From 3221af6f7354e8f78d03a8151bab1a84e75c4986 Mon Sep 17 00:00:00 2001 From: caetano-colin Date: Fri, 22 Nov 2024 11:12:11 -0300 Subject: [PATCH 1/5] add support for custom host --- modules/cloudbuild_repo_connection/main.tf | 6 +++++- modules/cloudbuild_repo_connection/variables.tf | 6 ++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/modules/cloudbuild_repo_connection/main.tf b/modules/cloudbuild_repo_connection/main.tf index 46bf8351..92469729 100644 --- a/modules/cloudbuild_repo_connection/main.tf +++ b/modules/cloudbuild_repo_connection/main.tf @@ -57,7 +57,11 @@ resource "google_cloudbuildv2_connection" "connection" { dynamic "gitlab_config" { for_each = local.is_gitlab ? [1] : [] content { - host_uri = null + host_uri = var.connection_config.gitlab_enterprise_host_uri + ssl_ca = var.connection_config.gitlab_enterprise_ca_certificate + service_directory_config { + service = var.connection_config.gitlab_enterprise_service_directory + } authorizer_credential { user_token_secret_version = "${var.connection_config.gitlab_authorizer_credential_secret_id}/versions/latest" } diff --git a/modules/cloudbuild_repo_connection/variables.tf b/modules/cloudbuild_repo_connection/variables.tf index 8913a766..2bd132d8 100644 --- a/modules/cloudbuild_repo_connection/variables.tf +++ b/modules/cloudbuild_repo_connection/variables.tf @@ -28,6 +28,9 @@ variable "connection_config" { - gitlab_read_authorizer_credential_secret_id: (Optional) The secret ID for the GitLab read authorizer credential. - gitlab_authorizer_credential_secret_id: (Optional) The secret ID for the GitLab authorizer credential. - gitlab_webhook_secret_id: (Optional) The secret ID for the GitLab WebHook. + - gitlab_enterprise_host_uri: (Optional) The URI of the GitLab Enterprise host this connection is for. If not specified, the default value is https://gitlab.com. + - gitlab_enterprise_service_directory: (Optional) Configuration for using Service Directory to privately connect to a GitLab Enterprise server. This should only be set if the GitLab Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitLab Enterprise server will be made over the public internet. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}. + - gitlab_enterprise_ca_certificate (Optional) SSL certificate to use for requests to GitLab Enterprise. EOT type = object({ connection_type = string @@ -36,6 +39,9 @@ variable "connection_config" { gitlab_read_authorizer_credential_secret_id = optional(string) gitlab_authorizer_credential_secret_id = optional(string) gitlab_webhook_secret_id = optional(string) + gitlab_enterprise_host_uri = optional(string) + gitlab_enterprise_service_directory = optional(string) + gitlab_enterprise_ca_certificate = optional(string) }) validation { From 16339984d771f2e9737369e218c5592353a30105 Mon Sep 17 00:00:00 2001 From: caetano-colin Date: Mon, 2 Dec 2024 11:31:01 -0300 Subject: [PATCH 2/5] docs --- modules/cloudbuild_repo_connection/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/cloudbuild_repo_connection/README.md b/modules/cloudbuild_repo_connection/README.md index 7dfb465f..6fe60460 100644 --- a/modules/cloudbuild_repo_connection/README.md +++ b/modules/cloudbuild_repo_connection/README.md @@ -13,7 +13,7 @@ Users will provide the required secrets through the `connection_config` variable |------|-------------|------|---------|:--------:| | cloud\_build\_repositories | Cloud Build repositories configuration:
- repository\_name: The name of the repository to be used in Cloud Build.
- repository\_url: The HTTPS clone URL for the repository. This URL must end with '.git' and be a valid HTTPS URL.

Each entry in this map must contain both `repository_name` and `repository_url` to properly integrate with the Cloud Build service. | 
map(object({
    repository_name = string,
    repository_url  = string,
  }))
| n/a | yes | | cloudbuild\_connection\_name | Cloudbuild Connection Name. | `string` | `"generic-cloudbuild-connection"` | no | -| connection\_config | Connection configuration options:
- connection\_type: Specifies the type of connection being used. Supported types are 'GITHUBv2' and 'GITLABv2'.
- github\_secret\_id: (Optional) The secret ID for GitHub credentials.
- github\_app\_id\_secret\_id: (Optional) The secret ID for the application ID for a GitHub App used for authentication. For app installation, follow this link: https://github.com/apps/google-cloud-build
- gitlab\_read\_authorizer\_credential\_secret\_id: (Optional) The secret ID for the GitLab read authorizer credential.
- gitlab\_authorizer\_credential\_secret\_id: (Optional) The secret ID for the GitLab authorizer credential.
- gitlab\_webhook\_secret\_id: (Optional) The secret ID for the GitLab WebHook. | 
object({
    connection_type                             = string
    github_secret_id                            = optional(string)
    github_app_id_secret_id                     = optional(string)
    gitlab_read_authorizer_credential_secret_id = optional(string)
    gitlab_authorizer_credential_secret_id      = optional(string)
    gitlab_webhook_secret_id                    = optional(string)
  })
| n/a | yes | +| connection\_config | Connection configuration options:
- connection\_type: Specifies the type of connection being used. Supported types are 'GITHUBv2' and 'GITLABv2'.
- github\_secret\_id: (Optional) The secret ID for GitHub credentials.
- github\_app\_id\_secret\_id: (Optional) The secret ID for the application ID for a GitHub App used for authentication. For app installation, follow this link: https://github.com/apps/google-cloud-build
- gitlab\_read\_authorizer\_credential\_secret\_id: (Optional) The secret ID for the GitLab read authorizer credential.
- gitlab\_authorizer\_credential\_secret\_id: (Optional) The secret ID for the GitLab authorizer credential.
- gitlab\_webhook\_secret\_id: (Optional) The secret ID for the GitLab WebHook.
- gitlab\_enterprise\_host\_uri: (Optional) The URI of the GitLab Enterprise host this connection is for. If not specified, the default value is https://gitlab.com.
- gitlab\_enterprise\_service\_directory: (Optional) Configuration for using Service Directory to privately connect to a GitLab Enterprise server. This should only be set if the GitLab Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitLab Enterprise server will be made over the public internet. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.
- gitlab\_enterprise\_ca\_certificate (Optional) SSL certificate to use for requests to GitLab Enterprise. | 
object({
    connection_type                             = string
    github_secret_id                            = optional(string)
    github_app_id_secret_id                     = optional(string)
    gitlab_read_authorizer_credential_secret_id = optional(string)
    gitlab_authorizer_credential_secret_id      = optional(string)
    gitlab_webhook_secret_id                    = optional(string)
    gitlab_enterprise_host_uri                  = optional(string)
    gitlab_enterprise_service_directory         = optional(string)
    gitlab_enterprise_ca_certificate            = optional(string)
  })
| n/a | yes | | location | Resources location. | `string` | `"us-central1"` | no | | project\_id | The project id to create the secret and assign cloudbuild service account permissions. | `string` | n/a | yes | From e5a51bce2b007f57cc2b7b1615cc7417951071b2 Mon Sep 17 00:00:00 2001 From: caetano-colin Date: Mon, 2 Dec 2024 11:55:05 -0300 Subject: [PATCH 3/5] service_directory in dynamic block --- modules/cloudbuild_repo_connection/main.tf | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/cloudbuild_repo_connection/main.tf b/modules/cloudbuild_repo_connection/main.tf index 92469729..f483ea7e 100644 --- a/modules/cloudbuild_repo_connection/main.tf +++ b/modules/cloudbuild_repo_connection/main.tf @@ -59,8 +59,11 @@ resource "google_cloudbuildv2_connection" "connection" { content { host_uri = var.connection_config.gitlab_enterprise_host_uri ssl_ca = var.connection_config.gitlab_enterprise_ca_certificate - service_directory_config { - service = var.connection_config.gitlab_enterprise_service_directory + dynamic "service_directory_config" { + for_each = var.connection_config.gitlab_enterprise_service_directory == null ? [] : [1] + content { + service = var.connection_config.gitlab_enterprise_service_directory + } } authorizer_credential { user_token_secret_version = "${var.connection_config.gitlab_authorizer_credential_secret_id}/versions/latest" From 4ce26859139b565bf2a8ff291b5a122d709edd04 Mon Sep 17 00:00:00 2001 From: Caetano Colin <164910343+caetano-colin@users.noreply.github.com> Date: Thu, 5 Dec 2024 16:27:26 -0300 Subject: [PATCH 4/5] Update modules/cloudbuild_repo_connection/variables.tf Co-authored-by: Andrew Peabody --- modules/cloudbuild_repo_connection/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/cloudbuild_repo_connection/variables.tf b/modules/cloudbuild_repo_connection/variables.tf index 2bd132d8..31168c5e 100644 --- a/modules/cloudbuild_repo_connection/variables.tf +++ b/modules/cloudbuild_repo_connection/variables.tf @@ -30,7 +30,7 @@ variable "connection_config" { - gitlab_webhook_secret_id: (Optional) The secret ID for the GitLab WebHook. - gitlab_enterprise_host_uri: (Optional) The URI of the GitLab Enterprise host this connection is for. If not specified, the default value is https://gitlab.com. - gitlab_enterprise_service_directory: (Optional) Configuration for using Service Directory to privately connect to a GitLab Enterprise server. This should only be set if the GitLab Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitLab Enterprise server will be made over the public internet. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}. - - gitlab_enterprise_ca_certificate (Optional) SSL certificate to use for requests to GitLab Enterprise. + - gitlab_enterprise_ca_certificate: (Optional) SSL certificate to use for requests to GitLab Enterprise. EOT type = object({ connection_type = string From 54111af4eb1543dc7bde9e50b9e962f91214ff52 Mon Sep 17 00:00:00 2001 From: caetano-colin Date: Thu, 5 Dec 2024 16:40:09 -0300 Subject: [PATCH 5/5] update --- modules/cloudbuild_repo_connection/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/cloudbuild_repo_connection/README.md b/modules/cloudbuild_repo_connection/README.md index 6fe60460..8024ba74 100644 --- a/modules/cloudbuild_repo_connection/README.md +++ b/modules/cloudbuild_repo_connection/README.md @@ -13,7 +13,7 @@ Users will provide the required secrets through the `connection_config` variable |------|-------------|------|---------|:--------:| | cloud\_build\_repositories | Cloud Build repositories configuration:
- repository\_name: The name of the repository to be used in Cloud Build.
- repository\_url: The HTTPS clone URL for the repository. This URL must end with '.git' and be a valid HTTPS URL.

Each entry in this map must contain both `repository_name` and `repository_url` to properly integrate with the Cloud Build service. | 
map(object({
    repository_name = string,
    repository_url  = string,
  }))
| n/a | yes | | cloudbuild\_connection\_name | Cloudbuild Connection Name. | `string` | `"generic-cloudbuild-connection"` | no | -| connection\_config | Connection configuration options:
- connection\_type: Specifies the type of connection being used. Supported types are 'GITHUBv2' and 'GITLABv2'.
- github\_secret\_id: (Optional) The secret ID for GitHub credentials.
- github\_app\_id\_secret\_id: (Optional) The secret ID for the application ID for a GitHub App used for authentication. For app installation, follow this link: https://github.com/apps/google-cloud-build
- gitlab\_read\_authorizer\_credential\_secret\_id: (Optional) The secret ID for the GitLab read authorizer credential.
- gitlab\_authorizer\_credential\_secret\_id: (Optional) The secret ID for the GitLab authorizer credential.
- gitlab\_webhook\_secret\_id: (Optional) The secret ID for the GitLab WebHook.
- gitlab\_enterprise\_host\_uri: (Optional) The URI of the GitLab Enterprise host this connection is for. If not specified, the default value is https://gitlab.com.
- gitlab\_enterprise\_service\_directory: (Optional) Configuration for using Service Directory to privately connect to a GitLab Enterprise server. This should only be set if the GitLab Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitLab Enterprise server will be made over the public internet. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.
- gitlab\_enterprise\_ca\_certificate (Optional) SSL certificate to use for requests to GitLab Enterprise. | 
object({
    connection_type                             = string
    github_secret_id                            = optional(string)
    github_app_id_secret_id                     = optional(string)
    gitlab_read_authorizer_credential_secret_id = optional(string)
    gitlab_authorizer_credential_secret_id      = optional(string)
    gitlab_webhook_secret_id                    = optional(string)
    gitlab_enterprise_host_uri                  = optional(string)
    gitlab_enterprise_service_directory         = optional(string)
    gitlab_enterprise_ca_certificate            = optional(string)
  })
| n/a | yes | +| connection\_config | Connection configuration options:
- connection\_type: Specifies the type of connection being used. Supported types are 'GITHUBv2' and 'GITLABv2'.
- github\_secret\_id: (Optional) The secret ID for GitHub credentials.
- github\_app\_id\_secret\_id: (Optional) The secret ID for the application ID for a GitHub App used for authentication. For app installation, follow this link: https://github.com/apps/google-cloud-build
- gitlab\_read\_authorizer\_credential\_secret\_id: (Optional) The secret ID for the GitLab read authorizer credential.
- gitlab\_authorizer\_credential\_secret\_id: (Optional) The secret ID for the GitLab authorizer credential.
- gitlab\_webhook\_secret\_id: (Optional) The secret ID for the GitLab WebHook.
- gitlab\_enterprise\_host\_uri: (Optional) The URI of the GitLab Enterprise host this connection is for. If not specified, the default value is https://gitlab.com.
- gitlab\_enterprise\_service\_directory: (Optional) Configuration for using Service Directory to privately connect to a GitLab Enterprise server. This should only be set if the GitLab Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitLab Enterprise server will be made over the public internet. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.
- gitlab\_enterprise\_ca\_certificate: (Optional) SSL certificate to use for requests to GitLab Enterprise. | 
object({
    connection_type                             = string
    github_secret_id                            = optional(string)
    github_app_id_secret_id                     = optional(string)
    gitlab_read_authorizer_credential_secret_id = optional(string)
    gitlab_authorizer_credential_secret_id      = optional(string)
    gitlab_webhook_secret_id                    = optional(string)
    gitlab_enterprise_host_uri                  = optional(string)
    gitlab_enterprise_service_directory         = optional(string)
    gitlab_enterprise_ca_certificate            = optional(string)
  })
| n/a | yes | | location | Resources location. | `string` | `"us-central1"` | no | | project\_id | The project id to create the secret and assign cloudbuild service account permissions. | `string` | n/a | yes |