Upload Provider to Private Registry

Avatar
Matthew Albert
  • Updated

Introduction:

This article documents the process to upload a provider to the Private Registry. In this example, we will upload the AzureRM provider. All required files for this example can found on the Releases Site

 

Prerequisites:

  • You must be a member of the owners team or a team with Manage Private Registry permissions to publish and delete private providers from the private registry.

  • You must have jq installed on your computer to follow this tutorial.

 

Step 1: Download the release files 

First, use the Releases API to get the latest version of the AzureRM provider.  

curl https://api.releases.hashicorp.com/v1/releases/terraform-provider-azurerm/latest

 

Next, download the required release files. The download links should be in the Releases API Response. You will want to download the Windows and Linux binaries. 

curl https://releases.hashicorp.com/terraform-provider-azurerm/3.46.0/terraform-provider-azurerm_3.46.0_linux_amd64.zip > terraform-provider-azurerm_3.46.0_linux_amd64.zip
curl https://releases.hashicorp.com/terraform-provider-azurerm/3.46.0/terraform-provider-azurerm_3.46.0_windows_amd64.zip > terraform-provider-azurerm_3.46.0_windows_amd64.zip

 

Step 2: Create GPG Key & SHASUM Files

First, create a GPG Key by running the following command and following the interactive prompts: 

gpg --full-generate-key

Next, export your GPG with the following command:

gpg --armor --export <key-id> > key.gpg

Note: Update <key-id> with the gpg key id.

 Finally, run the following commands to create the SHASUM and SHASUM.sig files. 

shasum -a 256 *.zip > terraform-provider-azurerm_3.46.0_SHA256SUMS
gpg --default-key <key-id> --detach-sign terraform-provider-azurerm_3.46.0_SHA256SUMS

Note: Update <key-id> with the gpg key id.

If you have multiple keys, the files need to be signed with the same key, so please make sure the <key-id> is the same. 

Step 3: Upload GPG Key 

First, create a payload.json file with the following content:

{
  "data": {
    "type": "gpg-keys",
    "attributes": {
      "namespace": "<org-name>",
      "ascii-armor": ""
    }  
  }
}

Note: Update <org-name> with your TFE organization name. 

 

Then, update the payload.json file by running the following command:

jq --arg armor "$(cat key.gpg)" '.data.attributes."ascii-armor"=$armor' payload.json > gpg-payload.json

After, set your TFE Token, TFE Host, and Org as environment variables by running the following command:

export TOKEN=<TOKEN>
export TFE_HOST=<TFE-HOSTNAME>
export ORG=<ORG>

 

Finally, upload the GPG key by running the following command: 

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request POST \
  --data @gpg-payload.json \
  https://$TFE_HOST/api/registry/private/v2/gpg-keys

The GPG key should now be uploaded to Terraform Enterprise. Please take note of the key-id in the response as it will be needed later. 

 

Step 4: Create the Provider Endpoint

First, create a provider-endpoint-payload.json file with the following content:

{
    "data": {
      "type": "registry-providers",
      "attributes": {
        "name": "azurerm",
        "namespace": "<org-name>",
        "registry-name": "private"
      }
    }
  }

 Note: Update <org-name> with your TFE organization name.

 

Next, run the following command to create the provider endpoint: 

curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request POST \
--data @provider-endpoint-payload.json \
https://$TFE_HOST/api/v2/organizations/$ORG/registry-providers

 

The provider endpoint should now be created.

 

Step 5: Create the Provider Version Endpoint

First, create a provider-version-payload.json file with the following content:

{
    "data": {
      "type": "registry-provider-versions",
      "attributes": {
        "version": "3.46.0",
        "key-id": "<key-id>",
        "protocols": ["5.0"]
      }
    }
}
 Note: Update <key-id> with the key-id from Step 3.
Next, run the following code to create the provider version endpoint:
curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request POST \
--data @provider-version-payload.json \
https://$TFE_HOST/api/v2/organizations/$ORG/registry-providers/private/$ORG/azurerm/versions

The provider version endpoint should now be created. Please take note of shasums-upload and shasums-sig-upload links.

 

Step 6: Upload shasums and shasums.sig

First, run the following command to upload the shasums file:

curl -T terraform-provider-azurerm_3.46.0_SHA256SUMS <shasums-upload>

Note: Update <shasums-upload> with the shasum-upload link from the response in the previous step.

 

Next, run the following command to upload the shasums.sig file:

curl -T terraform-provider-azurerm_3.46.0_SHA256SUMS.sig <shasums-sig-upload>

Note: Update <shasums-sig-upload> with the shasums-sig-upload link from the response in the previous step.

 

Step 7: Create the Provider Platform Endpoint

First, create a provider-platform-endpoint-linux-payload.json file with the following content:

{
    "data": {
      "type": "registry-provider-version-platforms",
      "attributes": {
        "os": "linux",
        "arch": "amd64",
        "shasum": "<shasum>",
        "filename": "terraform-provider-azurerm_3.46.0_linux_amd64.zip"
      }
    }
}

Note: Update <shasum> with the shasum of the linux_amd64 file in the SHASUM file.

 

Next, run the following command to create the linux provider platform endpoint:

curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request POST \
--data @provider-platform-endpoint-linux-payload.json \
https://$TFE_HOST/api/v2/organizations/$ORG/registry-providers/private/$ORG/azurerm/versions/3.46.0/platforms

 

Now, create a provider-platform-endpoint-windows-payload.json file with the following content:

 {
    "data": {
      "type": "registry-provider-version-platforms",
      "attributes": {
        "os": "windows",
        "arch": "amd64",
        "shasum": "<shasum>",
        "filename": "terraform-provider-azurerm_3.46.0_windows_amd64.zip"
     }
   }
}

Note: Update <shasum> with the shasum of the windows_amd64 file in the SHASUM file.

 

Finally, run the following command to create the windows provider platform endpoint:

curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request POST \
--data @provider-platform-endpoint-windows-payload.json \
https://$TFE_HOST/api/v2/organizations/$ORG/registry-providers/private/$ORG/azurerm/versions/3.46.0/platforms

The provider platform endpoints should now be created. Please take note of the provider-binary-upload links in the response.

 

Step 8: Upload provider binaries

Run the following command to upload the linux provider binary:

curl -T terraform-provider-azurerm_3.46.0_linux_amd64.zip <provider-binary-upload>

 Note: Update <provider-binary-upload> with the provider binary upload link from the response in the previous step.

 

Run the following command to upload the linux provider binary:

curl -T terraform-provider-azurerm_3.46.0_windows_amd64.zip <provider-binary-upload>

 Note: Update <provider-binary-upload> with the provider binary upload link from the response in the previous step.

 

Sources:

Publishing Private Providers - Private Registry | Terraform | HashiCorp Developer

Articles in this section

See more

Related articles