alicloud_cr_chain
更新时间:
Provides a CR Chain resource.
For information about CR Chain and how to use it, see What is Chain.
-> NOTE: Available since v1.161.0.
Example Usage
Basic Usage
variable "name" {
default = "tf-example"
}
resource "alicloud_cr_ee_instance" "default" {
payment_type = "Subscription"
period = 1
renew_period = 0
renewal_status = "ManualRenewal"
instance_type = "Advanced"
instance_name = var.name
}
resource "alicloud_cr_ee_namespace" "default" {
instance_id = alicloud_cr_ee_instance.default.id
name = var.name
auto_create = false
default_visibility = "PUBLIC"
}
resource "alicloud_cr_ee_repo" "default" {
instance_id = alicloud_cr_ee_instance.default.id
namespace = alicloud_cr_ee_namespace.default.name
name = var.name
summary = "this is summary of my new repo"
repo_type = "PUBLIC"
detail = "this is a public repo"
}
resource "alicloud_cr_chain" "default" {
chain_name = var.name
description = var.name
instance_id = alicloud_cr_ee_namespace.default.instance_id
repo_name = alicloud_cr_ee_repo.default.name
repo_namespace_name = alicloud_cr_ee_namespace.default.name
chain_config {
routers {
from {
node_name = "DOCKER_IMAGE_BUILD"
}
to {
node_name = "DOCKER_IMAGE_PUSH"
}
}
routers {
from {
node_name = "DOCKER_IMAGE_PUSH"
}
to {
node_name = "VULNERABILITY_SCANNING"
}
}
routers {
from {
node_name = "VULNERABILITY_SCANNING"
}
to {
node_name = "ACTIVATE_REPLICATION"
}
}
routers {
from {
node_name = "ACTIVATE_REPLICATION"
}
to {
node_name = "TRIGGER"
}
}
routers {
from {
node_name = "VULNERABILITY_SCANNING"
}
to {
node_name = "SNAPSHOT"
}
}
routers {
from {
node_name = "SNAPSHOT"
}
to {
node_name = "TRIGGER_SNAPSHOT"
}
}
nodes {
enable = true
node_name = "DOCKER_IMAGE_BUILD"
node_config {
deny_policy {}
}
}
nodes {
enable = true
node_name = "DOCKER_IMAGE_PUSH"
node_config {
deny_policy {}
}
}
nodes {
enable = true
node_name = "VULNERABILITY_SCANNING"
node_config {
deny_policy {
issue_level = "MEDIUM"
issue_count = 1
action = "BLOCK_DELETE_TAG"
logic = "AND"
}
}
}
nodes {
enable = true
node_name = "ACTIVATE_REPLICATION"
node_config {
deny_policy {}
}
}
nodes {
enable = true
node_name = "TRIGGER"
node_config {
deny_policy {}
}
}
nodes {
enable = false
node_name = "SNAPSHOT"
node_config {
deny_policy {}
}
}
nodes {
enable = false
node_name = "TRIGGER_SNAPSHOT"
node_config {
deny_policy {}
}
}
}
}
Argument Reference
The following arguments are supported:
chain_name- (Required) The name of delivery chain. The length of the name is 1-64 characters, lowercase English letters and numbers, and the separators "_", "-", "." can be used, noted that the separator cannot be at the first or last position.description- (Optional) The description delivery chain.repo_name- (Optional, ForceNew) The name of CR Enterprise Edition repository. NOTE: This parameter must specify a correct value, otherwise the created resource will be incorrect.repo_namespace_name- (Optional, ForceNew) The name of CR Enterprise Edition namespace. NOTE: This parameter must specify the correct value, otherwise the created resource will be incorrect.instance_id- (Required, ForceNew) The ID of CR Enterprise Edition instance.chain_config- (Optional) The configuration of delivery chain. Seechain_configbelow. NOTE: This parameter must specify the correct value, otherwise the created resource will be incorrect.
chain_config
The chain_config block supports the following:
routers- (Optional) Execution sequence relationship between delivery chain nodes. Seeroutersbelow.nodes- (Optional) Each node in the delivery chain. Seenodesbelow.
-> NOTE: The from and to fields are all fixed, and their structure and the value of node_name are fixed. You can refer to the template given in the example for configuration.
chain_config-routers
The routers block supports the following:
chain_config-routers-from
The from block supports the following:
node_name- (Optional) The name of node. Valid values:DOCKER_IMAGE_BUILD,DOCKER_IMAGE_PUSH,VULNERABILITY_SCANNING,ACTIVATE_REPLICATION,TRIGGER,SNAPSHOT,TRIGGER_SNAPSHOT.
chain_config-routers-to
The to block supports the following:
node_name- (Optional) The name of node. Valid values:DOCKER_IMAGE_BUILD,DOCKER_IMAGE_PUSH,VULNERABILITY_SCANNING,ACTIVATE_REPLICATION,TRIGGER,SNAPSHOT,TRIGGER_SNAPSHOT.
chain_config-nodes
The nodes block supports the following:
node_name- (Optional) The name of delivery chain node.enable- (Optional) Whether to enable the delivery chain node. Valid values:true,false.node_config- (Optional) The configuration of delivery chain node. Seenode_configbelow.
chain_config-nodes-node_config
The node_config block supports the following:
deny_policy- (Optional) Blocking rules for scanning nodes in delivery chain nodes. Seedeny_policybelow. Note: Whennode_nameisVULNERABILITY_SCANNING, the parameters indeny_policyneed to be filled in.
chain_config-nodes-node_config-deny_policy
The deny_policy block supports the following:
issue_count- (Optional) The count of scanning vulnerabilities that triggers blocking.issue_level- (Optional) The level of scanning vulnerability that triggers blocking. Valid values:LOW,MEDIUM,HIGH,UNKNOWN.logic- (Optional) The logic of trigger blocking. Valid values:AND,OR.action- (Optional) The action of trigger blocking. Valid values:BLOCK,BLOCK_RETAG,BLOCK_DELETE_TAG. WhileBlockmeans block the delivery chain from continuing to execute,BLOCK_RETAGmeans block overwriting push image tag,BLOCK_DELETE_TAGmeans block deletion of mirror tags.
Attributes Reference
The following attributes are exported:
id- The resource ID of Chain. The value formats as<instance_id>:<chain_id>.chain_id- Delivery chain ID.
Import
CR Chain can be imported using the id, e.g.
$ terraform import alicloud_cr_chain.example <instance_id>:<chain_id>
文档内容是否对您有帮助?