From 0a6f24d3125eec2ee9c77033210946d09ee08d09 Mon Sep 17 00:00:00 2001 From: Ishana Narayanan Date: Mon, 16 Dec 2024 20:02:21 -0500 Subject: [PATCH] Add updated doc examples --- ...t_connection_github_enterprise_doc.tf.tmpl | 47 +++++++--- ...oper_connect_connection_gitlab_doc.tf.tmpl | 62 +++++++------- ...t_connection_gitlab_enterprise_doc.tf.tmpl | 81 ++++++++++++++++-- ...ect_git_repository_link_github_doc.tf.tmpl | 2 +- ...ository_link_github_enterprise_doc.tf.tmpl | 48 ++++++++--- ...ect_git_repository_link_gitlab_doc.tf.tmpl | 85 +++++++++++++++++-- ...ository_link_gitlab_enterprise_doc.tf.tmpl | 83 ++++++++++++++++-- 7 files changed, 332 insertions(+), 76 deletions(-) diff --git a/mmv1/templates/terraform/examples/developer_connect_connection_github_enterprise_doc.tf.tmpl b/mmv1/templates/terraform/examples/developer_connect_connection_github_enterprise_doc.tf.tmpl index a01ac174ad82..456a7d34e8ca 100644 --- a/mmv1/templates/terraform/examples/developer_connect_connection_github_enterprise_doc.tf.tmpl +++ b/mmv1/templates/terraform/examples/developer_connect_connection_github_enterprise_doc.tf.tmpl @@ -1,16 +1,27 @@ -resource "google_secret_manager_secret" "github-enterprise-token-secret" { - - secret_id = "github-enterprise-token-secret" +resource "google_secret_manager_secret" "private-key-secret" { + secret_id = "ghe-pk-secret" replication { auto {} } } -resource "google_secret_manager_secret_version" "github-enterprise-token-secret-version" { +resource "google_secret_manager_secret_version" "private-key-secret-version" { + secret = google_secret_manager_secret.private-key-secret.id + secret_data = file("private-key.pem") +} + +resource "google_secret_manager_secret" "webhook-secret-secret" { + secret_id = "ghe-token-secret" - secret = google_secret_manager_secret.github-enterprise-token-secret.id - secret_data = file("my-github-enterprise-token.txt") + replication { + auto {} + } +} + +resource "google_secret_manager_secret_version" "webhook-secret-secret-version" { + secret = google_secret_manager_secret.webhook-secret-secret.id + secret_data = "" } data "google_iam_policy" "p4sa-secretAccessor" { @@ -21,22 +32,30 @@ data "google_iam_policy" "p4sa-secretAccessor" { } } -resource "google_secret_manager_secret_iam_policy" "policy" { - - secret_id = google_secret_manager_secret.github-enterprise-token-secret.secret_id +resource "google_secret_manager_secret_iam_policy" "policy-pk" { + secret_id = google_secret_manager_secret.private-key-secret.secret_id policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data } -resource "google_developer_connect_connection" "my-connection" { +resource "google_secret_manager_secret_iam_policy" "policy-whs" { + secret_id = google_secret_manager_secret.webhook-secret-secret.secret_id + policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data +} +resource "google_developer_connect_connection" "my-connection" { location = "us-central1" connection_id = "my-connection" github_enterprise_config { - host_uri = "https://devconnect-terraform.com" + host_uri = "https://ghe.com" + private_key_secret_version = google_secret_manager_secret_version.private-key-secret-version.id + webhook_secret_secret_version = google_secret_manager_secret_version.webhook-secret-secret-version.id + app_id = 100 app_installation_id = 123123 - authorizer_credential { - oauth_token_secret_version = google_secret_manager_secret_version.github-enterprise-token-secret-version.id - } } + + depends_on = [ + google_secret_manager_secret_iam_policy.policy-pk, + google_secret_manager_secret_iam_policy.policy-whs + ] } diff --git a/mmv1/templates/terraform/examples/developer_connect_connection_gitlab_doc.tf.tmpl b/mmv1/templates/terraform/examples/developer_connect_connection_gitlab_doc.tf.tmpl index d61d987b6354..51c2f4714f38 100644 --- a/mmv1/templates/terraform/examples/developer_connect_connection_gitlab_doc.tf.tmpl +++ b/mmv1/templates/terraform/examples/developer_connect_connection_gitlab_doc.tf.tmpl @@ -1,45 +1,36 @@ -resource "google_secret_manager_secret" "gitlab-read-cred" { - +resource "google_secret_manager_secret" "gitlab-read-cred-secret" { secret_id = "gitlab-read-cred" - replication { auto {} } } -resource "google_secret_manager_secret" "gitlab-auth-cred" { +resource "google_secret_manager_secret_version" "gitlab-read-cred-secret-version" { + secret = google_secret_manager_secret.gitlab-read-cred-secret.id + secret_data = file("my-gitlab-read-cred.txt") +} +resource "google_secret_manager_secret" "gitlab-auth-cred-secret" { secret_id = "gitlab-auth-cred" - replication { auto {} } } -resource "google_secret_manager_secret" "gitlab-webhook-secret" { +resource "google_secret_manager_secret_version" "gitlab-auth-cred-secret-version" { + secret = google_secret_manager_secret.gitlab-auth-cred-secret.id + secret_data = file("my-gitlab-auth-cred.txt") +} +resource "google_secret_manager_secret" "gitlab-webhook-secret-secret" { secret_id = "gitlab-webhook-secret" - replication { auto {} } } -resource "google_secret_manager_secret_version" "gitlab-read-cred-version" { - - secret = google_secret_manager_secret.gitlab-read-cred.id - secret_data = file("my-gitlab-read-cred.txt") -} - -resource "google_secret_manager_secret_version" "gitlab-auth-cred-version" { - - secret = google_secret_manager_secret.gitlab-auth-cred.id - secret_data = file("my-gitlab-auth-cred.txt") -} - -resource "google_secret_manager_secret_version" "gitlab-webhook-secret-version" { - - secret = google_secret_manager_secret.gitlab-webhook-secret.id +resource "google_secret_manager_secret_version" "gitlab-webhook-secret-secret-version" { + secret = google_secret_manager_secret.gitlab-webhook-secret-secret.id secret_data = file("my-gitlab-webhook-secret.txt") data "google_iam_policy" "p4sa-secretAccessor" { @@ -50,11 +41,18 @@ data "google_iam_policy" "p4sa-secretAccessor" { } } -resource "google_secret_manager_secret_iam_policy" "policy" { +resource "google_secret_manager_secret_iam_policy" "policy-rc" { + secret_id = google_secret_manager_secret.gitlab-read-cred-secret.secret_id + policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data +} + +resource "google_secret_manager_secret_iam_policy" "policy-ac" { + secret_id = google_secret_manager_secret.gitlab-auth-cred-secret.secret_id + policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data +} - secret_id = google_secret_manager_secret.gitlab-read-cred.secret_id - secret_id = google_secret_manager_secret.gitlab-auth-cred.secret_id - secret_id = google_secret_manager_secret.gitlab-webhook-secret.secret_id +resource "google_secret_manager_secret_iam_policy" "policy-wh" { + secret_id = google_secret_manager_secret.gitlab-webhook-secret-secret.secret_id policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data } @@ -64,14 +62,20 @@ resource "google_developer_connect_connection" "my-connection" { connection_id = "my-connection" gitlab_config { - webhook_secret_secret_version = google_secret_manager_secret_version.gitlab-webhook-secret-version.id + webhook_secret_secret_version = google_secret_manager_secret_version.gitlab-webhook-secret-secret-version.id read_authorizer_credential { - user_token_secret_version = google_secret_manager_secret_version.gitlab-read-cred-version.id + user_token_secret_version = google_secret_manager_secret_version.gitlab-read-cred-secret-version.id } authorizer_credential { - user_token_secret_version = google_secret_manager_secret_version.gitlab-auth-cred-version.id + user_token_secret_version = google_secret_manager_secret_version.gitlab-auth-cred-secret-version.id } } + + depends_on = [ + google_secret_manager_secret_iam_policy.policy-rc, + google_secret_manager_secret_iam_policy.policy-ac, + google_secret_manager_secret_iam_policy.policy-wh + ] } diff --git a/mmv1/templates/terraform/examples/developer_connect_connection_gitlab_enterprise_doc.tf.tmpl b/mmv1/templates/terraform/examples/developer_connect_connection_gitlab_enterprise_doc.tf.tmpl index 6acf339ce1dc..1ff9b798b57a 100644 --- a/mmv1/templates/terraform/examples/developer_connect_connection_gitlab_enterprise_doc.tf.tmpl +++ b/mmv1/templates/terraform/examples/developer_connect_connection_gitlab_enterprise_doc.tf.tmpl @@ -1,12 +1,83 @@ +resource "google_secret_manager_secret" "gitlab-read-cred-secret" { + secret_id = "gitlab-read-cred" + replication { + auto {} + } +} + +resource "google_secret_manager_secret_version" "gitlab-read-cred-secret-version" { + secret = google_secret_manager_secret.gitlab-read-cred-secret.id + secret_data = file("my-gitlab-read-cred.txt") +} + +resource "google_secret_manager_secret" "gitlab-auth-cred-secret" { + secret_id = "gitlab-auth-cred" + replication { + auto {} + } +} + +resource "google_secret_manager_secret_version" "gitlab-auth-cred-secret-version" { + secret = google_secret_manager_secret.gitlab-auth-cred-secret.id + secret_data = file("my-gitlab-auth-cred.txt") +} + +resource "google_secret_manager_secret" "gitlab-webhook-secret-secret" { + secret_id = "gitlab-webhook-secret" + replication { + auto {} + } +} + +resource "google_secret_manager_secret_version" "gitlab-webhook-secret-secret-version" { + secret = google_secret_manager_secret.gitlab-webhook-secret-secret.id + secret_data = file("my-gitlab-webhook-secret.txt") + +data "google_iam_policy" "p4sa-secretAccessor" { + binding { + role = "roles/secretmanager.secretAccessor" + // Here, 123456789 is the Google Cloud project number for the project that contains the connection. + members = ["serviceAccount:service-123456789@gcp-sa-devconnect.iam.gserviceaccount.com"] + } +} + +resource "google_secret_manager_secret_iam_policy" "policy-rc" { + secret_id = google_secret_manager_secret.gitlab-read-cred-secret.secret_id + policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data +} + +resource "google_secret_manager_secret_iam_policy" "policy-ac" { + secret_id = google_secret_manager_secret.gitlab-auth-cred-secret.secret_id + policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data +} + +resource "google_secret_manager_secret_iam_policy" "policy-wh" { + secret_id = google_secret_manager_secret.gitlab-webhook-secret-secret.secret_id + policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data +} + resource "google_developer_connect_connection" "my-connection" { location = "us-central1" connection_id = "my-connection" - gitlab_config { - host_uri: 'https://devconnect-terraform.com' - webhook_secret_secret_version: 'projects/terraform-proj/secrets/webhook-version/versions/latest' - read_authorizer_credential: 'glpat-some-read-auth-credential' - authorizer_credential: 'glpat-some-auth-credential' + gitlab_enterprise_config { + host_uri = "https://gle.com" + + webhook_secret_secret_version = google_secret_manager_secret_version.gitlab-webhook-secret-secret-version.id + + read_authorizer_credential { + user_token_secret_version = google_secret_manager_secret_version.gitlab-read-cred-secret-version.id + } + + authorizer_credential { + user_token_secret_version = google_secret_manager_secret_version.gitlab-auth-cred-secret-version.id + } } + + depends_on = [ + google_secret_manager_secret_iam_policy.policy-rc, + google_secret_manager_secret_iam_policy.policy-ac, + google_secret_manager_secret_iam_policy.policy-wh + ] } diff --git a/mmv1/templates/terraform/examples/developer_connect_git_repository_link_github_doc.tf.tmpl b/mmv1/templates/terraform/examples/developer_connect_git_repository_link_github_doc.tf.tmpl index 63829f055fde..8f3b566677d5 100644 --- a/mmv1/templates/terraform/examples/developer_connect_git_repository_link_github_doc.tf.tmpl +++ b/mmv1/templates/terraform/examples/developer_connect_git_repository_link_github_doc.tf.tmpl @@ -41,5 +41,5 @@ resource "google_developer_connect_git_repository_link" "my-repository" { location = "us-central1" git_repository_link_id = "my-repo" parent_connection = google_developer_connect_connection.my-connection.connection_id - remote_uri = "https://github.com/myuser/myrepo.git" + clone_uri = "https://github.com/myuser/myrepo.git" } diff --git a/mmv1/templates/terraform/examples/developer_connect_git_repository_link_github_enterprise_doc.tf.tmpl b/mmv1/templates/terraform/examples/developer_connect_git_repository_link_github_enterprise_doc.tf.tmpl index 857c11b28cca..fbf9a62e188e 100644 --- a/mmv1/templates/terraform/examples/developer_connect_git_repository_link_github_enterprise_doc.tf.tmpl +++ b/mmv1/templates/terraform/examples/developer_connect_git_repository_link_github_enterprise_doc.tf.tmpl @@ -1,14 +1,27 @@ -resource "google_secret_manager_secret" "github-enterprise-token-secret" { - secret_id = "github-token-secret" +resource "google_secret_manager_secret" "private-key-secret" { + secret_id = "ghe-pk-secret" replication { auto {} } } -resource "google_secret_manager_secret_version" "github-enterprise-token-secret-version" { - secret = google_secret_manager_secret.github-token-secret.id - secret_data = file("my-github-enterprise-token.txt") +resource "google_secret_manager_secret_version" "private-key-secret-version" { + secret = google_secret_manager_secret.private-key-secret.id + secret_data = file("private-key.pem") +} + +resource "google_secret_manager_secret" "webhook-secret-secret" { + secret_id = "ghe-token-secret" + + replication { + auto {} + } +} + +resource "google_secret_manager_secret_version" "webhook-secret-secret-version" { + secret = google_secret_manager_secret.webhook-secret-secret.id + secret_data = "" } data "google_iam_policy" "p4sa-secretAccessor" { @@ -19,8 +32,13 @@ data "google_iam_policy" "p4sa-secretAccessor" { } } -resource "google_secret_manager_secret_iam_policy" "policy" { - secret_id = google_secret_manager_secret.github-enterprise-token-secret.secret_id +resource "google_secret_manager_secret_iam_policy" "policy-pk" { + secret_id = google_secret_manager_secret.private-key-secret.secret_id + policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data +} + +resource "google_secret_manager_secret_iam_policy" "policy-whs" { + secret_id = google_secret_manager_secret.webhook-secret-secret.secret_id policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data } @@ -29,18 +47,22 @@ resource "google_developer_connect_connection" "my-connection" { connection_id = "my-connection" github_enterprise_config { - host_uri = "https://devconnect-terraform.com" + host_uri = "https://ghe.com" + private_key_secret_version = google_secret_manager_secret_version.private-key-secret-version.id + webhook_secret_secret_version = google_secret_manager_secret_version.webhook-secret-secret-version.id + app_id = 100 app_installation_id = 123123 - authorizer_credential { - oauth_token_secret_version = google_secret_manager_secret_version.github-token-secret-version.id - } } + + depends_on = [ + google_secret_manager_secret_iam_policy.policy-pk, + google_secret_manager_secret_iam_policy.policy-whs + ] } resource "google_developer_connect_git_repository_link" "my-repository" { location = "us-central1" git_repository_link_id = "my-repo" parent_connection = google_developer_connect_connection.my-connection.connection_id - remote_uri = "https://devconnect-terraform.com/myuser/myrepo.git" + clone_uri = "https://ghe.com/myuser/myrepo.git" } - diff --git a/mmv1/templates/terraform/examples/developer_connect_git_repository_link_gitlab_doc.tf.tmpl b/mmv1/templates/terraform/examples/developer_connect_git_repository_link_gitlab_doc.tf.tmpl index b263b6f64232..0b56a9bfeecd 100644 --- a/mmv1/templates/terraform/examples/developer_connect_git_repository_link_gitlab_doc.tf.tmpl +++ b/mmv1/templates/terraform/examples/developer_connect_git_repository_link_gitlab_doc.tf.tmpl @@ -1,10 +1,60 @@ -resource "google_developer_connect_git_repository_link" "my-repository" { - location = "us-central1" - git_repository_link_id = "my-repo" - parent_connection = google_developer_connect_connection.my-connection.connection_id - remote_uri = "https://gitlab.com/myuser/myrepo.git" +resource "google_secret_manager_secret" "gitlab-read-cred-secret" { + secret_id = "gitlab-read-cred" + replication { + auto {} + } } +resource "google_secret_manager_secret_version" "gitlab-read-cred-secret-version" { + secret = google_secret_manager_secret.gitlab-read-cred-secret.id + secret_data = file("my-gitlab-read-cred.txt") +} + +resource "google_secret_manager_secret" "gitlab-auth-cred-secret" { + secret_id = "gitlab-auth-cred" + replication { + auto {} + } +} + +resource "google_secret_manager_secret_version" "gitlab-auth-cred-secret-version" { + secret = google_secret_manager_secret.gitlab-auth-cred-secret.id + secret_data = file("my-gitlab-auth-cred.txt") +} + +resource "google_secret_manager_secret" "gitlab-webhook-secret-secret" { + secret_id = "gitlab-webhook-secret" + replication { + auto {} + } +} + +resource "google_secret_manager_secret_version" "gitlab-webhook-secret-secret-version" { + secret = google_secret_manager_secret.gitlab-webhook-secret-secret.id + secret_data = file("my-gitlab-webhook-secret.txt") + +data "google_iam_policy" "p4sa-secretAccessor" { + binding { + role = "roles/secretmanager.secretAccessor" + // Here, 123456789 is the Google Cloud project number for the project that contains the connection. + members = ["serviceAccount:service-123456789@gcp-sa-devconnect.iam.gserviceaccount.com"] + } +} + +resource "google_secret_manager_secret_iam_policy" "policy-rc" { + secret_id = google_secret_manager_secret.gitlab-read-cred-secret.secret_id + policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data +} + +resource "google_secret_manager_secret_iam_policy" "policy-ac" { + secret_id = google_secret_manager_secret.gitlab-auth-cred-secret.secret_id + policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data +} + +resource "google_secret_manager_secret_iam_policy" "policy-wh" { + secret_id = google_secret_manager_secret.gitlab-webhook-secret-secret.secret_id + policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data +} resource "google_developer_connect_connection" "my-connection" { @@ -12,8 +62,27 @@ resource "google_developer_connect_connection" "my-connection" { connection_id = "my-connection" gitlab_config { - webhook_secret_secret_version: 'projects/terraform-proj/secrets/webhook-version/versions/latest' - read_authorizer_credential: 'glpat-some-read-auth-credential' - authorizer_credential: 'glpat-some-auth-credential' + webhook_secret_secret_version = google_secret_manager_secret_version.gitlab-webhook-secret-secret-version.id + + read_authorizer_credential { + user_token_secret_version = google_secret_manager_secret_version.gitlab-read-cred-secret-version.id + } + + authorizer_credential { + user_token_secret_version = google_secret_manager_secret_version.gitlab-auth-cred-secret-version.id + } } + + depends_on = [ + google_secret_manager_secret_iam_policy.policy-rc, + google_secret_manager_secret_iam_policy.policy-ac, + google_secret_manager_secret_iam_policy.policy-wh + ] +} + +resource "google_developer_connect_git_repository_link" "my-repository" { + location = "us-central1" + git_repository_link_id = "my-repo" + parent_connection = google_developer_connect_connection.my-connection.connection_id + clone_uri = "https://gitlab.com/myuser/myrepo.git" } diff --git a/mmv1/templates/terraform/examples/developer_connect_git_repository_link_gitlab_enterprise_doc.tf.tmpl b/mmv1/templates/terraform/examples/developer_connect_git_repository_link_gitlab_enterprise_doc.tf.tmpl index d24327f7ccaa..5e61679d339f 100644 --- a/mmv1/templates/terraform/examples/developer_connect_git_repository_link_gitlab_enterprise_doc.tf.tmpl +++ b/mmv1/templates/terraform/examples/developer_connect_git_repository_link_gitlab_enterprise_doc.tf.tmpl @@ -1,19 +1,90 @@ +resource "google_secret_manager_secret" "gitlab-read-cred-secret" { + secret_id = "gitlab-read-cred" + replication { + auto {} + } +} + +resource "google_secret_manager_secret_version" "gitlab-read-cred-secret-version" { + secret = google_secret_manager_secret.gitlab-read-cred-secret.id + secret_data = file("my-gitlab-read-cred.txt") +} + +resource "google_secret_manager_secret" "gitlab-auth-cred-secret" { + secret_id = "gitlab-auth-cred" + replication { + auto {} + } +} + +resource "google_secret_manager_secret_version" "gitlab-auth-cred-secret-version" { + secret = google_secret_manager_secret.gitlab-auth-cred-secret.id + secret_data = file("my-gitlab-auth-cred.txt") +} + +resource "google_secret_manager_secret" "gitlab-webhook-secret-secret" { + secret_id = "gitlab-webhook-secret" + replication { + auto {} + } +} + +resource "google_secret_manager_secret_version" "gitlab-webhook-secret-secret-version" { + secret = google_secret_manager_secret.gitlab-webhook-secret-secret.id + secret_data = file("my-gitlab-webhook-secret.txt") + +data "google_iam_policy" "p4sa-secretAccessor" { + binding { + role = "roles/secretmanager.secretAccessor" + // Here, 123456789 is the Google Cloud project number for the project that contains the connection. + members = ["serviceAccount:service-123456789@gcp-sa-devconnect.iam.gserviceaccount.com"] + } +} + +resource "google_secret_manager_secret_iam_policy" "policy-rc" { + secret_id = google_secret_manager_secret.gitlab-read-cred-secret.secret_id + policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data +} + +resource "google_secret_manager_secret_iam_policy" "policy-ac" { + secret_id = google_secret_manager_secret.gitlab-auth-cred-secret.secret_id + policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data +} + +resource "google_secret_manager_secret_iam_policy" "policy-wh" { + secret_id = google_secret_manager_secret.gitlab-webhook-secret-secret.secret_id + policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data +} + resource "google_developer_connect_connection" "my-connection" { location = "us-central1" connection_id = "my-connection" - gitlab_config { - host_uri: "https://devconnect-terraform.com" - webhook_secret_secret_version: "projects/terraform-proj/secrets/webhook-version/versions/latest" - read_authorizer_credential: "glpat-some-read-auth-credential" - authorizer_credential: "glpat-some-auth-credential" + gitlab_enterprise_config { + host_uri = "https://gle.com" + + webhook_secret_secret_version = google_secret_manager_secret_version.gitlab-webhook-secret-secret-version.id + + read_authorizer_credential { + user_token_secret_version = google_secret_manager_secret_version.gitlab-read-cred-secret-version.id + } + + authorizer_credential { + user_token_secret_version = google_secret_manager_secret_version.gitlab-auth-cred-secret-version.id + } } + + depends_on = [ + google_secret_manager_secret_iam_policy.policy-rc, + google_secret_manager_secret_iam_policy.policy-ac, + google_secret_manager_secret_iam_policy.policy-wh + ] } resource "google_developer_connect_git_repository_link" "my-repository" { location = "us-central1" git_repository_link_id = "my-repo" parent_connection = google_developer_connect_connection.my-connection.connection_id - remote_uri = "https://devconnect-terraform.com/myuser/myrepo.git" + clone_uri = "https://gle.com/myuser/myrepo.git" }