Skip to content

Commit

Permalink
Added pubsubConfig and webhookConfig support to the cloud build resou…
Browse files Browse the repository at this point in the history 
…rce.
  • Loading branch information
@iamsumit
iamsumit committed Jun 30, 2021
1 parent 304527d commit 4f26d7f
Show file tree
Hide file tree
Showing 3 changed files with 309 additions and 2 deletions.
55 changes: 55 additions & 0 deletions mmv1/products/cloudbuild/api.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,11 @@ objects:
Branch and tag names in trigger templates are interpreted as regular
expressions. Any branch or tag change that matches that regular
expression will trigger a build.
exactly_one_of:
- trigger_template
- github
- pubsub_config
- webhook_config
properties:
- !ruby/object:Api::Type::String
name: 'projectId'
Expand Down Expand Up @@ -168,6 +173,8 @@ objects:
exactly_one_of:
- trigger_template
- github
- pubsub_config
- webhook_config
properties:
- !ruby/object:Api::Type::String
name: 'owner'
Expand Down Expand Up @@ -230,6 +237,54 @@ objects:
exactly_one_of:
- github.0.push.0.branch
- github.0.push.0.tag
- !ruby/object:Api::Type::NestedObject
name: 'pubsubConfig'
description: |
PubsubConfig describes the configuration of a trigger that creates
a build whenever a Pub/Sub message is published.
exactly_one_of:
- trigger_template
- github
- pubsub_config
- webhook_config
properties:
- !ruby/object:Api::Type::String
name: 'subscription'
description: |
Output only. Name of the subscription.
- !ruby/object:Api::Type::String
name: 'topic'
description: |
The name of the topic from which this subscription is receiving messages.
- !ruby/object:Api::Type::String
name: 'service_account_email'
description: |
Service account that will make the push request.
- !ruby/object:Api::Type::String
name: 'state'
description: |
Potential issues with the underlying Pub/Sub subscription configuration.
Only populated on get requests.
- !ruby/object:Api::Type::NestedObject
name: 'webhookConfig'
description: |
WebhookConfig describes the configuration of a trigger that creates
a build whenever a webhook is sent to a trigger's webhook URL.
exactly_one_of:
- trigger_template
- github
- pubsub_config
- webhook_config
properties:
- !ruby/object:Api::Type::String
name: 'secret'
description: |
Resource name for the secret required as a URL parameter.
- !ruby/object:Api::Type::String
name: 'state'
description: |
Potential issues with the underlying Pub/Sub subscription configuration.
Only populated on get requests.
- !ruby/object:Api::Type::NestedObject
name: 'build'
exactly_one_of:
Expand Down
12 changes: 10 additions & 2 deletions mmv1/products/cloudbuild/terraform.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,11 +45,19 @@ overrides: !ruby/object:Overrides::ResourceOverrides
triggerTemplate: !ruby/object:Overrides::Terraform::PropertyOverride
description: |
{{description}}
One of `trigger_template` or `github` must be provided.
One of `trigger_template`, `github`, `pubsub_config` or `webhook_config` must be provided.
github: !ruby/object:Overrides::Terraform::PropertyOverride
description: |
{{description}}
One of `trigger_template` or `github` must be provided.
One of `trigger_template`, `github`, `pubsub_config` or `webhook_config` must be provided.
pubsubConfig: !ruby/object:Overrides::Terraform::PropertyOverride
description: |
{{description}}
One of `trigger_template`, `github`, `pubsub_config` or `webhook_config` must be provided.
webhookConfig: !ruby/object:Overrides::Terraform::PropertyOverride
description: |
{{description}}
One of `trigger_template`, `github`, `pubsub_config` or `webhook_config` must be provided.
triggerTemplate.projectId: !ruby/object:Overrides::Terraform::PropertyOverride
default_from_api: true
custom_code: !ruby/object:Provider::Terraform::CustomCode
Expand Down
244 changes: 244 additions & 0 deletions mmv1/third_party/terraform/tests/resource_cloudbuild_trigger_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,64 @@ func TestAccCloudBuildTrigger_basic(t *testing.T) {
})
}

func TestAccCloudBuildTrigger_pubsub_config(t *testing.T) {
t.Parallel()
name := fmt.Sprintf("tf-test-%d", randInt(t))

vcrTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckCloudBuildTriggerDestroyProducer(t),
Steps: []resource.TestStep{
{
Config: testAccCloudBuildTrigger_pubsub_config(name),
},
{
ResourceName: "google_cloudbuild_trigger.build_trigger",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccCloudBuildTrigger_pubsub_config_update(name),
},
{
ResourceName: "google_cloudbuild_trigger.build_trigger",
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func TestAccCloudBuildTrigger_webhook_config(t *testing.T) {
t.Parallel()
name := fmt.Sprintf("tf-test-%d", randInt(t))

vcrTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckCloudBuildTriggerDestroyProducer(t),
Steps: []resource.TestStep{
{
Config: testAccCloudBuildTrigger_webhook_config(name),
},
{
ResourceName: "google_cloudbuild_trigger.build_trigger",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccCloudBuildTrigger_webhook_config_update(name),
},
{
ResourceName: "google_cloudbuild_trigger.build_trigger",
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func TestAccCloudBuildTrigger_customizeDiffTimeoutSum(t *testing.T) {
t.Parallel()

Expand Down Expand Up @@ -281,6 +339,192 @@ resource "google_cloudbuild_trigger" "build_trigger" {
`, name)
}

func testAccCloudBuildTrigger_pubsub_config(name string) string {
return fmt.Sprintf(`
resource "google_pubsub_topic" "build-trigger" {
name = "topic-name"
}
resource "google_cloudbuild_trigger" "build_trigger" {
name = "%s"
description = "acceptance test build trigger"
pubsub_config {
topic = "${google_pubsub_topic.build-trigger.id}"
}
build {
tags = ["team-a", "service-b"]
timeout = "1800s"
step {
name = "gcr.io/cloud-builders/gsutil"
args = ["cp", "gs://mybucket/remotefile.zip", "localfile.zip"]
timeout = "300s"
}
}
depends_on = [
google_pubsub_topic.build-trigger
]
}
`, name)
}

func testAccCloudBuildTrigger_pubsub_config_update(name string) string {
return fmt.Sprintf(`
resource "google_pubsub_topic" "build-trigger" {
name = "topic-name"
}
resource "google_cloudbuild_trigger" "build_trigger" {
name = "%s"
description = "acceptance test build trigger updated"
pubsub_config {
topic = "${google_pubsub_topic.build-trigger.id}"
}
build {
tags = ["team-a", "service-b"]
timeout = "1800s"
step {
name = "gcr.io/cloud-builders/gsutil"
args = ["cp", "gs://mybucket/remotefile.zip", "localfile.zip"]
timeout = "300s"
}
}
depends_on = [
google_pubsub_topic.build-trigger
]
}
`, name)
}

func testAccCloudBuildTrigger_webhook_config(name string) string {
return fmt.Sprintf(`
resource "google_secret_manager_secret" "webhook_trigger_secret_key" {
secret_id = "webhook_trigger-secret-key"
replication {
user_managed {
replicas {
location = "us-central1"
}
}
}
}
resource "google_secret_manager_secret_version" "webhook_trigger_secret_key_data" {
secret = google_secret_manager_secret.webhook_trigger_secret_key.id
secret_data = "secretkeygoeshere"
}
data "google_project" "project" {}
data "google_iam_policy" "secret_accessor" {
binding {
role = "roles/secretmanager.secretAccessor"
members = [
"serviceAccount:service-${data.google_project.project.number}@gcp-sa-cloudbuild.iam.gserviceaccount.com",
]
}
}
resource "google_secret_manager_secret_iam_policy" "policy" {
project = google_secret_manager_secret.webhook_trigger_secret_key.project
secret_id = google_secret_manager_secret.webhook_trigger_secret_key.secret_id
policy_data = data.google_iam_policy.secret_accessor.policy_data
}
resource "google_cloudbuild_trigger" "build_trigger" {
name = "%s"
webhook_config {
secret = "${google_secret_manager_secret_version.webhook_trigger_secret_key_data.id}"
}
build {
step {
name = "ubuntu"
args = [
"-c",
<<EOT
echo data
EOT
]
entrypoint = "bash"
}
}
depends_on = [
google_secret_manager_secret_version.webhook_trigger_secret_key_data,
google_secret_manager_secret_iam_policy.policy
]
}
`, name)
}

func testAccCloudBuildTrigger_webhook_config_update(name string) string {
return fmt.Sprintf(`
resource "google_secret_manager_secret" "webhook_trigger_secret_key" {
secret_id = "webhook_trigger-secret-key"
replication {
user_managed {
replicas {
location = "us-central1"
}
}
}
}
resource "google_secret_manager_secret_version" "webhook_trigger_secret_key_data" {
secret = google_secret_manager_secret.webhook_trigger_secret_key.id
secret_data = "secretkeygoeshere"
}
data "google_project" "project" {}
data "google_iam_policy" "secret_accessor" {
binding {
role = "roles/secretmanager.secretAccessor"
members = [
"serviceAccount:service-${data.google_project.project.number}@gcp-sa-cloudbuild.iam.gserviceaccount.com",
]
}
}
resource "google_secret_manager_secret_iam_policy" "policy" {
project = google_secret_manager_secret.webhook_trigger_secret_key.project
secret_id = google_secret_manager_secret.webhook_trigger_secret_key.secret_id
policy_data = data.google_iam_policy.secret_accessor.policy_data
}
resource "google_cloudbuild_trigger" "build_trigger" {
name = "%s"
webhook_config {
secret = "${google_secret_manager_secret_version.webhook_trigger_secret_key_data.id}"
}
build {
step {
name = "ubuntu"
args = [
"-c",
<<EOT
echo data-updated
EOT
]
entrypoint = "bash"
}
}
depends_on = [
google_secret_manager_secret_version.webhook_trigger_secret_key_data,
google_secret_manager_secret_iam_policy.policy
]
}
`, name)
}

func testAccCloudBuildTrigger_customizeDiffTimeoutSum(name string) string {
return fmt.Sprintf(`
resource "google_cloudbuild_trigger" "build_trigger" {
Expand Down

0 comments on commit 4f26d7f

Please sign in to comment.