Skip to content

feat(container_registry): add container_registry resource and data source#354

Open
seiji wants to merge 7 commits into
CrowdStrike:mainfrom
seiji:feat/add-container-registry
Open

feat(container_registry): add container_registry resource and data source#354
seiji wants to merge 7 commits into
CrowdStrike:mainfrom
seiji:feat/add-container-registry

Conversation

@seiji
Copy link
Copy Markdown

@seiji seiji commented Apr 27, 2026

Summary

Add crowdstrike_container_registry resource and crowdstrike_container_registry data source for managing container registry connections in CrowdStrike Falcon Container Security.

Closes #312

What's included

  • crowdstrike_container_registry resource — full CRUD lifecycle with import support
  • crowdstrike_container_registry data source — look up a registry by ID

Design decisions

  • 17 registry types: Supports acr, artifactory, docker, dockerhub, ecr, gar, gcr, github, gitlab, harbor, icr, mirantis, nexus, openshift, oracle, quay.io with type-specific credential validation via ValidateConfig
  • Credential as attribute: credential is defined as SingleNestedAttribute (not a block) to allow Required constraint and null/unknown handling
  • Create API workaround: The Create API returns HTTP 200 instead of the expected 201, which gofalcon treats as an error. Falls back to findRegistryByURL (URL + type + user_defined_alias matching) to locate the created entity
  • Write-only credential fields: Credential input fields (username, password, etc.) are not returned by the API. They are preserved in state from the plan and excluded from import verification via ImportStateVerifyIgnore
  • url_uniqueness_key: Sent on Create only; not returned by the API and therefore not usable for matching. Kept in schema for API compatibility but marked RequiresReplace

Testing

  • TestAccContainerRegistryResource_DockerHub — Create, update credential, import
  • TestAccContainerRegistryDataSource_basic — Read by ID (requires TEST_CONTAINER_REGISTRY_ID)
  • Verified against a live CrowdStrike tenant (us-2)

Checklist

  • go build passes
  • golangci-lint — 0 issues
  • make gen — documentation generated and committed
  • Acceptance tests pass
  • Example configurations and import scripts included
  • Sweeper implemented for test cleanup
  • Resource and data source registered in provider

seiji added 4 commits April 27, 2026 22:05
@seiji
feat: add container_registry resource and data source
c5237ce 
Add crowdstrike_container_registry resource and data source for managing
container registry connections in CrowdStrike Falcon Container Security.
Supports 17 registry types (dockerhub, ecr, acr, gar, gcr, github, etc.)
with type-specific credential validation via ValidateConfig.

Workaround for gofalcon treating HTTP 200 as error on Create: falls back
to findRegistryByURL (URL + type + user_defined_alias matching) to locate
the created entity.
@seiji
test: add container_registry acceptance tests and sweeper
4f347ce
@seiji
docs: add container_registry examples and generated documentation
c8b292d
@seiji
refactor(container_registry): simplify credential validation and erro…
1851a4c 
…r checks
@seiji
Copy link
Copy Markdown
Author

seiji commented Apr 29, 2026

Fixed the lint errors. 1851a4c
https://github.com/CrowdStrike/terraform-provider-crowdstrike/actions/runs/24997404320/job/73588238151

Could you take another look when you have a chance?

@seiji
Copy link
Copy Markdown
Author

seiji commented May 26, 2026

This PR was not necessarily intended to request a merge, but rather to highlight the operational need for this functionality.

I would appreciate it if you could consider this capability for future product implementation or roadmap discussions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

add falcon_container_image resource

1 participant

@seiji