search

GoogleCloudPlatform / terraform-google-artifact-registry

Create and manage Artifact Registry repositories
https://registry.terraform.io/modules/GoogleCloudPlatform/artifact-registry/google
Apache License 2.0
9 stars 8 forks source link

Conflicting values when using remote docker repositories with custom uri #32

Open thiago-almeida-t0ca opened 3 weeks ago

thiago-almeida-t0ca commented 3 weeks ago

First of all, thanks for the awesome work with this module, it really encapsulates well all the possibilities in a well organized way.

With that said, I think there's an issue with remote repositories using custom uri, at least for remote docker repos.

This is my config:

module "mcr-remote" {
  source  = "GoogleCloudPlatform/artifact-registry/google"
  version = "~> 0.2"

  project_id    = local.project_id
  location      = "eu"
  format        = "DOCKER"
  repository_id = "mcr-remote-eu"
  mode          = "REMOTE_REPOSITORY"

  remote_repository_config = {
    description                 = "remote mcr.microsoft.com"
    disable_upstream_validation = true
    docker_repository = {
      public_repository = null
      custom_repository = {
        uri = "https://mcr.microsoft.com"
      }
    }
  }

  labels = local.labels
}

It gives me the following error:

╷
│ Error: Conflicting configuration arguments
│
│   with module.artifact-registry.module.mcr-remote.google_artifact_registry_repository.repo,
│   on .terraform/modules/artifact-registry.mcr-remote/main.tf line 17, in resource "google_artifact_registry_repository" "repo":
│   17: resource "google_artifact_registry_repository" "repo" {
│
│ "remote_repository_config.0.docker_repository.0.custom_repository":
│ conflicts with
│ remote_repository_config.0.docker_repository.0.public_repository

Since we have the public_repository = optional(string, "DOCKER_HUB") with a default value set, it conflicts with whatever I try to set on the custom_repository object.

variable "remote_repository_config" {
  type = object({
    description                 = optional(string)
    disable_upstream_validation = optional(bool, true)
    upstream_credentials = optional(object({
      username                = string
      password_secret_version = string
    }), null)
...
    docker_repository = optional(object({
      public_repository = optional(string, "DOCKER_HUB")
      custom_repository = optional(object({
        uri = string
      }), null)
    }), null)
...
  description = "Configuration specific for a Remote Repository."
  default     = null
}

To avoid it I believe we should either not set a default value for public_repository or add the following logic on the module:

      dynamic "docker_repository" {
        for_each = remote_repository_config.value.docker_repository[*]
        content {
-          public_repository = docker_repository.value.public_repository
+          public_repository = docker_repository.value.custom_repository == null ? docker_repository.value.public_repository : null
          dynamic "custom_repository" {
            for_each = docker_repository.value.custom_repository[*]
            content {
              uri = custom_repository.value.uri
            }
          }
        }
      }

To only use the default value if custom_repository is not set.

Let me know if I made any mistakes on wrong assumptions here.

ElTacitos commented 2 weeks ago

I am facing the same issue 👍

marandalucas commented 1 week ago

@prabhu34 I am facing the same issue

prabhu34 commented 1 week ago

Thanks for reaching out. It has to either public repo (which don't need authentication) or the custom repo which probably needs access.

Do not add public_repository as null or add a condition. Can you raise a PR with the changes?