Google Git
Sign in
third-party-mirror / terraform-provider-google-beta / 7018e2f3f116fdacfd66c03551fbf0c3db62170a / . / v5.18.0 / website / docs / r / cloudbuildv2_connection.html.markdown
blob: 5ea566a41212af2384193097eb456c6b687410e7 [file] [log] [blame]
---
# ----------------------------------------------------------------------------
#
# *** AUTO GENERATED CODE *** Type: MMv1 ***
#
# ----------------------------------------------------------------------------
#
# This file is automatically generated by Magic Modules and manual
# changes will be clobbered when the file is regenerated.
#
# Please read more about how to change this file in
# .github/CONTRIBUTING.md.
#
# ----------------------------------------------------------------------------
subcategory: "Cloud Build v2"
description: |-
A connection to a SCM like GitHub, GitHub Enterprise, Bitbucket Data Center or GitLab.
---
# google\_cloudbuildv2\_connection
A connection to a SCM like GitHub, GitHub Enterprise, Bitbucket Data Center or GitLab.
To get more information about Connection, see:
* [API documentation](https://cloud.google.com/build/docs/api/reference/rest)
* How-to Guides
* [Official Documentation](https://cloud.google.com/build/docs)
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=cloudbuildv2_connection&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
</a>
</div>
## Example Usage - Cloudbuildv2 Connection
```hcl
resource "google_cloudbuildv2_connection" "my-connection" {
location = "us-central1"
name = "tf-test-connection"
github_config {
app_installation_id = 0
authorizer_credential {
oauth_token_secret_version = "projects/gcb-terraform-creds/secrets/github-pat/versions/1"
}
}
}
```
## Example Usage - Cloudbuildv2 Connection Ghe
```hcl
resource "google_secret_manager_secret" "private-key-secret" {
secret_id = "ghe-pk-secret"
replication {
auto {}
}
}
resource "google_secret_manager_secret_version" "private-key-secret-version" {
secret = google_secret_manager_secret.private-key-secret.id
secret_data = file("private-key.pem")
}
resource "google_secret_manager_secret" "webhook-secret-secret" {
secret_id = "github-token-secret"
replication {
auto {}
}
}
resource "google_secret_manager_secret_version" "webhook-secret-secret-version" {
secret = google_secret_manager_secret.webhook-secret-secret.id
secret_data = "<webhook-secret-data>"
}
data "google_iam_policy" "p4sa-secretAccessor" {
binding {
role = "roles/secretmanager.secretAccessor"
// Here, 123456789 is the Google Cloud project number for the project that contains the connection.
members = ["serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com"]
}
}
resource "google_secret_manager_secret_iam_policy" "policy-pk" {
secret_id = google_secret_manager_secret.private-key-secret.secret_id
policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data
}
resource "google_secret_manager_secret_iam_policy" "policy-whs" {
secret_id = google_secret_manager_secret.webhook-secret-secret.secret_id
policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data
}
resource "google_cloudbuildv2_connection" "my-connection" {
location = "us-central1"
name = "my-terraform-ghe-connection"
github_enterprise_config {
host_uri = "https://ghe.com"
private_key_secret_version = google_secret_manager_secret_version.private-key-secret-version.id
webhook_secret_secret_version = google_secret_manager_secret_version.webhook-secret-secret-version.id
app_id = 200
app_slug = "gcb-app"
app_installation_id = 300
}
depends_on = [
google_secret_manager_secret_iam_policy.policy-pk,
google_secret_manager_secret_iam_policy.policy-whs
]
}
```
## Example Usage - Cloudbuildv2 Connection Github
```hcl
resource "google_secret_manager_secret" "github-token-secret" {
secret_id = "github-token-secret"
replication {
auto {}
}
}
resource "google_secret_manager_secret_version" "github-token-secret-version" {
secret = google_secret_manager_secret.github-token-secret.id
secret_data = file("my-github-token.txt")
}
data "google_iam_policy" "p4sa-secretAccessor" {
binding {
role = "roles/secretmanager.secretAccessor"
// Here, 123456789 is the Google Cloud project number for the project that contains the connection.
members = ["serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com"]
}
}
resource "google_secret_manager_secret_iam_policy" "policy" {
secret_id = google_secret_manager_secret.github-token-secret.secret_id
policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data
}
resource "google_cloudbuildv2_connection" "my-connection" {
location = "us-central1"
name = "my-connection"
github_config {
app_installation_id = 123123
authorizer_credential {
oauth_token_secret_version = google_secret_manager_secret_version.github-token-secret-version.id
}
}
}
```
## Argument Reference
The following arguments are supported:
* `name` -
(Required)
Immutable. The resource name of the connection.
* `location` -
(Required)
The location for the resource
- - -
* `github_config` -
(Optional)
Configuration for connections to github.com.
Structure is [documented below](#nested_github_config).
* `github_enterprise_config` -
(Optional)
Configuration for connections to an instance of GitHub Enterprise.
Structure is [documented below](#nested_github_enterprise_config).
* `gitlab_config` -
(Optional)
Configuration for connections to gitlab.com or an instance of GitLab Enterprise.
Structure is [documented below](#nested_gitlab_config).
* `disabled` -
(Optional)
If disabled is set to true, functionality is disabled for this connection. Repository based API methods and webhooks processing for repositories in this connection will be disabled.
* `annotations` -
(Optional)
Allows clients to store small amounts of arbitrary data.
**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.
Please refer to the field `effective_annotations` for all of the annotations present on the resource.
* `project` - (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
<a name="nested_github_config"></a>The `github_config` block supports:
* `authorizer_credential` -
(Optional)
OAuth credential of the account that authorized the Cloud Build GitHub App. It is recommended to use a robot account instead of a human user account. The OAuth token must be tied to the Cloud Build GitHub App.
Structure is [documented below](#nested_authorizer_credential).
* `app_installation_id` -
(Optional)
GitHub App installation id.
<a name="nested_authorizer_credential"></a>The `authorizer_credential` block supports:
* `oauth_token_secret_version` -
(Optional)
A SecretManager resource containing the OAuth token that authorizes the Cloud Build connection. Format: `projects/*/secrets/*/versions/*`.
* `username` -
(Output)
Output only. The username associated to this token.
<a name="nested_github_enterprise_config"></a>The `github_enterprise_config` block supports:
* `host_uri` -
(Required)
Required. The URI of the GitHub Enterprise host this connection is for.
* `app_id` -
(Optional)
Id of the GitHub App created from the manifest.
* `app_slug` -
(Optional)
The URL-friendly name of the GitHub App.
* `private_key_secret_version` -
(Optional)
SecretManager resource containing the private key of the GitHub App, formatted as `projects/*/secrets/*/versions/*`.
* `webhook_secret_secret_version` -
(Optional)
SecretManager resource containing the webhook secret of the GitHub App, formatted as `projects/*/secrets/*/versions/*`.
* `app_installation_id` -
(Optional)
ID of the installation of the GitHub App.
* `service_directory_config` -
(Optional)
Configuration for using Service Directory to privately connect to a GitHub Enterprise server. This should only be set if the GitHub Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitHub Enterprise server will be made over the public internet.
Structure is [documented below](#nested_service_directory_config).
* `ssl_ca` -
(Optional)
SSL certificate to use for requests to GitHub Enterprise.
<a name="nested_service_directory_config"></a>The `service_directory_config` block supports:
* `service` -
(Required)
Required. The Service Directory service name. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.
<a name="nested_gitlab_config"></a>The `gitlab_config` block supports:
* `host_uri` -
(Optional)
The URI of the GitLab Enterprise host this connection is for. If not specified, the default value is https://gitlab.com.
* `webhook_secret_secret_version` -
(Required)
Required. Immutable. SecretManager resource containing the webhook secret of a GitLab Enterprise project, formatted as `projects/*/secrets/*/versions/*`.
* `read_authorizer_credential` -
(Required)
Required. A GitLab personal access token with the minimum `read_api` scope access.
Structure is [documented below](#nested_read_authorizer_credential).
* `authorizer_credential` -
(Required)
Required. A GitLab personal access token with the `api` scope access.
Structure is [documented below](#nested_authorizer_credential).
* `service_directory_config` -
(Optional)
Configuration for using Service Directory to privately connect to a GitLab Enterprise server. This should only be set if the GitLab Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitLab Enterprise server will be made over the public internet.
Structure is [documented below](#nested_service_directory_config).
* `ssl_ca` -
(Optional)
SSL certificate to use for requests to GitLab Enterprise.
* `server_version` -
(Output)
Output only. Version of the GitLab Enterprise server running on the `host_uri`.
<a name="nested_read_authorizer_credential"></a>The `read_authorizer_credential` block supports:
* `user_token_secret_version` -
(Required)
Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: `projects/*/secrets/*/versions/*`.
* `username` -
(Output)
Output only. The username associated to this token.
<a name="nested_authorizer_credential"></a>The `authorizer_credential` block supports:
* `user_token_secret_version` -
(Required)
Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: `projects/*/secrets/*/versions/*`.
* `username` -
(Output)
Output only. The username associated to this token.
<a name="nested_service_directory_config"></a>The `service_directory_config` block supports:
* `service` -
(Required)
Required. The Service Directory service name. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
* `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/connections/{{name}}`
* `create_time` -
Output only. Server assigned timestamp for when the connection was created.
* `update_time` -
Output only. Server assigned timestamp for when the connection was updated.
* `installation_state` -
Output only. Installation state of the Connection.
Structure is [documented below](#nested_installation_state).
* `reconciling` -
Output only. Set to true when the connection is being set up or updated in the background.
* `etag` -
This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.
* `effective_annotations` -
All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.
<a name="nested_installation_state"></a>The `installation_state` block contains:
* `stage` -
(Output)
Output only. Current step of the installation process.
* `message` -
(Output)
Output only. Message of what the user should do next to continue the installation. Empty string if the installation is already complete.
* `action_uri` -
(Output)
Output only. Link to follow for next action. Empty string if the installation is already complete.
## Timeouts
This resource provides the following
[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:
- `create` - Default is 20 minutes.
- `update` - Default is 20 minutes.
- `delete` - Default is 20 minutes.
## Import
Connection can be imported using any of these accepted formats:
* `projects/{{project}}/locations/{{location}}/connections/{{name}}`
* `{{project}}/{{location}}/{{name}}`
* `{{location}}/{{name}}`
* `{{name}}`
In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import Connection using one of the formats above. For example:
```tf
import {
id = "projects/{{project}}/locations/{{location}}/connections/{{name}}"
to = google_cloudbuildv2_connection.default
}
```
When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), Connection can be imported using one of the formats above. For example:
```
$ terraform import google_cloudbuildv2_connection.default projects/{{project}}/locations/{{location}}/connections/{{name}}
$ terraform import google_cloudbuildv2_connection.default {{project}}/{{location}}/{{name}}
$ terraform import google_cloudbuildv2_connection.default {{location}}/{{name}}
$ terraform import google_cloudbuildv2_connection.default {{name}}
```
## User Project Overrides
This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).