feat: add support for assigning admin role in Artifact Registry #52
Conversation
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
lmanowski-esky
force-pushed
the
repo_admin_role
branch
from
a25e37e to
038ba51
Compare
lmanowski-esky
force-pushed
the
repo_admin_role
branch
from
038ba51 to
3523557
Compare
lmanowski-esky
changed the title
|
Thanks for the PR. Should we bake this in this module or can this requirement be handled outside? @apeabody Happy to hear your thoughts. |
This should be added to ensure consistency. |
| @@ -178,12 +178,12 @@ variable "vpcsc_policy" { | |||
| // IAM | |||
| variable "members" { | |||
| type = map(list(string)) | |||
| description = "Artifact Registry Reader and Writer roles for Users/SAs. Key names must be readers and/or writers" | |||
| description = "Artifact Registry Reader, Writer and Admin roles for Users/SAs. Key names must be readers and/or writers and/or admins" | |||
There was a problem hiding this comment.
nit: Oxford comma
| description = "Artifact Registry Reader, Writer and Admin roles for Users/SAs. Key names must be readers and/or writers and/or admins" | |
| description = "Artifact Registry Reader, Writer, and Admin roles for Users/SAs. Key names must be readers, writers, and/or admins" |
| depends_on = [ | ||
| google_artifact_registry_repository.repo | ||
| ] | ||
| } |
There was a problem hiding this comment.
For LINT (also run 'make docker_generate_docs' prior to commit)
| } | |
| } | |
| ]) | ||
| error_message = "The supported keys are readers and writers." | ||
| error_message = "The supported keys are readers, writers and admins." |
There was a problem hiding this comment.
| error_message = "The supported keys are readers, writers and admins." | |
| error_message = "The supported keys are readers, writers, and admins." |
Agreed - As this is an minor additional resource, and we already include |
The capability to assign the repo administrator role (roles/artifactregistry.adminRepo) in Artifact Registry to specific service accounts or users has been introduced. This enhancement allows authorized individuals to delete images from Artifact Registry repositories, which is essential for scenarios requiring artifact management by designated accounts.