Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expand Terraform for Developer Connect #12391

Merged
merged 2 commits into from
Jan 6, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
485 changes: 334 additions & 151 deletions mmv1/products/developerconnect/Connection.yaml

Large diffs are not rendered by default.

16 changes: 0 additions & 16 deletions mmv1/products/developerconnect/GitRepositoryLink.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@
---
name: 'GitRepositoryLink'
description: "A git repository link to a parent connection."
min_version: 'beta'
docs:
id_format: 'projects/{{project}}/locations/{{location}}/connections/{{parent_connection}}/gitRepositoryLinks/{{git_repository_link_id}}'
base_url: 'projects/{{project}}/locations/{{location}}/connections/{{parent_connection}}/gitRepositoryLinks'
Expand All @@ -41,13 +40,11 @@ examples:
# to show them in the docs.
- name: 'developer_connect_git_repository_link_github'
primary_resource_id: 'primary'
min_version: 'beta'
vars:
connection_name: 'my-connection'
git_repository_link_name: 'my-repository'
exclude_docs: true
- name: 'developer_connect_git_repository_link_github_doc'
min_version: 'beta'
exclude_test: true
parameters:
- name: 'location'
Expand All @@ -56,7 +53,6 @@ parameters:
"Resource ID segment making up resource `name`. It identifies the resource
within its parent collection as described in https://google.aip.dev/122. See documentation
for resource type `developerconnect.googleapis.com/GitRepositoryLink`. "
min_version: 'beta'
url_param_only: true
required: true
immutable: true
Expand All @@ -66,7 +62,6 @@ parameters:
"Resource ID segment making up resource `name`. It identifies the resource
within its parent collection as described in https://google.aip.dev/122. See documentation
for resource type `developerconnect.googleapis.com/GitRepositoryLink`. "
min_version: 'beta'
url_param_only: true
required: true
immutable: true
Expand All @@ -76,60 +71,49 @@ parameters:
"Required. The ID to use for the repository, which will become the
final component of\nthe repository's resource name. This ID should be unique in
the connection.\nAllows alphanumeric characters and any of -._~%!$&'()*+,;=@. "
min_version: 'beta'
url_param_only: true
required: true
immutable: true
properties:
- name: 'name'
type: String
description: "Identifier. Resource name of the repository, in the format\n`projects/*/locations/*/connections/*/gitRepositoryLinks/*`. "
min_version: 'beta'
output: true
- name: 'cloneUri'
type: String
description: "Required. Git Clone URI. "
min_version: 'beta'
required: true
- name: 'createTime'
type: String
description: "Output only. [Output only] Create timestamp "
min_version: 'beta'
output: true
- name: 'updateTime'
type: String
description: "Output only. [Output only] Update timestamp "
min_version: 'beta'
output: true
- name: 'deleteTime'
type: String
description: "Output only. [Output only] Delete timestamp "
min_version: 'beta'
output: true
- name: 'labels'
type: KeyValueLabels
description: "Optional. Labels as key value pairs "
min_version: 'beta'
- name: 'etag'
type: String
description:
"Optional. This checksum is computed by the server based on the value
of other\nfields, and may be sent on update and delete requests to ensure the\nclient
has an up-to-date value before proceeding. "
min_version: 'beta'
- name: 'reconciling'
type: Boolean
description:
"Output only. Set to true when the connection is being set up or updated
in the\nbackground. "
min_version: 'beta'
output: true
- name: 'annotations'
type: KeyValueAnnotations
description: "Optional. Allows clients to store small amounts of arbitrary data. "
min_version: 'beta'
- name: 'uid'
type: String
description: "Output only. A system-assigned unique identifier for a the GitRepositoryLink. "
min_version: 'beta'
output: true
11 changes: 6 additions & 5 deletions mmv1/products/developerconnect/product.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,11 @@
# limitations under the License.

---
name: 'DeveloperConnect'
display_name: 'Developer Connect'
versions:
- name: 'beta'
base_url: 'https://developerconnect.googleapis.com/v1/'
name: DeveloperConnect
display_name: Developer Connect
scopes:
- 'https://www.googleapis.com/auth/cloud-platform'
versions:
- base_url: 'https://developerconnect.googleapis.com/v1/'
name: ga
caibaseurl: ""
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
resource "google_developer_connect_connection" "{{$.PrimaryResourceId}}" {
provider = google-beta
location = "us-central1"
connection_id = "{{index $.Vars "connection_name"}}"

Expand All @@ -15,4 +14,4 @@ resource "google_developer_connect_connection" "{{$.PrimaryResourceId}}" {
output "next_steps" {
description = "Follow the action_uri if present to continue setup"
value = google_developer_connect_connection.{{$.PrimaryResourceId}}.installation_state
}
}
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
resource "google_secret_manager_secret" "github-token-secret" {

provider = google-beta
secret_id = "github-token-secret"

replication {
Expand All @@ -9,15 +8,11 @@ resource "google_secret_manager_secret" "github-token-secret" {
}

resource "google_secret_manager_secret_version" "github-token-secret-version" {

provider = google-beta
secret = google_secret_manager_secret.github-token-secret.id
secret_data = file("my-github-token.txt")
}

resource "google_project_service_identity" "devconnect-p4sa" {
provider = google-beta

service = "developerconnect.googleapis.com"
}

Expand All @@ -31,14 +26,12 @@ data "google_iam_policy" "p4sa-secretAccessor" {

resource "google_secret_manager_secret_iam_policy" "policy" {

provider = google-beta
secret_id = google_secret_manager_secret.github-token-secret.secret_id
policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data
}

resource "google_developer_connect_connection" "my-connection" {

provider = google-beta
location = "us-central1"
connection_id = "my-connection"

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
resource "google_developer_connect_connection" "{{$.PrimaryResourceId}}" {
location = "us-central1"
connection_id = "{{index $.Vars "connection_name"}}"

github_config {
github_app = "DEVELOPER_CONNECT"

authorizer_credential {
oauth_token_secret_version = "projects/devconnect-terraform-creds/secrets/tf-test-do-not-change-github-oauthtoken-e0b9e7/versions/1"
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
resource "google_secret_manager_secret" "github-token-secret" {

secret_id = "github-token-secret"

replication {
auto {}
}
}

resource "google_secret_manager_secret_version" "github-token-secret-version" {

secret = google_secret_manager_secret.github-token-secret.id
secret_data = file("my-github-token.txt")
}

data "google_iam_policy" "p4sa-secretAccessor" {
binding {
role = "roles/secretmanager.secretAccessor"
// Here, 123456789 is the Google Cloud project number for the project that contains the connection.
members = ["serviceAccount:[email protected]"]
}
}

resource "google_secret_manager_secret_iam_policy" "policy" {

secret_id = google_secret_manager_secret.github-token-secret.secret_id
policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data
}

resource "google_developer_connect_connection" "my-connection" {

location = "us-central1"
connection_id = "my-connection"

github_config {
github_app = "DEVELOPER_CONNECT"
app_installation_id = 123123
authorizer_credential {
oauth_token_secret_version = google_secret_manager_secret_version.github-token-secret-version.id
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
resource "google_developer_connect_connection" "{{$.PrimaryResourceId}}" {
location = "us-central1"
connection_id = "{{index $.Vars "connection_name"}}"

github_enterprise_config {
host_uri = "https://ghe.proctor-staging-test.com"
app_id = 864434
private_key_secret_version = "projects/devconnect-terraform-creds/secrets/tf-test-ghe-do-not-change-ghe-private-key-f522d2/versions/latest"
webhook_secret_secret_version = "projects/devconnect-terraform-creds/secrets/tf-test-ghe-do-not-change-ghe-webhook-secret-3c806f/versions/latest"
app_installation_id = 837537
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
resource "google_secret_manager_secret" "private-key-secret" {
secret_id = "ghe-pk-secret"

replication {
auto {}
}
}

resource "google_secret_manager_secret_version" "private-key-secret-version" {
secret = google_secret_manager_secret.private-key-secret.id
secret_data = file("private-key.pem")
}

resource "google_secret_manager_secret" "webhook-secret-secret" {
secret_id = "ghe-token-secret"

replication {
auto {}
}
}

resource "google_secret_manager_secret_version" "webhook-secret-secret-version" {
secret = google_secret_manager_secret.webhook-secret-secret.id
secret_data = "<webhook-secret-data>"
}

data "google_iam_policy" "p4sa-secretAccessor" {
binding {
role = "roles/secretmanager.secretAccessor"
// Here, 123456789 is the Google Cloud project number for the project that contains the connection.
members = ["serviceAccount:[email protected]"]
}
}

resource "google_secret_manager_secret_iam_policy" "policy-pk" {
secret_id = google_secret_manager_secret.private-key-secret.secret_id
policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data
}

resource "google_secret_manager_secret_iam_policy" "policy-whs" {
secret_id = google_secret_manager_secret.webhook-secret-secret.secret_id
policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data
}

resource "google_developer_connect_connection" "my-connection" {
location = "us-central1"
connection_id = "my-connection"

github_enterprise_config {
host_uri = "https://ghe.com"
private_key_secret_version = google_secret_manager_secret_version.private-key-secret-version.id
webhook_secret_secret_version = google_secret_manager_secret_version.webhook-secret-secret-version.id
app_id = 100
app_installation_id = 123123
}

depends_on = [
google_secret_manager_secret_iam_policy.policy-pk,
google_secret_manager_secret_iam_policy.policy-whs
]
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
resource "google_developer_connect_connection" "{{$.PrimaryResourceId}}" {
location = "us-central1"
connection_id = "{{index $.Vars "connection_name"}}"

gitlab_config {
webhook_secret_secret_version = "projects/devconnect-terraform-creds/secrets/gitlab-webhook/versions/latest"

read_authorizer_credential {
user_token_secret_version = "projects/devconnect-terraform-creds/secrets/gitlab-read-cred/versions/latest"
}

authorizer_credential {
user_token_secret_version = "projects/devconnect-terraform-creds/secrets/gitlab-auth-cred/versions/latest"
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
resource "google_secret_manager_secret" "gitlab-read-cred-secret" {
secret_id = "gitlab-read-cred"
replication {
auto {}
}
}

resource "google_secret_manager_secret_version" "gitlab-read-cred-secret-version" {
secret = google_secret_manager_secret.gitlab-read-cred-secret.id
secret_data = file("my-gitlab-read-cred.txt")
}

resource "google_secret_manager_secret" "gitlab-auth-cred-secret" {
secret_id = "gitlab-auth-cred"
replication {
auto {}
}
}

resource "google_secret_manager_secret_version" "gitlab-auth-cred-secret-version" {
secret = google_secret_manager_secret.gitlab-auth-cred-secret.id
secret_data = file("my-gitlab-auth-cred.txt")
}

resource "google_secret_manager_secret" "gitlab-webhook-secret-secret" {
secret_id = "gitlab-webhook-secret"
replication {
auto {}
}
}

resource "google_secret_manager_secret_version" "gitlab-webhook-secret-secret-version" {
secret = google_secret_manager_secret.gitlab-webhook-secret-secret.id
secret_data = file("my-gitlab-webhook-secret.txt")

data "google_iam_policy" "p4sa-secretAccessor" {
binding {
role = "roles/secretmanager.secretAccessor"
// Here, 123456789 is the Google Cloud project number for the project that contains the connection.
members = ["serviceAccount:[email protected]"]
}
}

resource "google_secret_manager_secret_iam_policy" "policy-rc" {
secret_id = google_secret_manager_secret.gitlab-read-cred-secret.secret_id
policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data
}

resource "google_secret_manager_secret_iam_policy" "policy-ac" {
secret_id = google_secret_manager_secret.gitlab-auth-cred-secret.secret_id
policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data
}

resource "google_secret_manager_secret_iam_policy" "policy-wh" {
secret_id = google_secret_manager_secret.gitlab-webhook-secret-secret.secret_id
policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data
}

resource "google_developer_connect_connection" "my-connection" {

location = "us-central1"
connection_id = "my-connection"

gitlab_config {
webhook_secret_secret_version = google_secret_manager_secret_version.gitlab-webhook-secret-secret-version.id

read_authorizer_credential {
user_token_secret_version = google_secret_manager_secret_version.gitlab-read-cred-secret-version.id
}

authorizer_credential {
user_token_secret_version = google_secret_manager_secret_version.gitlab-auth-cred-secret-version.id
}
}

depends_on = [
google_secret_manager_secret_iam_policy.policy-rc,
google_secret_manager_secret_iam_policy.policy-ac,
google_secret_manager_secret_iam_policy.policy-wh
]
}
Loading
Loading