Awesome
Terustry
Simple configurable proxy that implement terraform provider registry protocol, to build your own terraform provider private registry.
How it works
Terustry use a yaml file to describe how to discover versions and download urls.
providers:
- name: hashicorp/hashicups # namespace/name of your provider
protocols: [5.0]
version: # vcs to fetch provider versions (gitlab and github are supported)
type: github
uri: https://api.github.com/repos/hashicorp/terraform-provider-hashicups/releases # url of the release api of your vcs
token: "{{terustry_github_token}}"
binaries: [{os: linux, arch: arm64}]
signature: # information about key used to sign your provider
key_id: 97751AE79C450B19
key_armor: "-----BEGIN PGP PUBLIC KEY BLOCK-----"
artifact: # describe how to build download urls
filename: terraform-provider-hashicups_{{version}}_{{os}}_{{arch}}.zip
download_url: https://.../v{{version}}/terraform-provider-hashicups_{{version}}_{{os}}_{{arch}}.zip
shasums_url: https://.../v{{version}}/terraform-provider-hashicups_{{version}}_SHA256SUMS
shasums_signature_url: https://.../v{{version}}/terraform-provider-hashicups_{{version}}_SHA256SUMS.sig
Terustry will parse the result of the release api you provide (version.uri
), assuming each release published is a provider version.
Then it will use the artifact
section to build the download urls of your provider.
Run
With docker
docker run -p 8080:8080 -e TERUSTRY_GITHUB_TOKEN='XXX' -v $(pwd)/terustry-sample-github.yml:/etc/terustry.yml --rm -it vptech/terustry
With docker build
docker build -t terustry .
docker run -p 8080:8080 -e TERUSTRY_GITHUB_TOKEN='XXX' -v $(pwd)/terustry-sample-github.yml:/etc/terustry.yml --rm -it terustry
With cargo
TERUSTRY_GITHUB_TOKEN=XXXX cargo run -- --config terustry-sample-github.yml
If you want to embed the configuration in docker image, juste create a terustry.yml
file with your configuration.
Test
With curl
$ curl http://localhost:8080/terraform/providers/v1/hashicorp/hashicups/versions
{
id: "hashicorp/hashicups",
versions: [{
version: "0.3.1",
protocols: [
"5.0"
],
platforms: [{
os: "freebsd",
arch: "386"
}
]}]
}
With terraform
terraform {
required_providers {
hashicups = {
source = "localhost:8081/hashicorp/hashicups"
version = "0.3.1"
}
}
}
provider "hashicups" {
# Configuration options
}
$ terraform init
Local ssl
Terraform provider registry need to have a valid SSL certificate to work.
If you want to test the all thing (terraform init
) locally, you have to have a "ssl proxy".
Install mkcert and local-ssl-proxy
mkcert install
mkcert localhost
local-ssl-proxy --source 8081 --target 8080 --key localhost-key.pem --cert localhost.pem
Caching
By default, Terustry will cache responses from Github/Gitlab for 10 minutes. This may result in an unwanted behaviour where a recently released version for a given provider is not available.
The new version will become available once the cache is refreshed.
However, if you need a faster refresh timing, for example in a CI/CD pipeline, you
may request a specific cache entry to be invalidated using the following route:
GET /terraform/providers/v1/{namespace}/{provider_name}/invalidate
This should result in an empty 200 OK response.
For example:
curl http://localhost:8080/terraform/providers/v1/hashicorp/hashicups/invalidate