googleCloudbuildv2Connection

Beta only: The Cloudbuildv2 Connection resource

Example Usage - ghe

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleSecretManagerSecretPrivateKeySecret =
  new google.secretManagerSecret.SecretManagerSecret(
    this,
    "private-key-secret",
    {
      provider: "${google-beta}",
      replication: [
        {
          automatic: true,
        },
      ],
      secret_id: "ghe-pk-secret",
    }
  );
const googleSecretManagerSecretWebhookSecretSecret =
  new google.secretManagerSecret.SecretManagerSecret(
    this,
    "webhook-secret-secret",
    {
      provider: "${google-beta}",
      replication: [
        {
          automatic: true,
        },
      ],
      secret_id: "github-token-secret",
    }
  );
const googleSecretManagerSecretVersionPrivateKeySecretVersion =
  new google.secretManagerSecretVersion.SecretManagerSecretVersion(
    this,
    "private-key-secret-version",
    {
      provider: "${google-beta}",
      secret: googleSecretManagerSecretPrivateKeySecret.id,
      secret_data: '${file("private-key.pem")}',
    }
  );
const googleSecretManagerSecretVersionWebhookSecretSecretVersion =
  new google.secretManagerSecretVersion.SecretManagerSecretVersion(
    this,
    "webhook-secret-secret-version",
    {
      provider: "${google-beta}",
      secret: googleSecretManagerSecretWebhookSecretSecret.id,
      secret_data: "<webhook-secret-data>",
    }
  );
const dataGoogleIamPolicyP4SaSecretAccessor =
  new google.dataGoogleIamPolicy.DataGoogleIamPolicy(
    this,
    "p4sa-secretAccessor",
    {
      binding: [
        {
          members: [
            "serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com",
          ],
          role: "roles/secretmanager.secretAccessor",
        },
      ],
      provider: "${google-beta}",
    }
  );
const googleSecretManagerSecretIamPolicyPolicyPk =
  new google.secretManagerSecretIamPolicy.SecretManagerSecretIamPolicy(
    this,
    "policy-pk",
    {
      policy_data: dataGoogleIamPolicyP4SaSecretAccessor.policyData,
      provider: "${google-beta}",
      secret_id: googleSecretManagerSecretPrivateKeySecret.secretId,
    }
  );
const googleSecretManagerSecretIamPolicyPolicyWhs =
  new google.secretManagerSecretIamPolicy.SecretManagerSecretIamPolicy(
    this,
    "policy-whs",
    {
      policy_data: dataGoogleIamPolicyP4SaSecretAccessor.policyData,
      provider: "${google-beta}",
      secret_id: googleSecretManagerSecretWebhookSecretSecret.secretId,
    }
  );
new google.cloudbuildv2Connection.Cloudbuildv2Connection(
  this,
  "my-connection",
  {
    depends_on: [
      `\${${googleSecretManagerSecretIamPolicyPolicyPk.fqn}}`,
      `\${${googleSecretManagerSecretIamPolicyPolicyWhs.fqn}}`,
    ],
    github_enterprise_config: [
      {
        app_id: 200,
        app_installation_id: 300,
        app_slug: "gcb-app",
        host_uri: "https://ghe.com",
        private_key_secret_version:
          googleSecretManagerSecretVersionPrivateKeySecretVersion.id,
        webhook_secret_secret_version:
          googleSecretManagerSecretVersionWebhookSecretSecretVersion.id,
      },
    ],
    location: "us-central1",
    name: "my-terraform-ghe-connection",
    provider: "${google-beta}",
  }
);

Example Usage - GitHub Connection

Creates a Connection to github.com

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleSecretManagerSecretGithubTokenSecret =
  new google.secretManagerSecret.SecretManagerSecret(
    this,
    "github-token-secret",
    {
      provider: "${google-beta}",
      replication: [
        {
          automatic: true,
        },
      ],
      secret_id: "github-token-secret",
    }
  );
const googleSecretManagerSecretVersionGithubTokenSecretVersion =
  new google.secretManagerSecretVersion.SecretManagerSecretVersion(
    this,
    "github-token-secret-version",
    {
      provider: "${google-beta}",
      secret: googleSecretManagerSecretGithubTokenSecret.id,
      secret_data: '${file("my-github-token.txt")}',
    }
  );
const dataGoogleIamPolicyP4SaSecretAccessor =
  new google.dataGoogleIamPolicy.DataGoogleIamPolicy(
    this,
    "p4sa-secretAccessor",
    {
      binding: [
        {
          members: [
            "serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com",
          ],
          role: "roles/secretmanager.secretAccessor",
        },
      ],
      provider: "${google-beta}",
    }
  );
new google.cloudbuildv2Connection.Cloudbuildv2Connection(
  this,
  "my-connection",
  {
    github_config: [
      {
        app_installation_id: 123123,
        authorizer_credential: [
          {
            oauth_token_secret_version:
              googleSecretManagerSecretVersionGithubTokenSecretVersion.id,
          },
        ],
      },
    ],
    location: "us-west1",
    name: "my-connection",
    provider: "${google-beta}",
  }
);
new google.secretManagerSecretIamPolicy.SecretManagerSecretIamPolicy(
  this,
  "policy",
  {
    policy_data: dataGoogleIamPolicyP4SaSecretAccessor.policyData,
    provider: "${google-beta}",
    secret_id: googleSecretManagerSecretGithubTokenSecret.secretId,
  }
);

Argument Reference

The following arguments are supported:

location - (Required) The location for the resource
name - (Required) Immutable. The resource name of the connection, in the format projects/{project}/locations/{location}/connections/{connectionId}.

annotations - (Optional) Allows clients to store small amounts of arbitrary data.
disabled - (Optional) If disabled is set to true, functionality is disabled for this connection. Repository based API methods and webhooks processing for repositories in this connection will be disabled.
githubConfig - (Optional) Configuration for connections to github.com.
githubEnterpriseConfig - (Optional) Configuration for connections to an instance of GitHub Enterprise.
project - (Optional) The project for the resource

The githubConfig block supports:

appInstallationId - (Optional) GitHub App installation id.
authorizerCredential - (Optional) OAuth credential of the account that authorized the Cloud Build GitHub App. It is recommended to use a robot account instead of a human user account. The OAuth token must be tied to the Cloud Build GitHub App.

The authorizerCredential block supports:

oauthTokenSecretVersion - (Optional) A SecretManager resource containing the OAuth token that authorizes the Cloud Build connection. Format: projects/*/secrets/*/versions/*.
username - The username associated to this token.

The githubEnterpriseConfig block supports:

hostUri - (Required) Required. The URI of the GitHub Enterprise host this connection is for.
appId - (Optional) Id of the GitHub App created from the manifest.
appInstallationId - (Optional) ID of the installation of the GitHub App.
appSlug - (Optional) The URL-friendly name of the GitHub App.
privateKeySecretVersion - (Optional) SecretManager resource containing the private key of the GitHub App, formatted as projects/*/secrets/*/versions/*.
serviceDirectoryConfig - (Optional) Configuration for using Service Directory to privately connect to a GitHub Enterprise server. This should only be set if the GitHub Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitHub Enterprise server will be made over the public internet.
sslCa - (Optional) SSL certificate to use for requests to GitHub Enterprise.
webhookSecretSecretVersion - (Optional) SecretManager resource containing the webhook secret of the GitHub App, formatted as projects/*/secrets/*/versions/*.

The serviceDirectoryConfig block supports:

service - (Required) Required. The Service Directory service name. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

id - an identifier for the resource with format projects/{{project}}/locations/{{location}}/connections/{{name}}
createTime - Output only. Server assigned timestamp for when the connection was created.
etag - This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.
installationState - Output only. Installation state of the Connection.
reconciling - Output only. Set to true when the connection is being set up or updated in the background.
updateTime - Output only. Server assigned timestamp for when the connection was updated.

Timeouts

This resource provides the following Timeouts configuration options:

create - Default is 20 minutes.
update - Default is 20 minutes.
delete - Default is 20 minutes.

Import

Connection can be imported using any of these accepted formats:

$ terraform import google_cloudbuildv2_connection.default projects/{{project}}/locations/{{location}}/connections/{{name}}
$ terraform import google_cloudbuildv2_connection.default {{project}}/{{location}}/{{name}}
$ terraform import google_cloudbuildv2_connection.default {{location}}/{{name}}