github.com/muratcelep/terraform@v1.1.0-beta2-not-internal-4/website/docs/internals/provider-registry-protocol.html.md (about) 1 --- 2 layout: "docs" 3 page_title: "Provider Registry Protocol" 4 sidebar_current: "docs-internals-provider-registry-protocol" 5 description: |- 6 The provider registry protocol is implemented by a host intending to be the 7 origin host for one or more Terraform providers, specifying which providers 8 are available and where to find their distribution packages. 9 --- 10 11 # Provider Registry Protocol 12 13 -> Third-party provider registries are supported only in Terraform CLI 0.13 and later. Prior versions do not support this protocol. 14 15 The provider registry protocol is what Terraform CLI uses to discover metadata 16 about providers available for installation and to locate the distribution 17 packages for a selected provider. 18 19 The primary implementation of this protocol is the public 20 [Terraform Registry](https://registry.terraform.io/) at `registry.terraform.io`. 21 By writing and deploying your own implementation of this protocol, you can 22 create a separate _origin registry_ to distribute your own providers, as an 23 alternative to publishing them on the public Terraform Registry. 24 25 This page describes the provider _registry_ protocol, which is the protocol 26 for finding providers available for installation. It _doesn't_ describe the 27 API that provider plugins themselves implement to serve requests from Terraform 28 CLI at runtime. For more information on the provider API, see the Terraform 29 SDK documentation. 30 31 The public Terraform Registry implements a superset of the API described on 32 this page, in order to capture additional information used in the registry UI. 33 Third-party implementations should not include those extensions because they 34 may change in future without notice. 35 36 ## Provider Addresses 37 38 Each Terraform provider has an associated address which uniquely identifies it 39 within Terraform. A provider address has the syntax `hostname/namespace/type`, 40 where: 41 42 * `hostname` is the registry host that the provider is considered to have 43 originated from, and the default location Terraform will consult for 44 information about the provider 45 [unless overridden in the CLI configuration](/docs/cli/config/config-file.html#provider-installation). 46 * `namespace` is the name of a namespace, unique on a particular hostname, that 47 can contain one or more providers that are somehow related. On the public 48 Terraform Registry the "namespace" represents the organization that is 49 packaging and distributing the provider. 50 * `type` is the provider type, like "azurerm", "aws", "google", "dns", etc. 51 A provider type is unique within a particular hostname and namespace. 52 53 The `hostname/` portion of a provider address (including its slash delimiter) 54 is optional, and if omitted defaults to `registry.terraform.io/`. 55 56 For example: 57 58 * `hashicorp/aws` is a shorthand for `registry.terraform.io/hashicorp/aws`, 59 which is the official AWS provider published by HashiCorp. 60 * `example/foo` is a shorthand for `registry.terraform.io/example/foo`, which 61 is a hypothetical third-party provider published on the public 62 Terraform Registry. 63 * `example.com/bar/baz` is a hypothetical third-party provider published at a 64 third-party provider registry on `example.com`. 65 66 If you intend only to share a provider you've developed for use by all 67 Terraform users, please consider publishing it into the public 68 [Terraform Registry](https://registry.terraform.io/), which will make your 69 provider discoverable. You only need to implement this provider registry 70 protocol if you wish to publish providers whose addresses include a different 71 hostname that is under your control. 72 73 Terraform uses the full address (after normalization to always include a 74 hostname) as its global identifier for providers internally, and so it's 75 important to note that re-uploading the `hashicorp/azurerm` provider into 76 another namespace or publishing it on a different hostname will cause Terraform 77 to see it as an entirely separate provider that will _not_ be usable by modules 78 that declare a dependency on `hashicorp/azurerm`. If your goal is to create 79 an alternative local distribution source for an existing provider -- that is, 80 a _mirror_ of the provider -- refer to 81 [the provider installation method configuration](/docs/cli/config/config-file.html#provider-installation) 82 instead. 83 84 ## Provider Versions 85 86 Each distinct provider address has associated with it a set of versions, each 87 of which has an associated version number. Terraform assumes version numbers 88 follow the [Semantic Versioning 2.0](https://semver.org/) conventions, with 89 the schema and behavior of the provider as documented from the perspective of 90 an end-user of Terraform serving as the "public API". 91 92 All available versions for a particular provider address are considered to be 93 the same provider by Terraform. Each Terraform configuration selects only one 94 version of each provider for use in the entire configuration, so the version 95 constraints across all modules are considered together for the purposes of 96 version selection. 97 98 ## Service Discovery 99 100 The providers protocol begins with Terraform CLI using 101 [Terraform's remote service discovery protocol](./remote-service-discovery.html), 102 with the hostname in the provider address acting as the "User-facing Hostname". 103 104 The service identifier for the provider registry protocol is `providers.v1`. 105 Its associated string value is the base URL for the relative URLs defined in 106 the sections that follow. 107 108 For example, the service discovery document for a host that _only_ implements 109 the provider registry protocol might contain the following: 110 111 ```json 112 { 113 "providers.v1": "/terraform/providers/v1/" 114 } 115 ``` 116 117 If the given URL is a relative URL then Terraform will interpret it as relative 118 to the discovery document itself. The specific provider registry protocol 119 endpoints are defined as URLs relative to the given base URL, and so the 120 specified base URL should generally end with a slash to ensure that those 121 relative paths will be resolved as expected. 122 123 The following sections describe the various operations that a provider 124 registry must implement to be compatible with Terraform CLI's provider 125 installer. The indicated URLs are all relative to the URL resulting from 126 service discovery, as described above. We use the current URLs on 127 Terraform Registry as working examples, assuming that the caller already 128 performed service discovery on `registry.terraform.io` to learn the base URL. 129 130 The URLs are shown with the convention that a path portion with a colon `:` 131 prefix is a placeholder for a dynamically-selected value, while all other 132 path portions are literal. For example, in `:namespace/:type/versions`, 133 the first two path portions are placeholders while the third is literally 134 the string "versions". 135 136 ## List Available Versions 137 138 This operation determines which versions are currently available for a 139 particular provider. 140 141 | Method | Path | Produces | 142 |--------|-----------------------------|--------------------| 143 | `GET` | `:namespace/:type/versions` | `application/json` | 144 145 ### Parameters 146 147 * `namespace` (required): the namespace portion of the address of the requested 148 provider. 149 * `type` (required): the type portion of the address of the requested provider. 150 151 ### Sample Request 152 153 ``` 154 curl 'https://registry.terraform.io/v1/providers/hashicorp/random/versions' 155 ``` 156 157 ### Sample Response 158 159 ```json 160 { 161 "versions": [ 162 { 163 "version": "2.0.0", 164 "protocols": ["4.0", "5.1"], 165 "platforms": [ 166 {"os": "darwin", "arch": "amd64"}, 167 {"os": "linux", "arch": "amd64"}, 168 {"os": "linux", "arch": "arm"}, 169 {"os": "windows", "arch": "amd64"} 170 ] 171 }, 172 { 173 "version": "2.0.1", 174 "protocols": ["5.2"], 175 "platforms": [ 176 {"os": "darwin", "arch": "amd64"}, 177 {"os": "linux", "arch": "amd64"}, 178 {"os": "linux", "arch": "arm"}, 179 {"os": "windows", "arch": "amd64"} 180 ] 181 } 182 ] 183 } 184 ``` 185 186 ### Response Properties 187 188 A successful result is a JSON object containing a single property `versions`. 189 `versions` is an array of objects that each describe one available version, 190 with the following properties: 191 192 * `version` (required): the version number this object is describing, using 193 the semantic versioning string notation. `version` must be unique across 194 all objects in the response. 195 * `protocols` (recommended): an array of Terraform provider API versions that 196 this version supports, each given in `MAJOR.MINOR` format where each major 197 version appears only once and the given minor version is the highest minor 198 version supported. For example, `5.1` means that the provider supports both 199 protocol `5.0` and protocol `5.1`. 200 201 Terraform uses this information, when available, to provide hints to users 202 about upgrading or downgrading their version of a particular provider to 203 work with their current version of Terraform, if their currently-selected 204 versions are not compatible. 205 206 Which API versions are supported is, for most providers, decided by which 207 version of the Terraform SDK they are built against. Consult the Terraform 208 SDK documentation for more information. 209 210 Only Terraform 0.13 and later support third-party provider registries and 211 that Terraform version requires API version `5.0` or later, so in practice 212 it isn't useful to list major versions 4 or earlier in a third-party 213 provider registry. 214 * `platforms` (recommended): an array of objects describing platforms that have 215 packages available for this version. 216 217 Terraform may use this information, when available, to provide hints to 218 users about upgrading or downgrading their version of a particular provider 219 for compatibility with their current platform. 220 221 The `platforms` objects have properties `os` and `arch`, whose values match 222 the properties of the same name in the response to 223 [Find a Provider Package](#find-a-provider-package). 224 225 Return `404 Not Found` to signal that the registry does not have a provider 226 with the given namespace and type. 227 228 ## Find a Provider Package 229 230 This operation returns the download URL of and associated metadata about the 231 distribution package for a particular version of a provider for a particular 232 operating system and architecture. 233 234 Terraform CLI uses this operation after it has selected the newest available 235 version matching the configured version constraints, in order to find the zip 236 archive containing the plugin itself. 237 238 | Method | Path | Produces | 239 |--------|------------------------------------------------|--------------------| 240 | `GET` | `:namespace/:type/:version/download/:os/:arch` | `application/json` | 241 242 ### Parameters 243 244 * `namespace` (required): the namespace portion of the address of the requested 245 provider. 246 * `type` (required): the type portion of the address of the requested provider. 247 * `version` (required): the version selected to download. This will exactly 248 match one of the version strings returned from a previous call to 249 [List Available Versions](#list-available-versions). 250 * `os` (required): a keyword identifying the operating system that the returned 251 package should be compatible with, like "linux" or "darwin". 252 * `arch` (required): a keyword identifying the CPU architecture that the 253 returned package should be compatible with, like "amd64" or "arm". 254 255 ### Sample Request 256 257 ``` 258 curl 'https://registry.terraform.io/v1/providers/hashicorp/random/2.0.0/download/linux/amd64' 259 ``` 260 261 ### Sample Response 262 263 ```json 264 { 265 "protocols": ["4.0", "5.1"], 266 "os": "linux", 267 "arch": "amd64", 268 "filename": "terraform-provider-random_2.0.0_linux_amd64.zip", 269 "download_url": "https://releases.hashicorp.com/terraform-provider-random/2.0.0/terraform-provider-random_2.0.0_linux_amd64.zip", 270 "shasums_url": "https://releases.hashicorp.com/terraform-provider-random/2.0.0/terraform-provider-random_2.0.0_SHA256SUMS", 271 "shasums_signature_url": "https://releases.hashicorp.com/terraform-provider-random/2.0.0/terraform-provider-random_2.0.0_SHA256SUMS.sig", 272 "shasum": "5f9c7aa76b7c34d722fc9123208e26b22d60440cb47150dd04733b9b94f4541a", 273 "signing_keys": { 274 "gpg_public_keys": [ 275 { 276 "key_id": "51852D87348FFC4C", 277 "ascii_armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1\n\nmQENBFMORM0BCADBRyKO1MhCirazOSVwcfTr1xUxjPvfxD3hjUwHtjsOy/bT6p9f\nW2mRPfwnq2JB5As+paL3UGDsSRDnK9KAxQb0NNF4+eVhr/EJ18s3wwXXDMjpIifq\nfIm2WyH3G+aRLTLPIpscUNKDyxFOUbsmgXAmJ46Re1fn8uKxKRHbfa39aeuEYWFA\n3drdL1WoUngvED7f+RnKBK2G6ZEpO+LDovQk19xGjiMTtPJrjMjZJ3QXqPvx5wca\nKSZLr4lMTuoTI/ZXyZy5bD4tShiZz6KcyX27cD70q2iRcEZ0poLKHyEIDAi3TM5k\nSwbbWBFd5RNPOR0qzrb/0p9ksKK48IIfH2FvABEBAAG0K0hhc2hpQ29ycCBTZWN1\ncml0eSA8c2VjdXJpdHlAaGFzaGljb3JwLmNvbT6JATgEEwECACIFAlMORM0CGwMG\nCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEFGFLYc0j/xMyWIIAIPhcVqiQ59n\nJc07gjUX0SWBJAxEG1lKxfzS4Xp+57h2xxTpdotGQ1fZwsihaIqow337YHQI3q0i\nSqV534Ms+j/tU7X8sq11xFJIeEVG8PASRCwmryUwghFKPlHETQ8jJ+Y8+1asRydi\npsP3B/5Mjhqv/uOK+Vy3zAyIpyDOMtIpOVfjSpCplVRdtSTFWBu9Em7j5I2HMn1w\nsJZnJgXKpybpibGiiTtmnFLOwibmprSu04rsnP4ncdC2XRD4wIjoyA+4PKgX3sCO\nklEzKryWYBmLkJOMDdo52LttP3279s7XrkLEE7ia0fXa2c12EQ0f0DQ1tGUvyVEW\nWmJVccm5bq25AQ0EUw5EzQEIANaPUY04/g7AmYkOMjaCZ6iTp9hB5Rsj/4ee/ln9\nwArzRO9+3eejLWh53FoN1rO+su7tiXJA5YAzVy6tuolrqjM8DBztPxdLBbEi4V+j\n2tK0dATdBQBHEh3OJApO2UBtcjaZBT31zrG9K55D+CrcgIVEHAKY8Cb4kLBkb5wM\nskn+DrASKU0BNIV1qRsxfiUdQHZfSqtp004nrql1lbFMLFEuiY8FZrkkQ9qduixo\nmTT6f34/oiY+Jam3zCK7RDN/OjuWheIPGj/Qbx9JuNiwgX6yRj7OE1tjUx6d8g9y\n0H1fmLJbb3WZZbuuGFnK6qrE3bGeY8+AWaJAZ37wpWh1p0cAEQEAAYkBHwQYAQIA\nCQUCUw5EzQIbDAAKCRBRhS2HNI/8TJntCAClU7TOO/X053eKF1jqNW4A1qpxctVc\nz8eTcY8Om5O4f6a/rfxfNFKn9Qyja/OG1xWNobETy7MiMXYjaa8uUx5iFy6kMVaP\n0BXJ59NLZjMARGw6lVTYDTIvzqqqwLxgliSDfSnqUhubGwvykANPO+93BBx89MRG\nunNoYGXtPlhNFrAsB1VR8+EyKLv2HQtGCPSFBhrjuzH3gxGibNDDdFQLxxuJWepJ\nEK1UbTS4ms0NgZ2Uknqn1WRU1Ki7rE4sTy68iZtWpKQXZEJa0IGnuI2sSINGcXCJ\noEIgXTMyCILo34Fa/C6VCm2WBgz9zZO8/rHIiQm1J5zqz0DrDwKBUM9C\n=LYpS\n-----END PGP PUBLIC KEY BLOCK-----", 278 "trust_signature": "", 279 "source": "HashiCorp", 280 "source_url": "https://www.hashicorp.com/security.html" 281 } 282 ] 283 } 284 } 285 ``` 286 287 ### Response Properties 288 289 A successful result is a JSON object with the following properties: 290 291 * `protocols` (required): an array of Terraform provider API versions that 292 the provider supports, in the same format as for 293 [List Available Versions](#list-available-versions). 294 295 While this property is optional when listing available options, it is 296 _required_ for describing an individual provider package so that Terraform 297 CLI can avoid downloading a package that will not be compatible with it. 298 299 * `os` (required): this must currently echo back the `os` parameter from the 300 request. Other possibilities may come in later versions of this protocol. 301 302 * `arch` (required): this must currently echo back the `arch` parameter from the 303 request. Other possibilities may come in later versions of this protocol. 304 305 * `filename` (required): the filename for this provider's zip archive as 306 recorded in the "shasums" document, so that Terraform CLI can determine which 307 of the given checksums should be used for this specific package. 308 309 * `download_url` (required): a URL from which Terraform can retrieve the 310 provider's zip archive. If this is a relative URL then it will be resolved 311 relative to the URL that returned the containing JSON object. 312 313 * `shasums_url` (required): a URL from which Terraform can retrieve a text 314 document recording expected SHA256 checksums for this package and possibly 315 other packages for the same provider version on other platforms. 316 317 The indicated document must be in the format generated by the `sha256` 318 command available on many Unix systems, with one entry recording the 319 same filename given in the `filename` property (case sensitive). 320 321 * `shasums_signature_url` (required): a URL from which Terraform can retrieve 322 a binary, detached GPG signature for the document at `shasums_url`, signed 323 by one of the keys indicated in the `signing_keys` property. 324 325 * `signing_keys` (required): an object describing signing keys for this 326 provider package, one of which must have been used to produce the signature 327 at `shasums_signature_url`. The object has the following nested properties: 328 329 * `gpg_public_keys` (required): an array of objects, each describing one 330 GPG signing key that is allowed to sign the checksums for this provider 331 version. At least one element must be included, representing the key that 332 produced the signature at `shasums_signature_url`. These objects have 333 the following nested properties: 334 335 * `key_id` (required): uppercase-hexadecimal-formatted ID for this GPG key 336 337 * `ascii_armor` (required): an "ascii-armor" encoding of the **public key** 338 associated with this GPG key. 339 340 Return `404 Not Found` to signal that the given provider version isn't 341 available for the requested operating system and/or architecture. Terraform 342 CLI will only attempt to download versions that it has previously seen in 343 response to [List Available Versions](#list-available-versions).