+    primary_resource_id: 'my-repo'
+    ignore_read_extra:
+      # Ignore this field as it is INPUT_ONLY. AR will not return this in the
+      # response.
+      - 'remote_repository_config.0.disable_upstream_validation'
+    vars:
+      repository_id: 'example-maven-custom-remote'
+      description: 'example remote custom maven repository with credentials'
+      secret_id: 'example-secret'
+      secret_resource_id: 'example-remote-secret'
+      username: 'remote-username'
+      secret_data: 'remote-password'
+  - !ruby/object:Provider::Terraform::Examples
+    name: 'artifact_registry_repository_remote_npm_custom_with_auth'
+    primary_resource_id: 'my-repo'
+    ignore_read_extra:
+      # Ignore this field as it is INPUT_ONLY. AR will not return this in the
+      # response.
+      - 'remote_repository_config.0.disable_upstream_validation'
+    vars:
+      repository_id: 'example-npm-custom-remote'
+      description: 'example remote custom npm repository with credentials'
+      secret_id: 'example-secret'
+      secret_resource_id: 'example-remote-secret'
+      username: 'remote-username'
+      secret_data: 'remote-password'
+  - !ruby/object:Provider::Terraform::Examples
+    name: 'artifact_registry_repository_remote_python_custom_with_auth'
+    primary_resource_id: 'my-repo'
+    ignore_read_extra:
+      # Ignore this field as it is INPUT_ONLY. AR will not return this in the
+      # response.
+      - 'remote_repository_config.0.disable_upstream_validation'
+    vars:
+      repository_id: 'example-python-custom-remote'
+      description: 'example remote custom python repository with credentials'
+      secret_id: 'example-secret'
+      secret_resource_id: 'example-remote-secret'
       username: 'remote-username'
       secret_data: 'remote-password'
 custom_code: !ruby/object:Provider::Terraform::CustomCode
   constants: templates/terraform/constants/artifact_registry_repository.go.erb
   encoder: templates/terraform/encoders/location_from_region.go.erb
+  pre_create: templates/terraform/pre_create/artifact_registry_remote_repository.go.erb
 properties:
   - !ruby/object:Api::Type::String
     name: name
@@ -388,14 +449,29 @@ properties:
         properties:
           - !ruby/object:Api::Type::Enum
             name: 'publicRepository'
-            exactly_one_of:
-              - remoteRepositoryConfig.0.docker_repository.0.public_repository
             description: |-
               Address of the remote repository.
             immutable: true
+            conflicts:
+              - remoteRepositoryConfig.0.docker_repository.0.custom_repository
             values:
               - :DOCKER_HUB
+            # Eventually lets delete default_value and custom_flatten in a major release
             default_value: :DOCKER_HUB
+            custom_flatten: 'templates/terraform/custom_flatten/default_if_empty.erb'
+          - !ruby/object:Api::Type::NestedObject
+            name: 'customRepository'
+            description: |-
+              Settings for a remote repository with a custom uri.
+            immutable: true
+            conflicts:
+              - remoteRepositoryConfig.0.docker_repository.0.public_repository
+            properties:
+              - !ruby/object:Api::Type::String
+                name: 'uri'
+                description: |-
+                  Specific uri to the registry, e.g. `"https://registry-1.docker.io"`
+                immutable: true
       - !ruby/object:Api::Type::NestedObject
         name: 'mavenRepository'
         exactly_one_of:
@@ -411,14 +487,29 @@ properties:
         properties:
           - !ruby/object:Api::Type::Enum
             name: 'publicRepository'
-            exactly_one_of:
-              - remoteRepositoryConfig.0.maven_repository.0.public_repository
             description: |-
               Address of the remote repository.
             immutable: true
+            conflicts:
+              - remoteRepositoryConfig.0.maven_repository.0.custom_repository
             values:
               - :MAVEN_CENTRAL
+            # Eventually lets delete default_value and custom_flatten in a major release
             default_value: :MAVEN_CENTRAL
+            custom_flatten: 'templates/terraform/custom_flatten/default_if_empty.erb'
+          - !ruby/object:Api::Type::NestedObject
+            name: 'customRepository'
+            description: |-
+              Settings for a remote repository with a custom uri.
+            immutable: true
+            conflicts:
+              - remoteRepositoryConfig.0.maven_repository.0.public_repository
+            properties:
+              - !ruby/object:Api::Type::String
+                name: 'uri'
+                description: |-
+                  Specific uri to the registry, e.g. `"https://repo.maven.apache.org/maven2"`
+                immutable: true
       - !ruby/object:Api::Type::NestedObject
         name: 'npmRepository'
         exactly_one_of:
@@ -434,14 +525,29 @@ properties:
         properties:
           - !ruby/object:Api::Type::Enum
             name: 'publicRepository'
-            exactly_one_of:
-              - remoteRepositoryConfig.0.npm_repository.0.public_repository
             description: |-
               Address of the remote repository.
             immutable: true
+            conflicts:
+              - remoteRepositoryConfig.0.npm_repository.0.custom_repository
             values:
               - :NPMJS
+            # Eventually lets delete default_value and custom_flatten in a major release
             default_value: :NPMJS
+            custom_flatten: 'templates/terraform/custom_flatten/default_if_empty.erb'
+          - !ruby/object:Api::Type::NestedObject
+            name: 'customRepository'
+            description: |-
+              Settings for a remote repository with a custom uri.
+            immutable: true
+            conflicts:
+              - remoteRepositoryConfig.0.npm_repository.0.public_repository
+            properties:
+              - !ruby/object:Api::Type::String
+                name: 'uri'
+                description: |-
+                  Specific uri to the registry, e.g. `"https://registry.npmjs.org"`
+                immutable: true
       - !ruby/object:Api::Type::NestedObject
         name: 'pythonRepository'
         exactly_one_of:
@@ -457,14 +563,29 @@ properties:
         properties:
           - !ruby/object:Api::Type::Enum
             name: 'publicRepository'
-            exactly_one_of:
-              - remoteRepositoryConfig.0.python_repository.0.public_repository
             description: |-
               Address of the remote repository.
             immutable: true
+            conflicts:
+              - remoteRepositoryConfig.0.python_repository.0.custom_repository
             values:
               - :PYPI
+            # Eventually lets delete default_value and custom_flatten in a major release
             default_value: :PYPI
+            custom_flatten: 'templates/terraform/custom_flatten/default_if_empty.erb'
+          - !ruby/object:Api::Type::NestedObject
+            name: 'customRepository'
+            description: |-
+              Settings for a remote repository with a custom uri.
+            immutable: true
+            conflicts:
+              - remoteRepositoryConfig.0.python_repository.0.public_repository
+            properties:
+              - !ruby/object:Api::Type::String
+                name: 'uri'
+                description: |-
+                  Specific uri to the registry, e.g. `"https://pypi.io"`
+                immutable: true
       - !ruby/object:Api::Type::NestedObject
         name: 'yumRepository'
         exactly_one_of:
@@ -527,6 +648,14 @@ properties:
                   remote repository. Must be in the format of
                   `projects/{project}/secrets/{secret}/versions/{version}`.
                 immutable: true
+      - !ruby/object:Api::Type::Boolean
+        name: 'disableUpstreamValidation'
+        # Ignore read on this field because it is INPUT_ONLY.
+        # Need to use custom flatten because ignore_read doesn't work with nested fields.
+        custom_flatten: 'templates/terraform/custom_flatten/artifactregistry_rr_disable_upstream_validation.go.erb'
+        description: |-
+          If true, the remote repository upstream and upstream credentials will
+          not be validated.
   - !ruby/object:Api::Type::Boolean
     name: 'cleanupPolicyDryRun'
     description: |-

mmv1/templates/terraform/custom_flatten/artifactregistry_rr_disable_upstream_validation.go.erb

@@ -0,0 +1,3 @@
+func flatten<%= prefix -%><%= titlelize_property(property) -%>(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+  return d.Get("remote_repository_config.0.disable_upstream_validation")
+}

mmv1/templates/terraform/examples/artifact_registry_repository_remote_docker_custom_with_auth.tf.erb

@@ -0,0 +1,42 @@
+data "google_project" "project" {}
+
+resource "google_secret_manager_secret" "<%= ctx[:vars]['secret_resource_id'] %>" {
+  secret_id = "<%= ctx[:vars]['secret_id'] %>"
+  replication {
+    auto {}
+  }
+}
+
+resource "google_secret_manager_secret_version" "<%= ctx[:vars]['secret_resource_id'] %>_version" {
+  secret = google_secret_manager_secret.<%= ctx[:vars]['secret_resource_id'] %>.id
+  secret_data = "<%= ctx[:vars]['secret_data'] %>"
+}
+
+resource "google_secret_manager_secret_iam_member" "secret-access" {
+  secret_id = google_secret_manager_secret.<%= ctx[:vars]['secret_resource_id'] %>.id
+  role      = "roles/secretmanager.secretAccessor"
+  member    = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com"
+}
+
+resource "google_artifact_registry_repository" "<%= ctx[:primary_resource_id] %>" {
+  location      = "us-central1"
+  repository_id = "<%= ctx[:vars]['repository_id'] %>"
+  description   = "<%= ctx[:vars]['description'] %>"
+  format        = "DOCKER"
+  mode          = "REMOTE_REPOSITORY"
+  remote_repository_config {
+    description = "custom docker remote with credentials"
+    disable_upstream_validation = true
+    docker_repository {
+      custom_repository {
+        uri = "https://registry-1.docker.io"
+      }
+    }
+    upstream_credentials {
+      username_password_credentials {
+        username = "<%= ctx[:vars]['username'] %>"
+        password_secret_version = google_secret_manager_secret_version.<%= ctx[:vars]['secret_resource_id'] %>_version.name
+      }
+    }
+  }
+}

mmv1/templates/terraform/examples/artifact_registry_repository_remote_custom.tf.erb → mmv1/templates/terraform/examples/artifact_registry_repository_remote_dockerhub_auth.tf.erb

@@ -26,6 +26,7 @@ resource "google_artifact_registry_repository" "<%= ctx[:primary_resource_id] %>
   mode          = "REMOTE_REPOSITORY"
   remote_repository_config {
     description = "docker hub with custom credentials"
+    disable_upstream_validation = true
     docker_repository {
       public_repository = "DOCKER_HUB"
     }

mmv1/templates/terraform/examples/artifact_registry_repository_remote_maven_custom_with_auth.tf.erb

@@ -0,0 +1,42 @@
+data "google_project" "project" {}
+
+resource "google_secret_manager_secret" "<%= ctx[:vars]['secret_resource_id'] %>" {
+  secret_id = "<%= ctx[:vars]['secret_id'] %>"
+  replication {
+    auto {}
+  }
+}
+
+resource "google_secret_manager_secret_version" "<%= ctx[:vars]['secret_resource_id'] %>_version" {
+  secret = google_secret_manager_secret.<%= ctx[:vars]['secret_resource_id'] %>.id
+  secret_data = "<%= ctx[:vars]['secret_data'] %>"
+}
+
+resource "google_secret_manager_secret_iam_member" "secret-access" {
+  secret_id = google_secret_manager_secret.<%= ctx[:vars]['secret_resource_id'] %>.id
+  role      = "roles/secretmanager.secretAccessor"
+  member    = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com"
+}
+
+resource "google_artifact_registry_repository" "<%= ctx[:primary_resource_id] %>" {
+  location      = "us-central1"
+  repository_id = "<%= ctx[:vars]['repository_id'] %>"
+  description   = "<%= ctx[:vars]['description'] %>"
+  format        = "MAVEN"
+  mode          = "REMOTE_REPOSITORY"
+  remote_repository_config {
+    description = "custom maven remote with credentials"
+    disable_upstream_validation = true
+    maven_repository {
+      custom_repository {
+        uri = "https://my.maven.registry"
+      }
+    }
+    upstream_credentials {
+      username_password_credentials {
+        username = "<%= ctx[:vars]['username'] %>"
+        password_secret_version = google_secret_manager_secret_version.<%= ctx[:vars]['secret_resource_id'] %>_version.name
+      }
+    }
+  }
+}

mmv1/templates/terraform/examples/artifact_registry_repository_remote_npm_custom_with_auth.tf.erb

@@ -0,0 +1,42 @@
+data "google_project" "project" {}
+
+resource "google_secret_manager_secret" "<%= ctx[:vars]['secret_resource_id'] %>" {
+  secret_id = "<%= ctx[:vars]['secret_id'] %>"
+  replication {
+    auto {}
+  }
+}
+
+resource "google_secret_manager_secret_version" "<%= ctx[:vars]['secret_resource_id'] %>_version" {
+  secret = google_secret_manager_secret.<%= ctx[:vars]['secret_resource_id'] %>.id
+  secret_data = "<%= ctx[:vars]['secret_data'] %>"
+}
+
+resource "google_secret_manager_secret_iam_member" "secret-access" {
+  secret_id = google_secret_manager_secret.<%= ctx[:vars]['secret_resource_id'] %>.id
+  role      = "roles/secretmanager.secretAccessor"
+  member    = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com"
+}
+
+resource "google_artifact_registry_repository" "<%= ctx[:primary_resource_id] %>" {
+  location      = "us-central1"
+  repository_id = "<%= ctx[:vars]['repository_id'] %>"
+  description   = "<%= ctx[:vars]['description'] %>"
+  format        = "NPM"
+  mode          = "REMOTE_REPOSITORY"
+  remote_repository_config {
+    description = "custom npm with credentials"
+    disable_upstream_validation = true
+    npm_repository {
+      custom_repository {
+        uri = "https://my.npm.registry"
+      }
+    }
+    upstream_credentials {
+      username_password_credentials {
+        username = "<%= ctx[:vars]['username'] %>"
+        password_secret_version = google_secret_manager_secret_version.<%= ctx[:vars]['secret_resource_id'] %>_version.name
+      }
+    }
+  }
+}