Skip to content

Files

Latest commit

 

History

History
149 lines (115 loc) · 4.16 KB

robot_account.md

File metadata and controls

149 lines (115 loc) · 4.16 KB
page_title subcategory description
harbor_robot_account Resource - terraform-provider-harbor

harbor_robot_account (Resource)

Example Usage

System Level

Introduced in harbor 2.2.0, system level robot accounts can have basically all available permissions in harbor and are not dependent on a single project.

Global

resource "random_password" "password" {
  length  = 12
  special = false
}

resource "harbor_project" "main" {
    name = "main"
}

resource "harbor_robot_account" "system" {
  name        = "example-system"
  description = "system level robot account"
  level       = "system"
  secret      = resource.random_password.password.result
  permissions {
    access {
      action   = "create"
      resource = "label"
    }
    kind      = "system"
    namespace = "/"
  }
  permissions {
    access {
      action   = "push"
      resource = "repository"
    }
    kind      = "project"
    namespace = harbor_project.main.name
  }
  permissions {
    access {
      action   = "pull"
      resource = "repository"
    }
    kind      = "project"
    namespace = "*"
  }
}

The above example, creates a system level robot account with permissions to

  • permission to create labels on system level
  • pull repository across all projects
  • push repository to project "my-project-name"

Project

Other than system level robot accounts, project level robot accounts can interact on project level only. The available permissions are mostly the same as for system level robots.

resource "harbor_project" "main" {
    name = "main"
}

resource "harbor_robot_account" "project" {
  name        = "example-project"
  description = "project level robot account"
  level       = "project"
  permissions {
    access {
      action   = "pull"
      resource = "repository"
    }
    access {
      action   = "push"
      resource = "repository"
    }
    kind      = "project"
    namespace = harbor_project.main.name
  }
}

The above example creates a project level robot account with permissions to

  • pull repository on project "main"
  • push repository on project "main"

Schema

Required

  • level (String) Level of the robot account, currently either system or project.
  • name (String) The name of the project that will be created in harbor.
  • permissions (Block Set, Min: 1) (see below for nested schema)

Optional

  • description (String) The description of the robot account will be displayed in harbor.
  • disable (Boolean) Disables the robot account when set to true.
  • duration (Number) By default, the robot account will not expire. Set it to the amount of days until the account should expire.
  • secret (String, Sensitive) The secret of the robot account used for authentication. Defaults to random generated string from Harbor.

Read-Only

  • full_name (String)
  • id (String) The ID of this resource.
  • robot_id (String)

Nested Schema for permissions

Required:

  • access (Block Set, Min: 1) (see below for nested schema)
  • kind (String) Either system or project.
  • namespace (String) namespace is the name of your project. For kind system permissions, always use / as namespace. Use * to match all projects.

Nested Schema for permissions.access

Required:

Optional:

  • effect (String) Either allow or deny. Defaults to allow.

Import

Import is supported using the following syntax with the robot_account id:

terraform import harbor_robot_account.system /robots/123