Description

Hi - tag mutability settings is a relatively recent feature on Docker Hub, is it possible to add it to the Terraform provider? Ideally we'd want all the options from the web interface, i.e. mutable, immutable or the option to supply a regex for immutable tags.

We terraform our repos on Docker Hub with a common pattern (product - image - edition - environment) so we have a reasonable number, too many to manage by hand. It would be great to use this feature and we'd want to set it differently on different repos (e.g. internal dev environment is always mutable, public prod environment has immutable release tags and mutable rolling tags, staging is maybe more permissive than prod).

We can (and do) enforce controls in our CI so we don't build the same release tag twice, but this is a nice feature and probably most useful for people who need a well-controlled release process, so it would make sense to expose it in Terraform.

Affected Resource(s) and/or Data Source(s)

docker_hub_repository

Potential Terraform Configuration

resource "docker_hub_repository" "example-1" {

  namespace        = "acme"
  name             = "example-1"
  description      = "Repo where all the tags are immutable"

  immutable        = true
}

resource "docker_hub_repository" "example-2" {

  namespace        = "acme"
  name             = "example-2"
  description      = "Repo with immutable tags specified by regex"

  immutable        = true
  immutable_tags   = [
    "v\d+\.\d+\.\d+(-.*)",
    "fix-.*"
  ]
}

// Default if not specified is immutable = false, ie the default behaviour
// Setting immutable = true means that:
//   * If immutable_tags is missing or empty, all tags are immutable
//   * If immutable_tags are specified, only matching tags are immutable
// Alternatively, you could have immutable = "never" | "always" | "regex" as a string

References

Web UI has tag mutability settings in the settings section for an individual repo (assuming you have permissions)

Would you like to implement a fix?

No