From 62fda2c676758a66ae595177adc2413361427640 Mon Sep 17 00:00:00 2001 From: jimmyqian2 Date: Tue, 17 Dec 2024 14:54:21 -0500 Subject: [PATCH] Add vulnerability scanning config in Artifact Registry (#12535) Co-authored-by: Stephen Lewis (Burrows) --- .../products/artifactregistry/Repository.yaml | 33 +++++++++++++++++++ ..._repository_vulnerability_scanning.tf.tmpl | 9 +++++ 2 files changed, 42 insertions(+) create mode 100644 mmv1/templates/terraform/examples/artifact_registry_repository_vulnerability_scanning.tf.tmpl diff --git a/mmv1/products/artifactregistry/Repository.yaml b/mmv1/products/artifactregistry/Repository.yaml index 6c79b2f1b783..11584011fcf0 100644 --- a/mmv1/products/artifactregistry/Repository.yaml +++ b/mmv1/products/artifactregistry/Repository.yaml @@ -207,6 +207,12 @@ examples: # Ignore this field as it is INPUT_ONLY. AR will not return this in the # response. - 'remote_repository_config.0.disable_upstream_validation' + - name: 'artifact_registry_repository_vulnerability_scanning' + primary_resource_id: 'my-repo' + primary_resource_name: 'fmt.Sprintf("tf-test-my-repository%s", context["random_suffix"])' + vars: + repository_id: 'my-repository' + desc: 'example docker repository with vulnerability scanning config' parameters: - name: 'repository_id' type: String @@ -736,3 +742,30 @@ properties: description: |- If true, the cleanup pipeline is prevented from deleting versions in this repository. + - name: 'vulnerabilityScanningConfig' + type: NestedObject + description: |- + Configuration for vulnerability scanning of artifacts stored in this repository. + default_from_api: true + properties: + - name: 'enablementConfig' + type: Enum + description: |- + This configures whether vulnerability scanning is automatically performed for artifacts pushed to this repository. + enum_values: + - 'INHERITED' + - 'DISABLED' + - name: 'enablementState' + type: Enum + description: |- + This field returns whether scanning is active for this repository. + output: true + enum_values: + - 'SCANNING_UNSUPPORTED' + - 'SCANNING_DISABLED' + - 'SCANNING_ACTIVE' + - name: 'enablementStateReason' + type: String + description: |- + This provides an explanation for the state of scanning on this repository. + output: true diff --git a/mmv1/templates/terraform/examples/artifact_registry_repository_vulnerability_scanning.tf.tmpl b/mmv1/templates/terraform/examples/artifact_registry_repository_vulnerability_scanning.tf.tmpl new file mode 100644 index 000000000000..9669cf687686 --- /dev/null +++ b/mmv1/templates/terraform/examples/artifact_registry_repository_vulnerability_scanning.tf.tmpl @@ -0,0 +1,9 @@ +resource "google_artifact_registry_repository" "{{$.PrimaryResourceId}}" { + location = "us-central1" + repository_id = "{{index $.Vars "repository_id"}}" + description = "{{index $.Vars "desc"}}" + format = "DOCKER" + vulnerability_scanning_config { + enablement_config = "INHERITED" + } +}