Try SpotterManage Quay Container Registry repositories
| "added in version" 0.0.1 of herve4m.quay"
Authors: Herve Quatremain (@herve4m)
Install with ansible-galaxy collection install herve4m.quay:==1.2.0
collections:
- name: herve4m.quay
version: 1.2.0Create, delete, and update repositories in Quay Container Registry.
- name: Ensure repository smallimage exists in the production organization
herve4m.quay.quay_repository:
name: production/smallimage
visibility: private
description: |
# My first repository
* smallimage is a small GNU/linux container image
* Use podman to start a container using that image
perms:
- name: operators
type: team
role: read
- name: lvasquez
type: user
role: read
- name: production+automationrobot
type: user
role: admin
state: present
quay_host: https://quay.example.com
quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7
- name: Ensure repository bigimage exists in my namespace
herve4m.quay.quay_repository:
name: bigimage
visibility: public
perms:
- name: dwilde
type: user
role: write
state: present
quay_host: https://quay.example.com
quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7
- name: Ensure repository development/testimg does not exist
herve4m.quay.quay_repository:
name: development/testimg
state: absent
quay_host: https://quay.example.com
quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7
- name: Ensure the repository has the exact set of permissions
herve4m.quay.quay_repository:
name: production/smallimage
perms:
- name: operators
type: team
role: admin
- name: managers
type: team
role: read
- name: developers
type: team
role: read
- name: production+auditrobot
type: user
role: read
append: false
state: present
quay_host: https://quay.example.com
quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7
- name: Ensure the repository has a star and tags older that 4 weeks are pruned
herve4m.quay.quay_repository:
name: production/smallimage
star: true
auto_prune_method: date
auto_prune_value: 4w
state: present
quay_host: https://quay.example.com
quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7
# You must enable the mirroring capability of your Quay installation
# to use the repo_state parameter.
- name: Ensure the repository is prepared for mirroring
herve4m.quay.quay_repository:
name: production/smallimage
repo_state: MIRROR
state: present
quay_host: https://quay.example.com
quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7
name:
description:
- Name of the repository to create, remove, or modify. The format for the name is
C(namespace)/C(shortname). The namespace can be an organization or a personal namespace.
- The name must be in lowercase and must not contain white spaces.
- If you omit the namespace part in the name, then the module uses your personal namespace.
required: true
type: str
star:
description:
- If C(yes), then add a star to the repository. If C(no), then remove the star.
- To star or unstar a repository you must provide the I(quay_token) parameter to authenticate.
If you are not authenticated, then the module ignores the I(star) parameter.
type: bool
perms:
description:
- User, robot, and team permissions to associate with the repository.
elements: dict
suboptions:
name:
description:
- Name of the account. The format for robot accounts is C(namespace)+C(shortrobotname).
required: true
type: str
role:
choices:
- read
- write
- admin
default: read
description:
- Type of permission to grant.
type: str
type:
choices:
- user
- team
default: user
description:
- Specifies the type of the account. Choose C(user) for both user and robot accounts.
type: str
type: list
state:
choices:
- absent
- present
default: present
description:
- If C(absent), then the module deletes the repository.
- The module does not fail if the repository does not exist, because the state is
already as expected.
- If C(present), then the module creates the repository if it does not already exist.
- If the repository already exists, then the module updates its state.
type: str
append:
default: true
description:
- If C(yes), then add the permission defined in I(perms) to the repository.
- If C(no), then the module sets the permissions specified in I(perms), removing all
others permissions from the repository.
type: bool
quay_host:
default: http://127.0.0.1
description:
- URL for accessing the API. U(https://quay.example.com:8443) for example.
- If you do not set the parameter, then the module uses the C(QUAY_HOST) environment
variable.
- If you do no set the environment variable either, then the module uses the U(http://127.0.0.1)
URL.
type: str
quay_token:
description:
- OAuth access token for authenticating against the API.
- If you do not set the parameter, then the module tries the C(QUAY_TOKEN) environment
variable.
- Mutually exclusive with I(quay_username) and I(quay_password).
type: str
repo_state:
choices:
- NORMAL
- READ_ONLY
- MIRROR
description:
- If C(NORMAL), then the repository is in the default state (read/write).
- If C(READ_ONLY), then the repository is read-only.
- If C(MIRROR), then the repository is a mirror and you can configure it by using
the M(herve4m.quay.quay_repository_mirror) module.
- You must enable the mirroring capability of your Quay installation to use this I(repo_state)
parameter.
type: str
visibility:
choices:
- public
- private
description:
- If C(public), then anyone can pull images from the repository.
- If C(private), then nobody can access the repository and you need to explicitly
grant access to users, robots, and teams.
- If you do not set the parameter when you create a repository, then it defaults to
C(private).
type: str
description:
description:
- Text in Markdown format that describes the repository.
type: str
quay_password:
description:
- The password to use for authenticating against the API.
- If you do not set the parameter, then the module tries the C(QUAY_PASSWORD) environment
variable.
- If you set I(quay_password), then you also need to set I(quay_username).
- Mutually exclusive with I(quay_token).
type: str
quay_username:
description:
- The username to use for authenticating against the API.
- If you do not set the parameter, then the module tries the C(QUAY_USERNAME) environment
variable.
- If you set I(quay_username), then you also need to set I(quay_password).
- Mutually exclusive with I(quay_token).
type: str
validate_certs:
aliases:
- verify_ssl
default: true
description:
- Whether to allow insecure connections to the API.
- If C(no), then the module does not validate SSL certificates.
- If you do not set the parameter, then the module tries the C(QUAY_VERIFY_SSL) environment
variable (C(yes), C(1), and C(True) mean yes, and C(no), C(0), C(False), and no
value mean no).
type: bool
auto_prune_value:
description:
- Number of tags to keep when I(auto_prune_value) is C(tags). The value must be 1
or more.
- Period of time when I(auto_prune_value) is C(date). The value must be 1 or more,
and must be followed by a suffix; s (for second), m (for minute), h (for hour),
d (for day), or w (for week).
- I(auto_prune_method) is required when I(auto_prune_value) is set.
type: str
auto_prune_method:
choices:
- none
- tags
- date
description:
- Method to use for the auto-pruning tags policy.
- If C(none), then the module ensures that no policy is in place. The tags are not
pruned.
- If C(tags), then the policy keeps only the number of tags that you specify in I(auto_prune_value).
- If C(date), then the policy deletes the tags older than the time period that you
specify in I(auto_prune_value).
- I(auto_prune_value) is required when I(auto_prune_method) is C(tags) or C(date).
type: str