github.com/hugorut/terraform@v1.1.3/website/docs/internals/provider-registry-protocol.mdx (about) 1 --- 2 page_title: Provider Registry Protocol 3 description: |- 4 The provider registry protocol is implemented by a host intending to be the 5 origin host for one or more Terraform providers, specifying which providers 6 are available and where to find their distribution packages. 7 --- 8 9 # Provider Registry Protocol 10 11 -> Third-party provider registries are supported only in Terraform CLI 0.13 and later. Prior versions do not support this protocol. 12 13 The provider registry protocol is what Terraform CLI uses to discover metadata 14 about providers available for installation and to locate the distribution 15 packages for a selected provider. 16 17 The primary implementation of this protocol is the public 18 [Terraform Registry](https://registry.terraform.io/) at `registry.terraform.io`. 19 By writing and deploying your own implementation of this protocol, you can 20 create a separate _origin registry_ to distribute your own providers, as an 21 alternative to publishing them on the public Terraform Registry. 22 23 This page describes the provider _registry_ protocol, which is the protocol 24 for finding providers available for installation. It _doesn't_ describe the 25 API that provider plugins themselves implement to serve requests from Terraform 26 CLI at runtime. For more information on the provider API, see the Terraform 27 SDK documentation. 28 29 The public Terraform Registry implements a superset of the API described on 30 this page, in order to capture additional information used in the registry UI. 31 Third-party implementations should not include those extensions because they 32 may change in future without notice. 33 34 ## Provider Addresses 35 36 Each Terraform provider has an associated address which uniquely identifies it 37 within Terraform. A provider address has the syntax `hostname/namespace/type`, 38 where: 39 40 * `hostname` is the registry host that the provider is considered to have 41 originated from, and the default location Terraform will consult for 42 information about the provider 43 [unless overridden in the CLI configuration](/cli/config/config-file#provider-installation). 44 * `namespace` is the name of a namespace, unique on a particular hostname, that 45 can contain one or more providers that are somehow related. On the public 46 Terraform Registry the "namespace" represents the organization that is 47 packaging and distributing the provider. 48 * `type` is the provider type, like "azurerm", "aws", "google", "dns", etc. 49 A provider type is unique within a particular hostname and namespace. 50 51 The `hostname/` portion of a provider address (including its slash delimiter) 52 is optional, and if omitted defaults to `registry.terraform.io/`. 53 54 For example: 55 56 * `hashicorp/aws` is a shorthand for `registry.terraform.io/hashicorp/aws`, 57 which is the official AWS provider published by HashiCorp. 58 * `example/foo` is a shorthand for `registry.terraform.io/example/foo`, which 59 is a hypothetical third-party provider published on the public 60 Terraform Registry. 61 * `example.com/bar/baz` is a hypothetical third-party provider published at a 62 third-party provider registry on `example.com`. 63 64 If you intend only to share a provider you've developed for use by all 65 Terraform users, please consider publishing it into the public 66 [Terraform Registry](https://registry.terraform.io/), which will make your 67 provider discoverable. You only need to implement this provider registry 68 protocol if you wish to publish providers whose addresses include a different 69 hostname that is under your control. 70 71 Terraform uses the full address (after normalization to always include a 72 hostname) as its global identifier for providers internally, and so it's 73 important to note that re-uploading the `hashicorp/azurerm` provider into 74 another namespace or publishing it on a different hostname will cause Terraform 75 to see it as an entirely separate provider that will _not_ be usable by modules 76 that declare a dependency on `hashicorp/azurerm`. If your goal is to create 77 an alternative local distribution source for an existing provider -- that is, 78 a _mirror_ of the provider -- refer to 79 [the provider installation method configuration](/cli/config/config-file#provider-installation) 80 instead. 81 82 ## Provider Versions 83 84 Each distinct provider address has associated with it a set of versions, each 85 of which has an associated version number. Terraform assumes version numbers 86 follow the [Semantic Versioning 2.0](https://semver.org/) conventions, with 87 the schema and behavior of the provider as documented from the perspective of 88 an end-user of Terraform serving as the "public API". 89 90 All available versions for a particular provider address are considered to be 91 the same provider by Terraform. Each Terraform configuration selects only one 92 version of each provider for use in the entire configuration, so the version 93 constraints across all modules are considered together for the purposes of 94 version selection. 95 96 ## Service Discovery 97 98 The providers protocol begins with Terraform CLI using 99 [Terraform's remote service discovery protocol](/internals/remote-service-discovery), 100 with the hostname in the provider address acting as the "User-facing Hostname". 101 102 The service identifier for the provider registry protocol is `providers.v1`. 103 Its associated string value is the base URL for the relative URLs defined in 104 the sections that follow. 105 106 For example, the service discovery document for a host that _only_ implements 107 the provider registry protocol might contain the following: 108 109 ```json 110 { 111 "providers.v1": "/terraform/providers/v1/" 112 } 113 ``` 114 115 If the given URL is a relative URL then Terraform will interpret it as relative 116 to the discovery document itself. The specific provider registry protocol 117 endpoints are defined as URLs relative to the given base URL, and so the 118 specified base URL should generally end with a slash to ensure that those 119 relative paths will be resolved as expected. 120 121 The following sections describe the various operations that a provider 122 registry must implement to be compatible with Terraform CLI's provider 123 installer. The indicated URLs are all relative to the URL resulting from 124 service discovery, as described above. We use the current URLs on 125 Terraform Registry as working examples, assuming that the caller already 126 performed service discovery on `registry.terraform.io` to learn the base URL. 127 128 The URLs are shown with the convention that a path portion with a colon `:` 129 prefix is a placeholder for a dynamically-selected value, while all other 130 path portions are literal. For example, in `:namespace/:type/versions`, 131 the first two path portions are placeholders while the third is literally 132 the string "versions". 133 134 ## List Available Versions 135 136 This operation determines which versions are currently available for a 137 particular provider. 138 139 | Method | Path | Produces | 140 | ------ | --------------------------- | ------------------ | 141 | `GET` | `:namespace/:type/versions` | `application/json` | 142 143 ### Parameters 144 145 * `namespace` (required): the namespace portion of the address of the requested 146 provider. 147 * `type` (required): the type portion of the address of the requested provider. 148 149 ### Sample Request 150 151 ``` 152 curl 'https://registry.terraform.io/v1/providers/hashicorp/random/versions' 153 ``` 154 155 ### Sample Response 156 157 ```json 158 { 159 "versions": [ 160 { 161 "version": "2.0.0", 162 "protocols": ["4.0", "5.1"], 163 "platforms": [ 164 {"os": "darwin", "arch": "amd64"}, 165 {"os": "linux", "arch": "amd64"}, 166 {"os": "linux", "arch": "arm"}, 167 {"os": "windows", "arch": "amd64"} 168 ] 169 }, 170 { 171 "version": "2.0.1", 172 "protocols": ["5.2"], 173 "platforms": [ 174 {"os": "darwin", "arch": "amd64"}, 175 {"os": "linux", "arch": "amd64"}, 176 {"os": "linux", "arch": "arm"}, 177 {"os": "windows", "arch": "amd64"} 178 ] 179 } 180 ] 181 } 182 ``` 183 184 ### Response Properties 185 186 A successful result is a JSON object containing a single property `versions`. 187 `versions` is an array of objects that each describe one available version, 188 with the following properties: 189 190 * `version` (required): the version number this object is describing, using 191 the semantic versioning string notation. `version` must be unique across 192 all objects in the response. 193 * `protocols` (recommended): an array of Terraform provider API versions that 194 this version supports, each given in `MAJOR.MINOR` format where each major 195 version appears only once and the given minor version is the highest minor 196 version supported. For example, `5.1` means that the provider supports both 197 protocol `5.0` and protocol `5.1`. 198 199 Terraform uses this information, when available, to provide hints to users 200 about upgrading or downgrading their version of a particular provider to 201 work with their current version of Terraform, if their currently-selected 202 versions are not compatible. 203 204 Which API versions are supported is, for most providers, decided by which 205 version of the Terraform SDK they are built against. Consult the Terraform 206 SDK documentation for more information. 207 208 Only Terraform 0.13 and later support third-party provider registries and 209 that Terraform version requires API version `5.0` or later, so in practice 210 it isn't useful to list major versions 4 or earlier in a third-party 211 provider registry. 212 * `platforms` (recommended): an array of objects describing platforms that have 213 packages available for this version. 214 215 Terraform may use this information, when available, to provide hints to 216 users about upgrading or downgrading their version of a particular provider 217 for compatibility with their current platform. 218 219 The `platforms` objects have properties `os` and `arch`, whose values match 220 the properties of the same name in the response to 221 [Find a Provider Package](#find-a-provider-package). 222 223 Return `404 Not Found` to signal that the registry does not have a provider 224 with the given namespace and type. 225 226 ## Find a Provider Package 227 228 This operation returns the download URL of and associated metadata about the 229 distribution package for a particular version of a provider for a particular 230 operating system and architecture. 231 232 Terraform CLI uses this operation after it has selected the newest available 233 version matching the configured version constraints, in order to find the zip 234 archive containing the plugin itself. 235 236 | Method | Path | Produces | 237 | ------ | ---------------------------------------------- | ------------------ | 238 | `GET` | `:namespace/:type/:version/download/:os/:arch` | `application/json` | 239 240 ### Parameters 241 242 * `namespace` (required): the namespace portion of the address of the requested 243 provider. 244 * `type` (required): the type portion of the address of the requested provider. 245 * `version` (required): the version selected to download. This will exactly 246 match one of the version strings returned from a previous call to 247 [List Available Versions](#list-available-versions). 248 * `os` (required): a keyword identifying the operating system that the returned 249 package should be compatible with, like "linux" or "darwin". 250 * `arch` (required): a keyword identifying the CPU architecture that the 251 returned package should be compatible with, like "amd64" or "arm". 252 253 ### Sample Request 254 255 ``` 256 curl 'https://registry.terraform.io/v1/providers/hashicorp/random/2.0.0/download/linux/amd64' 257 ``` 258 259 ### Sample Response 260 261 ```json 262 { 263 "protocols": ["4.0", "5.1"], 264 "os": "linux", 265 "arch": "amd64", 266 "filename": "terraform-provider-random_2.0.0_linux_amd64.zip", 267 "download_url": "https://releases.hashicorp.com/terraform-provider-random/2.0.0/terraform-provider-random_2.0.0_linux_amd64.zip", 268 "shasums_url": "https://releases.hashicorp.com/terraform-provider-random/2.0.0/terraform-provider-random_2.0.0_SHA256SUMS", 269 "shasums_signature_url": "https://releases.hashicorp.com/terraform-provider-random/2.0.0/terraform-provider-random_2.0.0_SHA256SUMS.sig", 270 "shasum": "5f9c7aa76b7c34d722fc9123208e26b22d60440cb47150dd04733b9b94f4541a", 271 "signing_keys": { 272 "gpg_public_keys": [ 273 { 274 "key_id": "51852D87348FFC4C", 275 "ascii_armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1\n\nmQENBFMORM0BCADBRyKO1MhCirazOSVwcfTr1xUxjPvfxD3hjUwHtjsOy/bT6p9f\nW2mRPfwnq2JB5As+paL3UGDsSRDnK9KAxQb0NNF4+eVhr/EJ18s3wwXXDMjpIifq\nfIm2WyH3G+aRLTLPIpscUNKDyxFOUbsmgXAmJ46Re1fn8uKxKRHbfa39aeuEYWFA\n3drdL1WoUngvED7f+RnKBK2G6ZEpO+LDovQk19xGjiMTtPJrjMjZJ3QXqPvx5wca\nKSZLr4lMTuoTI/ZXyZy5bD4tShiZz6KcyX27cD70q2iRcEZ0poLKHyEIDAi3TM5k\nSwbbWBFd5RNPOR0qzrb/0p9ksKK48IIfH2FvABEBAAG0K0hhc2hpQ29ycCBTZWN1\ncml0eSA8c2VjdXJpdHlAaGFzaGljb3JwLmNvbT6JATgEEwECACIFAlMORM0CGwMG\nCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEFGFLYc0j/xMyWIIAIPhcVqiQ59n\nJc07gjUX0SWBJAxEG1lKxfzS4Xp+57h2xxTpdotGQ1fZwsihaIqow337YHQI3q0i\nSqV534Ms+j/tU7X8sq11xFJIeEVG8PASRCwmryUwghFKPlHETQ8jJ+Y8+1asRydi\npsP3B/5Mjhqv/uOK+Vy3zAyIpyDOMtIpOVfjSpCplVRdtSTFWBu9Em7j5I2HMn1w\nsJZnJgXKpybpibGiiTtmnFLOwibmprSu04rsnP4ncdC2XRD4wIjoyA+4PKgX3sCO\nklEzKryWYBmLkJOMDdo52LttP3279s7XrkLEE7ia0fXa2c12EQ0f0DQ1tGUvyVEW\nWmJVccm5bq25AQ0EUw5EzQEIANaPUY04/g7AmYkOMjaCZ6iTp9hB5Rsj/4ee/ln9\nwArzRO9+3eejLWh53FoN1rO+su7tiXJA5YAzVy6tuolrqjM8DBztPxdLBbEi4V+j\n2tK0dATdBQBHEh3OJApO2UBtcjaZBT31zrG9K55D+CrcgIVEHAKY8Cb4kLBkb5wM\nskn+DrASKU0BNIV1qRsxfiUdQHZfSqtp004nrql1lbFMLFEuiY8FZrkkQ9qduixo\nmTT6f34/oiY+Jam3zCK7RDN/OjuWheIPGj/Qbx9JuNiwgX6yRj7OE1tjUx6d8g9y\n0H1fmLJbb3WZZbuuGFnK6qrE3bGeY8+AWaJAZ37wpWh1p0cAEQEAAYkBHwQYAQIA\nCQUCUw5EzQIbDAAKCRBRhS2HNI/8TJntCAClU7TOO/X053eKF1jqNW4A1qpxctVc\nz8eTcY8Om5O4f6a/rfxfNFKn9Qyja/OG1xWNobETy7MiMXYjaa8uUx5iFy6kMVaP\n0BXJ59NLZjMARGw6lVTYDTIvzqqqwLxgliSDfSnqUhubGwvykANPO+93BBx89MRG\nunNoYGXtPlhNFrAsB1VR8+EyKLv2HQtGCPSFBhrjuzH3gxGibNDDdFQLxxuJWepJ\nEK1UbTS4ms0NgZ2Uknqn1WRU1Ki7rE4sTy68iZtWpKQXZEJa0IGnuI2sSINGcXCJ\noEIgXTMyCILo34Fa/C6VCm2WBgz9zZO8/rHIiQm1J5zqz0DrDwKBUM9C\n=LYpS\n-----END PGP PUBLIC KEY BLOCK-----", 276 "trust_signature": "", 277 "source": "HashiCorp", 278 "source_url": "https://www.hashicorp.com/security.html" 279 } 280 ] 281 } 282 } 283 ``` 284 285 ### Response Properties 286 287 A successful result is a JSON object with the following properties: 288 289 * `protocols` (required): an array of Terraform provider API versions that 290 the provider supports, in the same format as for 291 [List Available Versions](#list-available-versions). 292 293 While this property is optional when listing available options, it is 294 _required_ for describing an individual provider package so that Terraform 295 CLI can avoid downloading a package that will not be compatible with it. 296 297 * `os` (required): this must currently echo back the `os` parameter from the 298 request. Other possibilities may come in later versions of this protocol. 299 300 * `arch` (required): this must currently echo back the `arch` parameter from the 301 request. Other possibilities may come in later versions of this protocol. 302 303 * `filename` (required): the filename for this provider's zip archive as 304 recorded in the "shasums" document, so that Terraform CLI can determine which 305 of the given checksums should be used for this specific package. 306 307 * `download_url` (required): a URL from which Terraform can retrieve the 308 provider's zip archive. If this is a relative URL then it will be resolved 309 relative to the URL that returned the containing JSON object. 310 311 * `shasums_url` (required): a URL from which Terraform can retrieve a text 312 document recording expected SHA256 checksums for this package and possibly 313 other packages for the same provider version on other platforms. 314 315 The indicated document must be in the format generated by the `sha256` 316 command available on many Unix systems, with one entry recording the 317 same filename given in the `filename` property (case sensitive). 318 319 * `shasums_signature_url` (required): a URL from which Terraform can retrieve 320 a binary, detached GPG signature for the document at `shasums_url`, signed 321 by one of the keys indicated in the `signing_keys` property. 322 323 * `signing_keys` (required): an object describing signing keys for this 324 provider package, one of which must have been used to produce the signature 325 at `shasums_signature_url`. The object has the following nested properties: 326 327 * `gpg_public_keys` (required): an array of objects, each describing one 328 GPG signing key that is allowed to sign the checksums for this provider 329 version. At least one element must be included, representing the key that 330 produced the signature at `shasums_signature_url`. These objects have 331 the following nested properties: 332 333 * `key_id` (required): uppercase-hexadecimal-formatted ID for this GPG key 334 335 * `ascii_armor` (required): an "ascii-armor" encoding of the **public key** 336 associated with this GPG key. 337 338 Return `404 Not Found` to signal that the given provider version isn't 339 available for the requested operating system and/or architecture. Terraform 340 CLI will only attempt to download versions that it has previously seen in 341 response to [List Available Versions](#list-available-versions).