/terustry

Open Source terraform provider registry

Primary LanguageRustISC LicenseISC

Terustry

Simple configurable proxy that implement terraform provider registry protocol, to build your own terraform provider private registry.

How it works

Terustry use a yaml file to describe how to discover versions and download urls.

providers:
  - name: hashicorp/hashicups # namespace/name of your provider
    protocols: [5.0]
    version: # vcs to fetch provider versions (gitlab and github are supported)
      type: github 
      uri: https://api.github.com/repos/hashicorp/terraform-provider-hashicups/releases # url of the release api of your vcs
      token: "{{terustry_github_token}}"
    binaries: [{os: linux, arch: arm64}]
    signature: # information about key used to sign your provider
      key_id: 97751AE79C450B19
      key_armor: "-----BEGIN PGP PUBLIC KEY BLOCK-----"
    artifact: # describe how to build download urls
      filename: terraform-provider-hashicups_{{version}}_{{os}}_{{arch}}.zip
      download_url: https://.../v{{version}}/terraform-provider-hashicups_{{version}}_{{os}}_{{arch}}.zip
      shasums_url: https://.../v{{version}}/terraform-provider-hashicups_{{version}}_SHA256SUMS
      shasums_signature_url: https://.../v{{version}}/terraform-provider-hashicups_{{version}}_SHA256SUMS.sig

Terustry will parse the result of the release api you provide (version.uri), assuming each release published is a provider version.

Then it will use the artifact section to build the download urls of your provider.

Run

With docker

docker run -p 8080:8080 -e TERUSTRY_GITHUB_TOKEN='XXX' -v $(pwd)/terustry-sample-github.yml:/etc/terustry.yml --rm -it vptech/terustry

With docker build

docker build -t terustry .
docker run -p 8080:8080 -e TERUSTRY_GITHUB_TOKEN='XXX' -v $(pwd)/terustry-sample-github.yml:/etc/terustry.yml --rm -it terustry

With cargo

TERUSTRY_GITHUB_TOKEN=XXXX cargo run -- --config terustry-sample-github.yml

If you want to embed the configuration in docker image, juste create a terustry.yml file with your configuration.

Test

With curl

$ curl http://localhost:8080/terraform/providers/v1/hashicorp/hashicups/versions
{
  id: "hashicorp/hashicups",
  versions: [{
    version: "0.3.1",
    protocols: [
      "5.0"
    ],
    platforms: [{
      os: "freebsd",
      arch: "386"
    }
  ]}]
}

With terraform

terraform {
  required_providers {
    hashicups = {
      source = "localhost:8081/hashicorp/hashicups"
      version = "0.3.1"
    }
  }
}

provider "hashicups" {
  # Configuration options
}
$ terraform init
Local ssl

Terraform provider registry need to have a valid SSL certificate to work.

If you want to test the all thing (terraform init) locally, you have to have a "ssl proxy".

Install mkcert and local-ssl-proxy

mkcert install
mkcert localhost
local-ssl-proxy --source 8081 --target 8080 --key localhost-key.pem --cert localhost.pem