diff --git a/mmv1/products/artifactregistry/Repository.yaml b/mmv1/products/artifactregistry/Repository.yaml index fdd3a0589325..06df8daf8362 100644 --- a/mmv1/products/artifactregistry/Repository.yaml +++ b/mmv1/products/artifactregistry/Repository.yaml @@ -506,7 +506,6 @@ properties: type: NestedObject description: |- Configuration specific for a Remote Repository. - immutable: true conflicts: - virtual_repository_config properties: @@ -761,27 +760,22 @@ properties: type: NestedObject description: |- The credentials used to access the remote repository. - immutable: true - is_missing_in_cai: true properties: - name: 'usernamePasswordCredentials' type: NestedObject description: |- Use username and password to access the remote repository. - immutable: true properties: - name: 'username' type: String description: |- The username to access the remote repository. - immutable: true - name: 'passwordSecretVersion' type: String description: |- The Secret Manager key version that holds the password to access the remote repository. Must be in the format of `projects/{project}/secrets/{secret}/versions/{version}`. - immutable: true - name: 'disableUpstreamValidation' type: Boolean description: |- diff --git a/mmv1/third_party/terraform/services/artifactregistry/resource_artifact_registry_repository_test.go.tmpl b/mmv1/third_party/terraform/services/artifactregistry/resource_artifact_registry_repository_test.go.tmpl index 324a8e39c4e3..7254fa17b355 100644 --- a/mmv1/third_party/terraform/services/artifactregistry/resource_artifact_registry_repository_test.go.tmpl +++ b/mmv1/third_party/terraform/services/artifactregistry/resource_artifact_registry_repository_test.go.tmpl @@ -339,6 +339,136 @@ resource "google_artifact_registry_repository" "test" { `, repositoryID) } +func TestAccArtifactRegistryRepository_remoteWithAuthUpdate(t *testing.T) { + t.Parallel() + + + context := map[string]interface{}{ + "username_1": "tf-test-username", + "username_2": "tf-test-username-new", + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckArtifactRegistryRepositoryDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccArtifactRegistryRepository_remoteWithAuthUpdate(context), + }, + { + ResourceName: "google_artifact_registry_repository.my-repo", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"labels", "location", "remote_repository_config.0.disable_upstream_validation", "repository_id", "terraform_labels"}, + }, + { + Config: testAccArtifactRegistryRepository_remoteWithAuthUpdate2(context), + }, + { + ResourceName: "google_artifact_registry_repository.my-repo", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"labels", "location", "remote_repository_config.0.disable_upstream_validation", "repository_id", "terraform_labels"}, + }, + }, + }) +} + +func testAccArtifactRegistryRepository_remoteWithAuthUpdate(context map[string]interface{}) string { + return acctest.Nprintf(` +data "google_project" "project" {} + +resource "google_secret_manager_secret" "secret" { + secret_id = "tf-test-example-secret-%{random_suffix}" + replication { + auto {} + } +} + +resource "google_secret_manager_secret_version" "secret_version" { + secret = google_secret_manager_secret.secret.id + secret_data = "tf-test-password" +} + +resource "google_secret_manager_secret_iam_member" "secret-access" { + secret_id = google_secret_manager_secret.secret.id + role = "roles/secretmanager.secretAccessor" + member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com" +} + +resource "google_artifact_registry_repository" "my-repo" { + location = "us-central1" + repository_id = "tf-test-my-repository-%{random_suffix}" + format = "DOCKER" + mode = "REMOTE_REPOSITORY" + remote_repository_config { + description = "docker hub with custom credentials" + disable_upstream_validation = true + docker_repository { + public_repository = "DOCKER_HUB" + } + upstream_credentials { + username_password_credentials { + username = "%{username_1}" + password_secret_version = google_secret_manager_secret_version.secret_version.name + } + } + } +} +`, context) +} + +func testAccArtifactRegistryRepository_remoteWithAuthUpdate2(context map[string]interface{}) string { + return acctest.Nprintf(` +data "google_project" "project" {} + +resource "google_secret_manager_secret" "secret" { + secret_id = "tf-test-example-secret-%{random_suffix}" + replication { + auto {} + } +} + +resource "google_secret_manager_secret_version" "secret_version" { + secret = google_secret_manager_secret.secret.id + secret_data = "tf-test-password" +} + +resource "google_secret_manager_secret_version" "secret_version_updated" { + secret = google_secret_manager_secret.secret.id + secret_data = "tf-test-password-updated" +} + +resource "google_secret_manager_secret_iam_member" "secret-access" { + secret_id = google_secret_manager_secret.secret.id + role = "roles/secretmanager.secretAccessor" + member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com" +} + +resource "google_artifact_registry_repository" "my-repo" { + location = "us-central1" + repository_id = "tf-test-my-repository-%{random_suffix}" + format = "DOCKER" + mode = "REMOTE_REPOSITORY" + remote_repository_config { + description = "docker hub with custom credentials" + disable_upstream_validation = true + docker_repository { + public_repository = "DOCKER_HUB" + } + upstream_credentials { + username_password_credentials { + username = "%{username_2}" + password_secret_version = google_secret_manager_secret_version.secret_version_updated.name + } + } + } +} +`, context) +} + {{ if ne $.TargetVersionName `ga` -}} func TestAccArtifactRegistryRepository_virtual(t *testing.T) {