I've had a fair bit of success using copilot to reverse engineer a terraform provider, there are some gaps in what you can do in the UI vs what the api supports however.
helm
proget:
image:
tag: "25.0.25"
replicaCount: 1
# Encryption key from pre-created secret
existingEncryptionKeySecret: "proget-encryption-key"
encryptionKeySecretKey: "encryption-key"
# License key from pre-created secret
existingLicenseSecret: "proget-license"
licenseSecretKey: "license-key"
resources:
requests:
cpu: "500m"
memory: "1Gi"
limits:
cpu: "2"
memory: "4Gi"
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "80"
prometheus.io/path: "/health"
database:
type: "external-postgres"
externalPostgres:
existingSecret: "proget-db-credentials"
secretKey: "connection-string"
persistence:
packages:
size: "100Gi"
storageClassName: "managed-csi-premium"
accessMode: "ReadWriteOnce"
backups:
size: "50Gi"
storageClassName: "managed-csi"
accessMode: "ReadWriteOnce"
service:
type: ClusterIP
ingress:
enabled: false
gateway:
enabled: true
parentRefs:
- name: traefik-gateway
namespace: traefik
sectionName: https
hostnames:
- proget.demo
Terraform
# ──────────────────────────────────────────────────────
──────────────────────────────────────────────────────
# Manages a NuGet feed backed by a filtered nuget.org
# connector, an MIT license, CI/CD API keys, and basic
# user/group permissions.
# ──────────────────────────────────────────────────────
terraform {
required_providers {
proget = {
source = "mycompany/proget"
}
}
}
# ── Variables ────────────────────────────────────────
variable "proget_url" {
description = "Base URL of the ProGet instance"
type = string
default = "https://proget.example.com"
}
variable "proget_api_key" {
description = "System-level API key for the provider"
type = string
sensitive = true
}
# ── Provider ─────────────────────────────────────────
provider "proget" {
url = var.proget_url
api_key = var.proget_api_key
}
# ── Connector: filtered nuget.org ────────────────────
resource "proget_connector" "nuget_org" {
name = "nuget-org-filtered"
url = "https://api.nuget.org/v3/index.json"
feed_type = "nuget"
timeout = 10
metadata_cache_enabled = true
metadata_cache_minutes = 30
metadata_cache_count = 250
filters = [
"!*", # block everything by default
"Microsoft.*",
"System.*",
"Newtonsoft.*",
]
}
# ── Feed: NuGet with retention ───────────────────────
resource "proget_feed" "nuget" {
name = "nuget"
feed_type = "nuget"
active = true
can_publish = true
cache_connectors = true
vulnerabilities_enabled = true
licenses_enabled = true
use_with_projects = true
use_api_v3 = true
connectors = [proget_connector.nuget_org.name]
retention_rules_enabled = true
retention_rule {
keep_versions_count = 10
delete_prerelease_versions = true
keep_used_within_days = 14
delete_cached = true
}
}
# ── License ──────────────────────────────────────────
resource "proget_license" "mit" {
code = "MIT"
title = "MIT License"
urls = [
"opensource.org/licenses/MIT",
"spdx.org/licenses/MIT.html",
]
}
# ── API Keys ─────────────────────────────────────────
resource "proget_api_key" "admin" {
type = "system"
display_name = "Terraform-Admin"
description = "Full control key used by Terraform"
system_apis = ["full-control"]
}
resource "proget_api_key" "ci_readonly" {
type = "feed"
display_name = "CI-ReadOnly"
description = "Read-only key for dotnet restore / npm install"
feed = proget_feed.nuget.name
package_permissions = ["view"]
}
# ── Group & User ─────────────────────────────────────
resource "proget_group" "developers" {
name = "Developers"
}
resource "proget_user" "alice" {
name = "dev-alice"
display_name = "Alice Developer"
email = "alice@example.com"
password = var.alice_password
groups = [proget_group.developers.name]
}
variable "alice_password" {
type = string
sensitive = true
}
# ── Permissions ──────────────────────────────────────
resource "proget_permission" "devs_view" {
user = proget_user.alice.name
task = "View & Download Packages"
deny = false
}
resource "proget_permission" "devs_manage_nuget" {
user = proget_user.alice.name
feed = proget_feed.nuget.name
task = "Manage Feed"
deny = false
}
# ── Outputs ──────────────────────────────────────────
output "nuget_feed_url" {
value = "${var.proget_url}/nuget/${proget_feed.nuget.name}/v3/index.json"
}
output "ci_api_key" {
value = proget_api_key.ci_readonly.key
sensitive = true
}
Still a work in progress and not shareable but you get the idea of what could be possible