Skip to content

Commit fafd585

Browse files
committed
Do not require private AR repo
1 parent 8d08be8 commit fafd585

3 files changed

Lines changed: 17 additions & 2 deletions

File tree

README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,8 @@ Deploy a docker compose project to a Google Cloud Compute Instance.
6868
| <a name="input_project_id"></a> [project\_id](#input\_project\_id) | The GCP project ID | `string` | n/a | yes |
6969
| <a name="input_project_number"></a> [project\_number](#input\_project\_number) | The GCP project number | `string` | n/a | yes |
7070
| <a name="input_allowed_ips"></a> [allowed\_ips](#input\_allowed\_ips) | CIDR IP Addresses allowed to turn on this site's GCP instance | `list(string)` | `[]` | no |
71+
| <a name="input_artifact_registry_location"></a> [artifact\_registry\_location](#input\_artifact\_registry\_location) | Artifact Registry location for var.artifact\_registry\_repository. | `string` | `"us"` | no |
72+
| <a name="input_artifact_registry_repository"></a> [artifact\_registry\_repository](#input\_artifact\_registry\_repository) | Optional Artifact Registry repository name to grant the VM service account reader access to. Leave empty to skip creating the IAM binding. | `string` | `""` | no |
7173
| <a name="input_allowed_ssh_ipv4"></a> [allowed\_ssh\_ipv4](#input\_allowed\_ssh\_ipv4) | CIDR IPv4 Addresses allowed to to SSH into this site's GCP instance | `list(string)` | `[]` | no |
7274
| <a name="input_allowed_ssh_ipv6"></a> [allowed\_ssh\_ipv6](#input\_allowed\_ssh\_ipv6) | CIDR IPv6 Addresses allowed to SSH into this site's GCP instance | `list(string)` | `[]` | no |
7375
| <a name="input_disk_size_gb"></a> [disk\_size\_gb](#input\_disk\_size\_gb) | Data disk size in GB | `number` | `50` | no |

main.tf

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -122,9 +122,10 @@ resource "google_service_account" "cloud-compose" {
122122

123123
# docker pull app images
124124
resource "google_artifact_registry_repository_iam_member" "private-policy-cloud-compose" {
125+
count = var.artifact_registry_repository != "" ? 1 : 0
125126
project = var.project_id
126-
location = "us"
127-
repository = "private"
127+
location = var.artifact_registry_location
128+
repository = var.artifact_registry_repository
128129
role = "roles/artifactregistry.reader"
129130
member = "serviceAccount:${google_service_account.cloud-compose.email}"
130131
}

variables.tf

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -173,3 +173,15 @@ variable "initcmd" {
173173
default = []
174174
description = "Commands to run before /home/cloud-compose/run.sh"
175175
}
176+
177+
variable "artifact_registry_repository" {
178+
type = string
179+
default = ""
180+
description = "Optional Artifact Registry repository name to grant the VM service account reader access to. Leave empty to skip creating the IAM binding."
181+
}
182+
183+
variable "artifact_registry_location" {
184+
type = string
185+
default = "us"
186+
description = "Artifact Registry location for var.artifact_registry_repository."
187+
}

0 commit comments

Comments
 (0)